openstack/openstack-helm
Code Issues Proposed changes

Merge "Ingress: Update image and add UDP/TCP proxying support"

Browse Source
This commit is contained in:
Zuul 2018-01-12 05:51:13 +00:00 committed by Gerrit Code Review
commit 52c98d9c46
27 changed files with 249 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
barbican/values.yaml
View File

@ -136,7 +136,7 @@ network:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false

2
ceilometer/values.yaml
View File

@ -60,7 +60,7 @@ network:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/rewrite-target: /
port: 8777
node_port:
enabled: false

2
cinder/values.yaml
View File

@ -220,7 +220,7 @@ network:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false

2
congress/values.yaml
View File

@ -26,7 +26,7 @@ network:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/rewrite-target: /
node_port:
enabled: false
port: 1789

6
glance/values.yaml
View File

@ -276,8 +276,8 @@ network:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
ingress.kubernetes.io/proxy-body-size: "1024M"
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-body-size: "1024M"
external_policy_local: false
node_port:
enabled: false
@ -287,7 +287,7 @@ network:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false

2
gnocchi/values.yaml
View File

@ -29,7 +29,7 @@ network:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false

6
heat/values.yaml
View File

@ -223,7 +223,7 @@ network:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
@ -233,7 +233,7 @@ network:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/rewrite-target: /
node_port:
enabled: false
port: 30800
@ -242,7 +242,7 @@ network:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/rewrite-target: /
node_port:
enabled: false
port: 30003

2
horizon/values.yaml
View File

@ -38,7 +38,7 @@ network:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false

25
ingress/templates/bin/_ingress-controller.sh.tpl Normal file
View File

@ -0,0 +1,25 @@
#!/bin/sh
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
exec /usr/bin/dumb-init \
/nginx-ingress-controller \
--default-backend-service=${POD_NAMESPACE}/ingress-error-pages \
--configmap=${POD_NAMESPACE}/ingress-conf \
--tcp-services-configmap=${POD_NAMESPACE}/ingress-services-tcp \
--udp-services-configmap=${POD_NAMESPACE}/ingress-services-udp

20
ingress/templates/bin/_ingress-error-pages.sh.tpl Normal file
View File

@ -0,0 +1,20 @@
#!/bin/sh
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
exec /server

24
ingress/templates/rolebinding.yaml → ingress/templates/configmap-bin.yaml
View File

@ -14,20 +14,16 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_bin }}
{{- $envAll := . }}
{{- $serviceAccountName := "ingress-api" }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-ingress-role-nisa-binding
namespace: {{ $envAll.Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-role
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
name: ingress-bin
data:
ingress-controller.sh: |+
{{ tuple "bin/_ingress-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ingress-error-pages.sh: |+
{{ tuple "bin/_ingress-error-pages.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}

7
ingress/templates/nginx-custom-configuration.yaml → ingress/templates/configmap-conf.yaml
View File

@ -14,12 +14,13 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_conf }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-custom-configuration
name: ingress-conf
data:
{{ toYaml .Values.config | indent 2 }}
{{ toYaml .Values.config.controller | indent 2 }}
{{- end }}

28
ingress/templates/configmap-services-tcp.yaml Normal file
View File

@ -0,0 +1,28 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_services_tcp }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-services-tcp
{{- if not (empty $envAll.Values.config.services.tcp) }}
data:
{{ toYaml $envAll.Values.config.services.tcp | indent 2 }}
{{- end }}
{{- end }}

28
ingress/templates/configmap-services-udp.yaml Normal file
View File

@ -0,0 +1,28 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_services_udp }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-services-udp
{{- if not (empty $envAll.Values.config.services.udp) }}
data:
{{ toYaml $envAll.Values.config.services.udp | indent 2 }}
{{- end }}
{{- end }}

14
ingress/templates/deployment-error.yaml
View File

@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.deployment_error }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.error_pages }}
@ -54,3 +55,16 @@ spec:
timeoutSeconds: 5
ports:
- containerPort: 8080
command:
- /tmp/ingress-error-pages.sh
volumeMounts:
- name: ingress-bin
mountPath: /tmp/ingress-error-pages.sh
subPath: ingress-error-pages.sh
readOnly: true
volumes:
- name: ingress-bin
configMap:
name: ingress-bin
defaultMode: 0555
{{- end }}

75
ingress/templates/deployment-ingress.yaml
View File

@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.deployment_ingress }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ingress }}
@ -85,6 +86,63 @@ subjects:
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-role
namespace: {{ $envAll.Release.Namespace }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
# Defaults to "<election-id>-<ingress-class>"
# Here: "<ingress-controller-leader>-<nginx>"
# This has to be adapted if you change either parameter
# when launching the nginx-ingress-controller.
- "ingress-controller-leader-nginx"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- create
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: nginx-ingress-role-nisa-binding
namespace: {{ $envAll.Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-role
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
---
{{- if eq .Values.deployment_type "Deployment" }}
apiVersion: apps/v1beta1
kind: Deployment
@ -150,7 +208,16 @@ spec:
hostPort: 80
- containerPort: 443
hostPort: 443
args:
- /nginx-ingress-controller
- '--default-backend-service=$(POD_NAMESPACE)/ingress-error-pages'
- --configmap=$(POD_NAMESPACE)/nginx-custom-configuration
command:
- /tmp/ingress-controller.sh
volumeMounts:
- name: ingress-bin
mountPath: /tmp/ingress-controller.sh
subPath: ingress-controller.sh
readOnly: true
volumes:
- name: ingress-bin
configMap:
name: ingress-bin
defaultMode: 0555
{{- end }}

62
ingress/templates/role.yaml
View File

@ -1,62 +0,0 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . }}
{{- $serviceAccountName := "ingress-api" }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-role
namespace: {{ $envAll.Release.Namespace }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
# Defaults to "<election-id>-<ingress-class>"
# Here: "<ingress-controller-leader>-<nginx>"
# This has to be adapted if you change either parameter
# when launching the nginx-ingress-controller.
- "ingress-controller-leader-nginx"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- create
- update

2
ingress/templates/service-error.yaml
View File

@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_error }}
{{- $envAll := . }}
---
apiVersion: v1
@ -30,3 +31,4 @@ spec:
targetPort: 8080
selector:
{{ tuple $envAll "ingress" "error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- end }}

2
ingress/templates/service-ingress.yaml
View File

@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_ingress }}
{{- $envAll := . }}
---
apiVersion: v1
@ -34,3 +35,4 @@ spec:
targetPort: 443
selector:
app: ingress-api
{{- end }}

31
ingress/values.yaml
View File

@ -20,19 +20,19 @@
images:
tags:
entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
# https://github.com/kubernetes/ingress/blob/master/controllers/nginx/Changelog.md
ingress: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.8
# https://github.com/kubernetes/ingress-nginx/blob/09524cd3363693463da5bf4a9bb3900da435ad05/Changelog.md#090
ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
error_pages: gcr.io/google_containers/defaultbackend:1.0
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
pull_policy: "IfNotPresent"
pod:
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
replicas:
ingress: 1
error_page: 1
@ -84,4 +84,19 @@ endpoints:
deployment_type: DaemonSet
config:
enable-underscores-in-headers: "true"
controller:
enable-underscores-in-headers: "true"
services:
tcp: null
udp:
53: "kube-system/kube-dns:53"
manifests:
configmap_bin: true
configmap_conf: true
configmap_services_tcp: true
configmap_services_udp: true
deployment_error: true
deployment_ingress: true
service_error: true
service_ingress: true

2
keystone/values.yaml
View File

@ -55,7 +55,7 @@ network:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false

2
magnum/values.yaml
View File

@ -117,7 +117,7 @@ network:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false

2
mistral/values.yaml
View File

@ -45,7 +45,7 @@ network:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/rewrite-target: /
node_port:
enabled: false
port: 28989

2
neutron/values.yaml
View File

@ -93,7 +93,7 @@ network:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false

6
nova/values.yaml
View File

@ -116,7 +116,7 @@ network:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
@ -129,7 +129,7 @@ network:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
@ -140,7 +140,7 @@ network:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/rewrite-target: /
node_port:
enabled: false
port: 30778

4
rally/templates/ingress-api.yaml
View File

@ -31,8 +31,8 @@ metadata:
name: {{ $ingressName }}
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
ingress.kubernetes.io/proxy-body-size: {{ .Values.network.rally.ingress.proxy_body_size }}
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.network.rally.ingress.proxy_body_size }}
spec:
rules:
{{ if ne $hostNameNamespaced $hostNameFull }}

2
senlin/values.yaml
View File

@ -130,7 +130,7 @@ network:
public: true
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/rewrite-target: /
node_port:
enabled: false
port: 30778