From b37eb252e42b67a64fb43ea84b819d62246b1317 Mon Sep 17 00:00:00 2001 From: Hyunsun Moon Date: Fri, 22 Jun 2018 13:59:24 +0900 Subject: [PATCH] [ingress] introduce keepalived sidecar for ingress vip Added new method of serving VIP with keepalived, which ensures VIP is always owned by a healthy pod in a healthy node. User can select prefered VIP method by setting "network.vip.mode" to "keepalived" or "routed". Change-Id: I7dd164134e18998d4d2688cb0618cc699a92d166 --- .../bin/_ingress-vip-keepalived.sh.tpl | 31 +++++++++++++++++++ ...-vip.sh.tpl => _ingress-vip-routed.sh.tpl} | 0 ingress/templates/configmap-bin.yaml | 6 +++- ingress/templates/configmap-conf.yaml | 3 ++ ingress/templates/deployment-ingress.yaml | 13 +++++++- ingress/values.yaml | 4 +++ 6 files changed, 55 insertions(+), 2 deletions(-) create mode 100644 ingress/templates/bin/_ingress-vip-keepalived.sh.tpl rename ingress/templates/bin/{_ingress-vip.sh.tpl => _ingress-vip-routed.sh.tpl} (100%) diff --git a/ingress/templates/bin/_ingress-vip-keepalived.sh.tpl b/ingress/templates/bin/_ingress-vip-keepalived.sh.tpl new file mode 100644 index 0000000000..0cba1faae3 --- /dev/null +++ b/ingress/templates/bin/_ingress-vip-keepalived.sh.tpl @@ -0,0 +1,31 @@ +#!/bin/bash + +# Copyright 2018 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +COMMAND="${@:-start}" + +function kernel_modules () { + chroot /mnt/host-rootfs modprobe ip_vs +} + +function start () { + # Exit if the interface does not exist + ip link show ${interface} > /dev/null || exit 1 + ip link set ${interface} up +} + +$COMMAND diff --git a/ingress/templates/bin/_ingress-vip.sh.tpl b/ingress/templates/bin/_ingress-vip-routed.sh.tpl similarity index 100% rename from ingress/templates/bin/_ingress-vip.sh.tpl rename to ingress/templates/bin/_ingress-vip-routed.sh.tpl diff --git a/ingress/templates/configmap-bin.yaml b/ingress/templates/configmap-bin.yaml index 6ff6b6ab4b..b2eacc70db 100644 --- a/ingress/templates/configmap-bin.yaml +++ b/ingress/templates/configmap-bin.yaml @@ -28,7 +28,11 @@ data: {{- end }} {{- if and .Values.network.host_namespace .Values.network.vip.manage }} ingress-vip.sh: | -{{ tuple "bin/_ingress-vip.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- if eq .Values.network.vip.mode "routed" }} +{{ tuple "bin/_ingress-vip-routed.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- else if eq .Values.network.vip.mode "keepalived" }} +{{ tuple "bin/_ingress-vip-keepalived.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} {{- end }} ingress-controller.sh: | {{ tuple "bin/_ingress-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} diff --git a/ingress/templates/configmap-conf.yaml b/ingress/templates/configmap-conf.yaml index 730a57c748..5483b0fd4d 100644 --- a/ingress/templates/configmap-conf.yaml +++ b/ingress/templates/configmap-conf.yaml @@ -18,6 +18,9 @@ limitations under the License. {{- $envAll := . }} {{- if and .Values.network.host_namespace .Values.network.vip.manage -}} +{{- if empty (index .Values.network.vip "mode") -}} +{{- $_ := set .Values.network.vip "mode" "routed" }} +{{- end -}} {{- if empty (index .Values.conf.ingress "bind-address") -}} {{- $_ := set .Values.conf.ingress "bind-address" ( .Values.network.vip.addr | split "/" )._0 }} {{- end -}} diff --git a/ingress/templates/deployment-ingress.yaml b/ingress/templates/deployment-ingress.yaml index 6fd95cf0c6..38b25ec6f6 100644 --- a/ingress/templates/deployment-ingress.yaml +++ b/ingress/templates/deployment-ingress.yaml @@ -283,12 +283,13 @@ spec: readOnly: true {{- if and .Values.network.host_namespace .Values.network.vip.manage }} - name: ingress-vip -{{ tuple $envAll "ingress" | include "helm-toolkit.snippets.image" | indent 10 }} securityContext: capabilities: add: - NET_ADMIN runAsUser: 0 +{{- if eq .Values.network.vip.mode "routed" }} +{{ tuple $envAll "ingress" | include "helm-toolkit.snippets.image" | indent 10 }} env: {{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.vip | indent 12 }} command: @@ -305,6 +306,16 @@ spec: mountPath: /tmp/ingress-vip.sh subPath: ingress-vip.sh readOnly: true +{{- else if eq .Values.network.vip.mode "keepalived" }} +{{ tuple $envAll "keepalived" | include "helm-toolkit.snippets.image" | indent 10 }} + env: + - name: KEEPALIVED_INTERFACE + value: {{ .Values.network.vip.interface | quote }} + - name: KEEPALIVED_VIRTUAL_IPS + value: {{ ( .Values.network.vip.addr | split "/" )._0 | quote }} + - name: KEEPALIVED_UNICAST_PEERS + value: null +{{- end }} {{- end }} volumes: - name: ingress-bin diff --git a/ingress/values.yaml b/ingress/values.yaml index 005066b893..9cb2f0e47c 100644 --- a/ingress/values.yaml +++ b/ingress/values.yaml @@ -29,6 +29,7 @@ images: # https://github.com/kubernetes/ingress-nginx/blob/09524cd3363693463da5bf4a9bb3900da435ad05/Changelog.md#090 ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0 error_pages: gcr.io/google_containers/defaultbackend:1.0 + keepalived: osixia/keepalived:1.4.5 dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 image_repo_sync: docker.io/docker:17.07.0 pull_policy: "IfNotPresent" @@ -98,6 +99,9 @@ network: host_namespace: false vip: manage: false + # what type of vip manage machanism will be used + # possible options: routed, keepalived + mode: routed interface: ingress-vip addr: 172.18.0.1/32 ingress: