diff --git a/helm-toolkit/templates/utils/_to_k8s_env_vars.tpl b/helm-toolkit/templates/utils/_to_k8s_env_vars.tpl new file mode 100644 index 0000000000..5fe11114d6 --- /dev/null +++ b/helm-toolkit/templates/utils/_to_k8s_env_vars.tpl @@ -0,0 +1,27 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.utils.to_k8s_env_vars" -}} +{{range $key, $value := . -}} +{{- if kindIs "slice" $value -}} +- name: {{ $key }} + value: {{ include "helm-toolkit.utils.joinListWithComma" $value | quote }} +{{else -}} +- name: {{ $key }} + value: {{ $value | quote }} +{{ end -}} +{{- end -}} +{{- end -}} diff --git a/ingress/templates/bin/_ingress-controller.sh.tpl b/ingress/templates/bin/_ingress-controller.sh.tpl index c2e142bf81..6514ae59ca 100644 --- a/ingress/templates/bin/_ingress-controller.sh.tpl +++ b/ingress/templates/bin/_ingress-controller.sh.tpl @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash {{/* Copyright 2017 The Openstack-Helm Authors. @@ -17,9 +17,26 @@ limitations under the License. */}} set -ex -exec /usr/bin/dumb-init \ - /nginx-ingress-controller \ - --default-backend-service=${POD_NAMESPACE}/ingress-error-pages \ - --configmap=${POD_NAMESPACE}/ingress-conf \ - --tcp-services-configmap=${POD_NAMESPACE}/ingress-services-tcp \ - --udp-services-configmap=${POD_NAMESPACE}/ingress-services-udp +COMMAND="${@:-start}" + +function start () { + exec /usr/bin/dumb-init \ + /nginx-ingress-controller \ + {{- if eq .Values.deployment.mode "namespace" }} + --watch-namespace ${POD_NAMESPACE} \ + {{- end }} + --http-port=${PORT_HTTP} \ + --https-port=${PORT_HTTPS} \ + --election-id=${RELEASE_NAME} \ + --ingress-class=${INGRESS_CLASS} \ + --default-backend-service=${POD_NAMESPACE}/${ERROR_PAGE_SERVICE} \ + --configmap=${POD_NAMESPACE}/ingress-conf \ + --tcp-services-configmap=${POD_NAMESPACE}/ingress-services-tcp \ + --udp-services-configmap=${POD_NAMESPACE}/ingress-services-udp +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/ingress/templates/bin/_ingress-error-pages.sh.tpl b/ingress/templates/bin/_ingress-error-pages.sh.tpl index 240fb18a88..cf62c33f48 100644 --- a/ingress/templates/bin/_ingress-error-pages.sh.tpl +++ b/ingress/templates/bin/_ingress-error-pages.sh.tpl @@ -17,4 +17,10 @@ limitations under the License. */}} set -ex -exec /server +COMMAND="${@:-start}" + +if [ "x${COMMAND}" == "xstart" ]; then + exec /server +elif [ "x${COMMAND}" == "xstop" ]; then + kill -TERM 1 +fi diff --git a/ingress/templates/bin/_ingress-vip.sh.tpl b/ingress/templates/bin/_ingress-vip.sh.tpl new file mode 100644 index 0000000000..3df0053ef6 --- /dev/null +++ b/ingress/templates/bin/_ingress-vip.sh.tpl @@ -0,0 +1,57 @@ +#!/bin/bash + +# Copyright 2018 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +COMMAND="${@:-start}" + +function kernel_modules () { + chroot /mnt/host-rootfs modprobe dummy +} + +function test_vip () { + ip addr show ${interface} | \ + awk "/inet / && /${interface}/{print \$2 }" | \ + awk -F '/' '{ print $1 }' | \ + grep -q "${addr%/*}" +} + +function start () { + ip link show ${interface} > /dev/null || ip link add ${interface} type dummy + if ! test_vip; then + ip addr add ${addr} dev ${interface} + fi + ip link set ${interface} up +} + +function sleep () { + exec bash -c "while :; do sleep 2073600; done" +} + +function stop () { + ip link show ${interface} > /dev/null || exit 0 + if test_vip; then + ip addr del ${addr} dev ${interface} + fi + if [ "$(ip address show ${interface} | \ + awk "/inet / && /${interface}/{print \$2 }" | \ + wc -l)" -le "0" ]; then + ip link set ${interface} down + ip link del ${interface} + fi +} + +$COMMAND diff --git a/ingress/templates/configmap-bin.yaml b/ingress/templates/configmap-bin.yaml index 79508a4ee6..ff08e5ded8 100644 --- a/ingress/templates/configmap-bin.yaml +++ b/ingress/templates/configmap-bin.yaml @@ -22,6 +22,10 @@ kind: ConfigMap metadata: name: ingress-bin data: +{{- if and .Values.network.host_namespace .Values.network.vip.manage }} + ingress-vip.sh: | +{{ tuple "bin/_ingress-vip.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} ingress-controller.sh: |+ {{ tuple "bin/_ingress-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} ingress-error-pages.sh: |+ diff --git a/ingress/templates/configmap-conf.yaml b/ingress/templates/configmap-conf.yaml index 711aeae4af..cedfcd2b89 100644 --- a/ingress/templates/configmap-conf.yaml +++ b/ingress/templates/configmap-conf.yaml @@ -16,11 +16,18 @@ limitations under the License. {{- if .Values.manifests.configmap_conf }} {{- $envAll := . }} + +{{- if and .Values.network.host_namespace .Values.network.vip.manage -}} +{{- if empty (index .Values.conf.ingress "bind-address") -}} +{{- set .Values.conf.ingress "bind-address" ( .Values.network.vip.addr | split "/" )._0 | quote | trunc 0 -}} +{{- end -}} +{{- end -}} + --- apiVersion: v1 kind: ConfigMap metadata: name: ingress-conf data: -{{ toYaml .Values.config.controller | indent 2 }} +{{ toYaml .Values.conf.ingress | indent 2 }} {{- end }} diff --git a/ingress/templates/configmap-services-tcp.yaml b/ingress/templates/configmap-services-tcp.yaml index e39faee96a..4454702f96 100644 --- a/ingress/templates/configmap-services-tcp.yaml +++ b/ingress/templates/configmap-services-tcp.yaml @@ -21,8 +21,8 @@ apiVersion: v1 kind: ConfigMap metadata: name: ingress-services-tcp -{{- if not (empty $envAll.Values.config.services.tcp) }} +{{- if not (empty $envAll.Values.conf.services.tcp) }} data: -{{ toYaml $envAll.Values.config.services.tcp | indent 2 }} +{{ toYaml $envAll.Values.conf.services.tcp | indent 2 }} {{- end }} {{- end }} diff --git a/ingress/templates/configmap-services-udp.yaml b/ingress/templates/configmap-services-udp.yaml index 9090b91878..402010560d 100644 --- a/ingress/templates/configmap-services-udp.yaml +++ b/ingress/templates/configmap-services-udp.yaml @@ -21,8 +21,8 @@ apiVersion: v1 kind: ConfigMap metadata: name: ingress-services-udp -{{- if not (empty $envAll.Values.config.services.udp) }} +{{- if not (empty $envAll.Values.conf.services.udp) }} data: -{{ toYaml $envAll.Values.config.services.udp | indent 2 }} +{{ toYaml $envAll.Values.conf.services.udp | indent 2 }} {{- end }} {{- end }} diff --git a/ingress/templates/deployment-error.yaml b/ingress/templates/deployment-error.yaml index 560cb27125..c29e7f3f2c 100644 --- a/ingress/templates/deployment-error.yaml +++ b/ingress/templates/deployment-error.yaml @@ -38,7 +38,7 @@ spec: {{ tuple $envAll "ingress" "error-pages" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - terminationGracePeriodSeconds: 60 + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.error_pages.timeout | default "60" }} initContainers: {{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: @@ -57,6 +57,13 @@ spec: - containerPort: 8080 command: - /tmp/ingress-error-pages.sh + - start + lifecycle: + preStop: + exec: + command: + - /tmp/ingress-error-pages.sh + - stop volumeMounts: - name: ingress-bin mountPath: /tmp/ingress-error-pages.sh diff --git a/ingress/templates/deployment-ingress.yaml b/ingress/templates/deployment-ingress.yaml index c3d6f076a7..b72d43ea18 100644 --- a/ingress/templates/deployment-ingress.yaml +++ b/ingress/templates/deployment-ingress.yaml @@ -18,13 +18,21 @@ limitations under the License. {{- $envAll := . }} {{- $dependencies := .Values.dependencies.ingress }} -{{- $serviceAccountName := "ingress-api"}} +{{- if empty .Values.conf.controller.INGRESS_CLASS -}} +{{- if eq .Values.deployment.mode "cluster" }} +{{- set .Values.conf.controller "INGRESS_CLASS" .Values.deployment.cluster.class | quote | trunc 0 -}} +{{- else if eq .Values.deployment.mode "namespace" }} +{{- set .Values.conf.controller "INGRESS_CLASS" "nginx" | quote | trunc 0 -}} +{{- end }} +{{- end -}} + +{{- $serviceAccountName := printf "%s-%s" .Release.Name "ingress" }} {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: - name: nginx-ingress-clusterrole + name: {{ $serviceAccountName }} rules: - apiGroups: - "" @@ -76,11 +84,11 @@ rules: apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: - name: nginx-ingress-clusterrole-nisa-binding + name: {{ $serviceAccountName }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: nginx-ingress-clusterrole + name: {{ $serviceAccountName }} subjects: - kind: ServiceAccount name: {{ $serviceAccountName }} @@ -89,7 +97,7 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role metadata: - name: nginx-ingress-role + name: {{ $serviceAccountName }} namespace: {{ $envAll.Release.Namespace }} rules: - apiGroups: @@ -106,11 +114,7 @@ rules: resources: - configmaps resourceNames: - # Defaults to "-" - # Here: "-" - # This has to be adapted if you change either parameter - # when launching the nginx-ingress-controller. - - "ingress-controller-leader-nginx" + - {{ printf "%s-%s" .Release.Name .Values.conf.controller.INGRESS_CLASS | quote }} verbs: - get - update @@ -132,39 +136,39 @@ rules: apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: - name: nginx-ingress-role-nisa-binding + name: {{ $serviceAccountName }} namespace: {{ $envAll.Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: nginx-ingress-role + name: {{ $serviceAccountName }} subjects: - kind: ServiceAccount name: {{ $serviceAccountName }} namespace: {{ $envAll.Release.Namespace }} --- -{{- if eq .Values.deployment_type "Deployment" }} +{{- if eq .Values.deployment.type "Deployment" }} apiVersion: apps/v1beta1 kind: Deployment -{{- else if eq .Values.deployment_type "DaemonSet" }} +{{- else if eq .Values.deployment.type "DaemonSet" }} apiVersion: extensions/v1beta1 kind: DaemonSet {{- end }} metadata: - name: ingress-api + name: ingress spec: -{{- if eq .Values.deployment_type "Deployment" }} +{{- if eq .Values.deployment.type "Deployment" }} replicas: {{ .Values.pod.replicas.ingress }} {{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} {{- end }} template: metadata: labels: -{{ tuple $envAll "ingress" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} +{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} app: ingress-api spec: serviceAccountName: {{ $serviceAccountName }} -{{- if eq .Values.deployment_type "Deployment" }} +{{- if eq .Values.deployment.type "Deployment" }} affinity: {{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} {{- end }} @@ -174,11 +178,50 @@ spec: hostNetwork: true {{- end }} dnsPolicy: "ClusterFirstWithHostNet" - terminationGracePeriodSeconds: 60 + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.server.timeout | default "60" }} initContainers: {{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{- if and .Values.network.host_namespace .Values.network.vip.manage }} + - name: ingress-vip-kernel-modules + image: {{ .Values.images.tags.ingress }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + capabilities: + add: + - SYS_MODULE + runAsUser: 0 + command: + - /tmp/ingress-vip.sh + - kernel_modules + volumeMounts: + - name: ingress-bin + mountPath: /tmp/ingress-vip.sh + subPath: ingress-vip.sh + readOnly: true + - name: host-rootfs + mountPath: /mnt/host-rootfs + readOnly: true + - name: ingress-vip-init + image: {{ .Values.images.tags.ingress }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + capabilities: + add: + - NET_ADMIN + runAsUser: 0 + env: +{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.vip | indent 12 }} + command: + - /tmp/ingress-vip.sh + - start + volumeMounts: + - name: ingress-bin + mountPath: /tmp/ingress-vip.sh + subPath: ingress-vip.sh + readOnly: true +{{- end }} containers: - - name: ingress-api + - name: ingress image: {{ .Values.images.tags.ingress }} imagePullPolicy: {{ .Values.images.pull_policy }} {{ tuple $envAll $envAll.Values.pod.resources.ingress | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} @@ -203,21 +246,72 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: PORT_HTTP + value: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} + - name: PORT_HTTPS + value: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} + - name: RELEASE_NAME + value: {{ .Release.Name | quote }} + - name: ERROR_PAGE_SERVICE + value: {{ tuple "ingress" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote }} +{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.conf.controller | indent 12 }} ports: - - containerPort: 80 - hostPort: 80 - - containerPort: 443 - hostPort: 443 + - containerPort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- if .Values.network.host_namespace }} + hostPort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- end }} + - containerPort: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- if .Values.network.host_namespace }} + hostPort: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- end }} command: - /tmp/ingress-controller.sh + - start + lifecycle: + preStop: + exec: + command: + - /tmp/ingress-controller.sh + - stop volumeMounts: - name: ingress-bin mountPath: /tmp/ingress-controller.sh subPath: ingress-controller.sh readOnly: true - volumes: - - name: ingress-bin - configMap: - name: ingress-bin - defaultMode: 0555 +{{- if and .Values.network.host_namespace .Values.network.vip.manage }} + - name: ingress-vip + image: {{ .Values.images.tags.ingress }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + capabilities: + add: + - NET_ADMIN + runAsUser: 0 + env: +{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.vip | indent 12 }} + command: + - /tmp/ingress-vip.sh + - sleep + lifecycle: + preStop: + exec: + command: + - /tmp/ingress-vip.sh + - stop + volumeMounts: + - name: ingress-bin + mountPath: /tmp/ingress-vip.sh + subPath: ingress-vip.sh + readOnly: true +{{- end }} + volumes: + - name: ingress-bin + configMap: + name: ingress-bin + defaultMode: 0555 + {{- if and .Values.network.host_namespace .Values.network.vip.manage }} + - name: host-rootfs + hostPath: + path: / + {{- end }} {{- end }} diff --git a/ingress/templates/endpoints-ingress.yaml b/ingress/templates/endpoints-ingress.yaml new file mode 100644 index 0000000000..92977e13ec --- /dev/null +++ b/ingress/templates/endpoints-ingress.yaml @@ -0,0 +1,53 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.endpoints_ingress }} +{{- $envAll := . }} +{{- if and .Values.network.host_namespace .Values.network.vip.manage -}} +--- +apiVersion: "v1" +kind: "Endpoints" +metadata: + labels: +{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + endpoint: vip + name: {{ tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +subsets: + - addresses: + - ip: {{ ( .Values.network.vip.addr | split "/" )._0 | quote }} + ports: + - port: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + protocol: TCP + name: http + - port: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + protocol: TCP + name: https + {{- if not (empty $envAll.Values.conf.services.tcp) }} + {{range $key, $value := $envAll.Values.conf.services.tcp -}} + - port: {{ $key }} + protocol: TCP + name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }} + {{ end -}} + {{- end }} + {{- if not (empty $envAll.Values.conf.services.udp) }} + {{range $key, $value := $envAll.Values.conf.services.udp -}} + - port: {{ $key }} + protocol: UDP + name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }} + {{ end -}} + {{- end }} +{{- end }} +{{- end }} diff --git a/ingress/templates/ingress.yaml b/ingress/templates/ingress.yaml new file mode 100644 index 0000000000..0882d5bc7d --- /dev/null +++ b/ingress/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.ingress }} +{{- $envAll := . }} +{{- if eq .Values.deployment.mode "namespace" }} +{{- if empty (index .Values.network.ingress.annotations "kubernetes.io/ingress.class") -}} +{{- set .Values.network.ingress.annotations "kubernetes.io/ingress.class" .Values.deployment.cluster.class | quote | trunc 0 -}} +{{- end -}} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ .Release.Namespace }}-{{ .Release.Name }} + annotations: +{{ toYaml .Values.network.ingress.annotations | indent 4 }} +spec: + rules: + - host: {{ printf "%s.%s.svc.%s" "*" .Release.Namespace .Values.endpoints.cluster_domain_suffix | quote }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- end }} +{{- end }} diff --git a/ingress/templates/service-error.yaml b/ingress/templates/service-error.yaml index a816288cfa..b17d4d2ec3 100644 --- a/ingress/templates/service-error.yaml +++ b/ingress/templates/service-error.yaml @@ -22,7 +22,7 @@ kind: Service metadata: labels: {{ tuple $envAll "ingress" "error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} - name: ingress-error-pages + name: {{ tuple "ingress" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: clusterIP: None ports: diff --git a/ingress/templates/service-ingress.yaml b/ingress/templates/service-ingress.yaml index c711741c25..ca9af8ce21 100644 --- a/ingress/templates/service-ingress.yaml +++ b/ingress/templates/service-ingress.yaml @@ -21,18 +21,42 @@ apiVersion: v1 kind: Service metadata: labels: - app: ingress-api - name: {{ .Values.endpoints.ingress.host }} +{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- if and .Values.network.host_namespace .Values.network.vip.manage }} + endpoint: vip +{{- end }} + name: {{ tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: +{{- if and .Values.network.host_namespace .Values.network.vip.manage }} + clusterIP: None +{{- end }} ports: - name: http - port: {{ .Values.endpoints.ingress.port.http }} + port: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} protocol: TCP - targetPort: 80 + targetPort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - name: https - port: {{ .Values.endpoints.ingress.port.https }} + port: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} protocol: TCP - targetPort: 443 + targetPort: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- if not (empty $envAll.Values.conf.services.tcp) }} + {{range $key, $value := $envAll.Values.conf.services.tcp -}} + - name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }} + port: {{ $key }} + protocol: TCP + targetPort: {{ $key }} + {{ end -}} + {{- end }} + {{- if not (empty $envAll.Values.conf.services.udp) }} + {{range $key, $value := $envAll.Values.conf.services.udp -}} + - name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }} + port: {{ $key }} + protocol: UDP + targetPort: {{ $key }} + {{ end -}} + {{- end }} +{{- if not (and .Values.network.host_namespace .Values.network.vip.manage) }} selector: - app: ingress-api +{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- end }} {{- end }} diff --git a/ingress/values.yaml b/ingress/values.yaml index 0d89af64b4..50e25903dd 100644 --- a/ingress/values.yaml +++ b/ingress/values.yaml @@ -17,6 +17,12 @@ # Declare name/value pairs to be passed into your templates. # name: value +deployment: + mode: namespace + type: Deployment + cluster: + class: "nginx-cluster" + images: tags: entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 @@ -44,6 +50,11 @@ pod: rolling_update: max_unavailable: 1 max_surge: 3 + termination_grace_period: + server: + timeout: 60 + error_pages: + timeout: 60 resources: enabled: false ingress: @@ -66,7 +77,18 @@ labels: node_selector_value: enabled network: - host_namespace: true + host_namespace: false + vip: + manage: false + interface: ingress-vip + addr: 172.18.0.1/32 + ingress: + annotations: + #NOTE(portdirect): if left blank this is populated from + # .deployment.cluster.class + kubernetes.io/ingress.class: null + nginx.ingress.kubernetes.io/proxy-body-size: "0" + external_policy_local: false dependencies: error_pages: @@ -75,21 +97,35 @@ dependencies: jobs: null endpoints: + cluster_domain_suffix: cluster.local ingress: - host: openstack + hosts: + default: ingress + error_pages: ingress-error-pages + host_fqdn_override: + default: null port: - http: 80 - https: 443 + http: + default: 80 + https: + default: 443 -deployment_type: DaemonSet - -config: +conf: controller: + #NOTE(portdirect): if left blank this is populated from + # .deployment.cluster.class in cluster mode, or set to + # "nginx" in namespace mode + INGRESS_CLASS: null + ingress: enable-underscores-in-headers: "true" + #NOTE(portdirect): if left blank this is populated from + # .network.vip.addr when running in host networking + # and .network.vip.manage=true, otherwise it is left as + # an empty string (the default). + bind-address: null services: tcp: null - udp: - 53: "kube-system/kube-dns:53" + udp: null manifests: configmap_bin: true @@ -98,5 +134,7 @@ manifests: configmap_services_udp: true deployment_error: true deployment_ingress: true + endpoints_ingress: true + ingress: true service_error: true service_ingress: true diff --git a/tools/deployment/common/ingress.sh b/tools/deployment/common/ingress.sh deleted file mode 100755 index 426cb0301c..0000000000 --- a/tools/deployment/common/ingress.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -set -xe - -#NOTE: Deploy command -helm install ./ingress \ - --namespace=openstack \ - --name=ingress - -#NOTE: Wait for deploy -./tools/deployment/common/wait-for-pods.sh openstack - -#NOTE: Display info -helm status ingress diff --git a/tools/deployment/developer/03-ingress.sh b/tools/deployment/developer/03-ingress.sh deleted file mode 120000 index 47bb302d8c..0000000000 --- a/tools/deployment/developer/03-ingress.sh +++ /dev/null @@ -1 +0,0 @@ -../common/ingress.sh \ No newline at end of file diff --git a/tools/deployment/developer/03-ingress.sh b/tools/deployment/developer/03-ingress.sh new file mode 100755 index 0000000000..34f17f7a1c --- /dev/null +++ b/tools/deployment/developer/03-ingress.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +#NOTE: Pull images and lint chart +make pull-images ingress + +#NOTE: Deploy global ingress +helm install ./ingress \ + --namespace=kube-system \ + --name=ingress-kube-system \ + --set deployment.mode=cluster \ + --set deployment.type=DaemonSet \ + --set network.host_namespace=true \ + --set network.vip.manage=true \ + --set network.vip.addr=172.18.0.1/32 \ + --set conf.services.udp.53='kube-system/kube-dns:53' + +#NOTE: Deploy namespace ingress +helm install ./ingress \ + --namespace=openstack \ + --name=ingress-openstack + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh kube-system +./tools/deployment/common/wait-for-pods.sh openstack + +#NOTE: Display info +helm status ingress-kube-system +helm status ingress-openstack diff --git a/tools/deployment/multinode/020-ingress.sh b/tools/deployment/multinode/020-ingress.sh deleted file mode 120000 index 47bb302d8c..0000000000 --- a/tools/deployment/multinode/020-ingress.sh +++ /dev/null @@ -1 +0,0 @@ -../common/ingress.sh \ No newline at end of file diff --git a/tools/deployment/multinode/020-ingress.sh b/tools/deployment/multinode/020-ingress.sh new file mode 100755 index 0000000000..3058f6e1bf --- /dev/null +++ b/tools/deployment/multinode/020-ingress.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +#NOTE: Deploy global ingress +helm install ./ingress \ + --namespace=kube-system \ + --name=ingress-kube-system \ + --set pod.replicas.error_page=2 \ + --set deployment.mode=cluster \ + --set deployment.type=DaemonSet \ + --set network.host_namespace=true \ + --set conf.services.udp.53='kube-system/kube-dns:53' + +#NOTE: Deploy namespace ingress +helm install ./ingress \ + --namespace=openstack \ + --name=ingress-openstack \ + --set pod.replicas.ingress=2 \ + --set pod.replicas.error_page=2 + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh kube-system +./tools/deployment/common/wait-for-pods.sh openstack + +#NOTE: Display info +helm status ingress-kube-system +helm status ingress-openstack