From 35dfb998f4d3e2426aead036a9d06559f7247a5b Mon Sep 17 00:00:00 2001 From: portdirect Date: Fri, 12 Jan 2018 13:58:40 -0500 Subject: [PATCH] Ingress: Move to namespaced ingress controllers and edge VIP This PS moves to namespace specific ingress controllers, and a cluster wide ingress controller that acts as the external front door to the cluster. The cluster ingress controller will also be able to create a dummy interface that can be announced via the OpenStack-Helm-Infra Calico chart. The ability to exercise the edge VIP feature is currently only demonstrated in the single node gate and guide, as it requires additional configuration, or hardware to set up the routes in a multinode env. Change-Id: I8b823b93465f2e90aaabcca9ec9b783d34539e07 --- .../templates/utils/_to_k8s_env_vars.tpl | 27 ++++ .../templates/bin/_ingress-controller.sh.tpl | 31 +++- .../templates/bin/_ingress-error-pages.sh.tpl | 8 +- ingress/templates/bin/_ingress-vip.sh.tpl | 57 +++++++ ingress/templates/configmap-bin.yaml | 4 + ingress/templates/configmap-conf.yaml | 9 +- ingress/templates/configmap-services-tcp.yaml | 4 +- ingress/templates/configmap-services-udp.yaml | 4 +- ingress/templates/deployment-error.yaml | 9 +- ingress/templates/deployment-ingress.yaml | 152 ++++++++++++++---- ingress/templates/endpoints-ingress.yaml | 53 ++++++ ingress/templates/ingress.yaml | 40 +++++ ingress/templates/service-error.yaml | 2 +- ingress/templates/service-ingress.yaml | 38 ++++- ingress/values.yaml | 56 +++++-- tools/deployment/common/ingress.sh | 28 ---- tools/deployment/developer/03-ingress.sh | 45 +++++- tools/deployment/multinode/020-ingress.sh | 43 ++++- 18 files changed, 520 insertions(+), 90 deletions(-) create mode 100644 helm-toolkit/templates/utils/_to_k8s_env_vars.tpl create mode 100644 ingress/templates/bin/_ingress-vip.sh.tpl create mode 100644 ingress/templates/endpoints-ingress.yaml create mode 100644 ingress/templates/ingress.yaml delete mode 100755 tools/deployment/common/ingress.sh mode change 120000 => 100755 tools/deployment/developer/03-ingress.sh mode change 120000 => 100755 tools/deployment/multinode/020-ingress.sh diff --git a/helm-toolkit/templates/utils/_to_k8s_env_vars.tpl b/helm-toolkit/templates/utils/_to_k8s_env_vars.tpl new file mode 100644 index 00000000..5fe11114 --- /dev/null +++ b/helm-toolkit/templates/utils/_to_k8s_env_vars.tpl @@ -0,0 +1,27 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.utils.to_k8s_env_vars" -}} +{{range $key, $value := . -}} +{{- if kindIs "slice" $value -}} +- name: {{ $key }} + value: {{ include "helm-toolkit.utils.joinListWithComma" $value | quote }} +{{else -}} +- name: {{ $key }} + value: {{ $value | quote }} +{{ end -}} +{{- end -}} +{{- end -}} diff --git a/ingress/templates/bin/_ingress-controller.sh.tpl b/ingress/templates/bin/_ingress-controller.sh.tpl index c2e142bf..6514ae59 100644 --- a/ingress/templates/bin/_ingress-controller.sh.tpl +++ b/ingress/templates/bin/_ingress-controller.sh.tpl @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash {{/* Copyright 2017 The Openstack-Helm Authors. @@ -17,9 +17,26 @@ limitations under the License. */}} set -ex -exec /usr/bin/dumb-init \ - /nginx-ingress-controller \ - --default-backend-service=${POD_NAMESPACE}/ingress-error-pages \ - --configmap=${POD_NAMESPACE}/ingress-conf \ - --tcp-services-configmap=${POD_NAMESPACE}/ingress-services-tcp \ - --udp-services-configmap=${POD_NAMESPACE}/ingress-services-udp +COMMAND="${@:-start}" + +function start () { + exec /usr/bin/dumb-init \ + /nginx-ingress-controller \ + {{- if eq .Values.deployment.mode "namespace" }} + --watch-namespace ${POD_NAMESPACE} \ + {{- end }} + --http-port=${PORT_HTTP} \ + --https-port=${PORT_HTTPS} \ + --election-id=${RELEASE_NAME} \ + --ingress-class=${INGRESS_CLASS} \ + --default-backend-service=${POD_NAMESPACE}/${ERROR_PAGE_SERVICE} \ + --configmap=${POD_NAMESPACE}/ingress-conf \ + --tcp-services-configmap=${POD_NAMESPACE}/ingress-services-tcp \ + --udp-services-configmap=${POD_NAMESPACE}/ingress-services-udp +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/ingress/templates/bin/_ingress-error-pages.sh.tpl b/ingress/templates/bin/_ingress-error-pages.sh.tpl index 240fb18a..cf62c33f 100644 --- a/ingress/templates/bin/_ingress-error-pages.sh.tpl +++ b/ingress/templates/bin/_ingress-error-pages.sh.tpl @@ -17,4 +17,10 @@ limitations under the License. */}} set -ex -exec /server +COMMAND="${@:-start}" + +if [ "x${COMMAND}" == "xstart" ]; then + exec /server +elif [ "x${COMMAND}" == "xstop" ]; then + kill -TERM 1 +fi diff --git a/ingress/templates/bin/_ingress-vip.sh.tpl b/ingress/templates/bin/_ingress-vip.sh.tpl new file mode 100644 index 00000000..3df0053e --- /dev/null +++ b/ingress/templates/bin/_ingress-vip.sh.tpl @@ -0,0 +1,57 @@ +#!/bin/bash + +# Copyright 2018 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +COMMAND="${@:-start}" + +function kernel_modules () { + chroot /mnt/host-rootfs modprobe dummy +} + +function test_vip () { + ip addr show ${interface} | \ + awk "/inet / && /${interface}/{print \$2 }" | \ + awk -F '/' '{ print $1 }' | \ + grep -q "${addr%/*}" +} + +function start () { + ip link show ${interface} > /dev/null || ip link add ${interface} type dummy + if ! test_vip; then + ip addr add ${addr} dev ${interface} + fi + ip link set ${interface} up +} + +function sleep () { + exec bash -c "while :; do sleep 2073600; done" +} + +function stop () { + ip link show ${interface} > /dev/null || exit 0 + if test_vip; then + ip addr del ${addr} dev ${interface} + fi + if [ "$(ip address show ${interface} | \ + awk "/inet / && /${interface}/{print \$2 }" | \ + wc -l)" -le "0" ]; then + ip link set ${interface} down + ip link del ${interface} + fi +} + +$COMMAND diff --git a/ingress/templates/configmap-bin.yaml b/ingress/templates/configmap-bin.yaml index 79508a4e..ff08e5de 100644 --- a/ingress/templates/configmap-bin.yaml +++ b/ingress/templates/configmap-bin.yaml @@ -22,6 +22,10 @@ kind: ConfigMap metadata: name: ingress-bin data: +{{- if and .Values.network.host_namespace .Values.network.vip.manage }} + ingress-vip.sh: | +{{ tuple "bin/_ingress-vip.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} ingress-controller.sh: |+ {{ tuple "bin/_ingress-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} ingress-error-pages.sh: |+ diff --git a/ingress/templates/configmap-conf.yaml b/ingress/templates/configmap-conf.yaml index 711aeae4..cedfcd2b 100644 --- a/ingress/templates/configmap-conf.yaml +++ b/ingress/templates/configmap-conf.yaml @@ -16,11 +16,18 @@ limitations under the License. {{- if .Values.manifests.configmap_conf }} {{- $envAll := . }} + +{{- if and .Values.network.host_namespace .Values.network.vip.manage -}} +{{- if empty (index .Values.conf.ingress "bind-address") -}} +{{- set .Values.conf.ingress "bind-address" ( .Values.network.vip.addr | split "/" )._0 | quote | trunc 0 -}} +{{- end -}} +{{- end -}} + --- apiVersion: v1 kind: ConfigMap metadata: name: ingress-conf data: -{{ toYaml .Values.config.controller | indent 2 }} +{{ toYaml .Values.conf.ingress | indent 2 }} {{- end }} diff --git a/ingress/templates/configmap-services-tcp.yaml b/ingress/templates/configmap-services-tcp.yaml index e39faee9..4454702f 100644 --- a/ingress/templates/configmap-services-tcp.yaml +++ b/ingress/templates/configmap-services-tcp.yaml @@ -21,8 +21,8 @@ apiVersion: v1 kind: ConfigMap metadata: name: ingress-services-tcp -{{- if not (empty $envAll.Values.config.services.tcp) }} +{{- if not (empty $envAll.Values.conf.services.tcp) }} data: -{{ toYaml $envAll.Values.config.services.tcp | indent 2 }} +{{ toYaml $envAll.Values.conf.services.tcp | indent 2 }} {{- end }} {{- end }} diff --git a/ingress/templates/configmap-services-udp.yaml b/ingress/templates/configmap-services-udp.yaml index 9090b918..40201056 100644 --- a/ingress/templates/configmap-services-udp.yaml +++ b/ingress/templates/configmap-services-udp.yaml @@ -21,8 +21,8 @@ apiVersion: v1 kind: ConfigMap metadata: name: ingress-services-udp -{{- if not (empty $envAll.Values.config.services.udp) }} +{{- if not (empty $envAll.Values.conf.services.udp) }} data: -{{ toYaml $envAll.Values.config.services.udp | indent 2 }} +{{ toYaml $envAll.Values.conf.services.udp | indent 2 }} {{- end }} {{- end }} diff --git a/ingress/templates/deployment-error.yaml b/ingress/templates/deployment-error.yaml index 560cb271..c29e7f3f 100644 --- a/ingress/templates/deployment-error.yaml +++ b/ingress/templates/deployment-error.yaml @@ -38,7 +38,7 @@ spec: {{ tuple $envAll "ingress" "error-pages" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - terminationGracePeriodSeconds: 60 + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.error_pages.timeout | default "60" }} initContainers: {{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: @@ -57,6 +57,13 @@ spec: - containerPort: 8080 command: - /tmp/ingress-error-pages.sh + - start + lifecycle: + preStop: + exec: + command: + - /tmp/ingress-error-pages.sh + - stop volumeMounts: - name: ingress-bin mountPath: /tmp/ingress-error-pages.sh diff --git a/ingress/templates/deployment-ingress.yaml b/ingress/templates/deployment-ingress.yaml index c3d6f076..b72d43ea 100644 --- a/ingress/templates/deployment-ingress.yaml +++ b/ingress/templates/deployment-ingress.yaml @@ -18,13 +18,21 @@ limitations under the License. {{- $envAll := . }} {{- $dependencies := .Values.dependencies.ingress }} -{{- $serviceAccountName := "ingress-api"}} +{{- if empty .Values.conf.controller.INGRESS_CLASS -}} +{{- if eq .Values.deployment.mode "cluster" }} +{{- set .Values.conf.controller "INGRESS_CLASS" .Values.deployment.cluster.class | quote | trunc 0 -}} +{{- else if eq .Values.deployment.mode "namespace" }} +{{- set .Values.conf.controller "INGRESS_CLASS" "nginx" | quote | trunc 0 -}} +{{- end }} +{{- end -}} + +{{- $serviceAccountName := printf "%s-%s" .Release.Name "ingress" }} {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: - name: nginx-ingress-clusterrole + name: {{ $serviceAccountName }} rules: - apiGroups: - "" @@ -76,11 +84,11 @@ rules: apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: - name: nginx-ingress-clusterrole-nisa-binding + name: {{ $serviceAccountName }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: nginx-ingress-clusterrole + name: {{ $serviceAccountName }} subjects: - kind: ServiceAccount name: {{ $serviceAccountName }} @@ -89,7 +97,7 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role metadata: - name: nginx-ingress-role + name: {{ $serviceAccountName }} namespace: {{ $envAll.Release.Namespace }} rules: - apiGroups: @@ -106,11 +114,7 @@ rules: resources: - configmaps resourceNames: - # Defaults to "-" - # Here: "-" - # This has to be adapted if you change either parameter - # when launching the nginx-ingress-controller. - - "ingress-controller-leader-nginx" + - {{ printf "%s-%s" .Release.Name .Values.conf.controller.INGRESS_CLASS | quote }} verbs: - get - update @@ -132,39 +136,39 @@ rules: apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: - name: nginx-ingress-role-nisa-binding + name: {{ $serviceAccountName }} namespace: {{ $envAll.Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: nginx-ingress-role + name: {{ $serviceAccountName }} subjects: - kind: ServiceAccount name: {{ $serviceAccountName }} namespace: {{ $envAll.Release.Namespace }} --- -{{- if eq .Values.deployment_type "Deployment" }} +{{- if eq .Values.deployment.type "Deployment" }} apiVersion: apps/v1beta1 kind: Deployment -{{- else if eq .Values.deployment_type "DaemonSet" }} +{{- else if eq .Values.deployment.type "DaemonSet" }} apiVersion: extensions/v1beta1 kind: DaemonSet {{- end }} metadata: - name: ingress-api + name: ingress spec: -{{- if eq .Values.deployment_type "Deployment" }} +{{- if eq .Values.deployment.type "Deployment" }} replicas: {{ .Values.pod.replicas.ingress }} {{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} {{- end }} template: metadata: labels: -{{ tuple $envAll "ingress" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} +{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} app: ingress-api spec: serviceAccountName: {{ $serviceAccountName }} -{{- if eq .Values.deployment_type "Deployment" }} +{{- if eq .Values.deployment.type "Deployment" }} affinity: {{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} {{- end }} @@ -174,11 +178,50 @@ spec: hostNetwork: true {{- end }} dnsPolicy: "ClusterFirstWithHostNet" - terminationGracePeriodSeconds: 60 + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.server.timeout | default "60" }} initContainers: {{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{- if and .Values.network.host_namespace .Values.network.vip.manage }} + - name: ingress-vip-kernel-modules + image: {{ .Values.images.tags.ingress }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + capabilities: + add: + - SYS_MODULE + runAsUser: 0 + command: + - /tmp/ingress-vip.sh + - kernel_modules + volumeMounts: + - name: ingress-bin + mountPath: /tmp/ingress-vip.sh + subPath: ingress-vip.sh + readOnly: true + - name: host-rootfs + mountPath: /mnt/host-rootfs + readOnly: true + - name: ingress-vip-init + image: {{ .Values.images.tags.ingress }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + capabilities: + add: + - NET_ADMIN + runAsUser: 0 + env: +{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.vip | indent 12 }} + command: + - /tmp/ingress-vip.sh + - start + volumeMounts: + - name: ingress-bin + mountPath: /tmp/ingress-vip.sh + subPath: ingress-vip.sh + readOnly: true +{{- end }} containers: - - name: ingress-api + - name: ingress image: {{ .Values.images.tags.ingress }} imagePullPolicy: {{ .Values.images.pull_policy }} {{ tuple $envAll $envAll.Values.pod.resources.ingress | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} @@ -203,21 +246,72 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: PORT_HTTP + value: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} + - name: PORT_HTTPS + value: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} + - name: RELEASE_NAME + value: {{ .Release.Name | quote }} + - name: ERROR_PAGE_SERVICE + value: {{ tuple "ingress" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote }} +{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.conf.controller | indent 12 }} ports: - - containerPort: 80 - hostPort: 80 - - containerPort: 443 - hostPort: 443 + - containerPort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- if .Values.network.host_namespace }} + hostPort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- end }} + - containerPort: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- if .Values.network.host_namespace }} + hostPort: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- end }} command: - /tmp/ingress-controller.sh + - start + lifecycle: + preStop: + exec: + command: + - /tmp/ingress-controller.sh + - stop volumeMounts: - name: ingress-bin mountPath: /tmp/ingress-controller.sh subPath: ingress-controller.sh readOnly: true - volumes: - - name: ingress-bin - configMap: - name: ingress-bin - defaultMode: 0555 +{{- if and .Values.network.host_namespace .Values.network.vip.manage }} + - name: ingress-vip + image: {{ .Values.images.tags.ingress }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + capabilities: + add: + - NET_ADMIN + runAsUser: 0 + env: +{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.vip | indent 12 }} + command: + - /tmp/ingress-vip.sh + - sleep + lifecycle: + preStop: + exec: + command: + - /tmp/ingress-vip.sh + - stop + volumeMounts: + - name: ingress-bin + mountPath: /tmp/ingress-vip.sh + subPath: ingress-vip.sh + readOnly: true +{{- end }} + volumes: + - name: ingress-bin + configMap: + name: ingress-bin + defaultMode: 0555 + {{- if and .Values.network.host_namespace .Values.network.vip.manage }} + - name: host-rootfs + hostPath: + path: / + {{- end }} {{- end }} diff --git a/ingress/templates/endpoints-ingress.yaml b/ingress/templates/endpoints-ingress.yaml new file mode 100644 index 00000000..92977e13 --- /dev/null +++ b/ingress/templates/endpoints-ingress.yaml @@ -0,0 +1,53 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.endpoints_ingress }} +{{- $envAll := . }} +{{- if and .Values.network.host_namespace .Values.network.vip.manage -}} +--- +apiVersion: "v1" +kind: "Endpoints" +metadata: + labels: +{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + endpoint: vip + name: {{ tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +subsets: + - addresses: + - ip: {{ ( .Values.network.vip.addr | split "/" )._0 | quote }} + ports: + - port: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + protocol: TCP + name: http + - port: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + protocol: TCP + name: https + {{- if not (empty $envAll.Values.conf.services.tcp) }} + {{range $key, $value := $envAll.Values.conf.services.tcp -}} + - port: {{ $key }} + protocol: TCP + name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }} + {{ end -}} + {{- end }} + {{- if not (empty $envAll.Values.conf.services.udp) }} + {{range $key, $value := $envAll.Values.conf.services.udp -}} + - port: {{ $key }} + protocol: UDP + name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }} + {{ end -}} + {{- end }} +{{- end }} +{{- end }} diff --git a/ingress/templates/ingress.yaml b/ingress/templates/ingress.yaml new file mode 100644 index 00000000..0882d5bc --- /dev/null +++ b/ingress/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.ingress }} +{{- $envAll := . }} +{{- if eq .Values.deployment.mode "namespace" }} +{{- if empty (index .Values.network.ingress.annotations "kubernetes.io/ingress.class") -}} +{{- set .Values.network.ingress.annotations "kubernetes.io/ingress.class" .Values.deployment.cluster.class | quote | trunc 0 -}} +{{- end -}} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ .Release.Namespace }}-{{ .Release.Name }} + annotations: +{{ toYaml .Values.network.ingress.annotations | indent 4 }} +spec: + rules: + - host: {{ printf "%s.%s.svc.%s" "*" .Release.Namespace .Values.endpoints.cluster_domain_suffix | quote }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- end }} +{{- end }} diff --git a/ingress/templates/service-error.yaml b/ingress/templates/service-error.yaml index a816288c..b17d4d2e 100644 --- a/ingress/templates/service-error.yaml +++ b/ingress/templates/service-error.yaml @@ -22,7 +22,7 @@ kind: Service metadata: labels: {{ tuple $envAll "ingress" "error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} - name: ingress-error-pages + name: {{ tuple "ingress" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: clusterIP: None ports: diff --git a/ingress/templates/service-ingress.yaml b/ingress/templates/service-ingress.yaml index c711741c..ca9af8ce 100644 --- a/ingress/templates/service-ingress.yaml +++ b/ingress/templates/service-ingress.yaml @@ -21,18 +21,42 @@ apiVersion: v1 kind: Service metadata: labels: - app: ingress-api - name: {{ .Values.endpoints.ingress.host }} +{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- if and .Values.network.host_namespace .Values.network.vip.manage }} + endpoint: vip +{{- end }} + name: {{ tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: +{{- if and .Values.network.host_namespace .Values.network.vip.manage }} + clusterIP: None +{{- end }} ports: - name: http - port: {{ .Values.endpoints.ingress.port.http }} + port: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} protocol: TCP - targetPort: 80 + targetPort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - name: https - port: {{ .Values.endpoints.ingress.port.https }} + port: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} protocol: TCP - targetPort: 443 + targetPort: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- if not (empty $envAll.Values.conf.services.tcp) }} + {{range $key, $value := $envAll.Values.conf.services.tcp -}} + - name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }} + port: {{ $key }} + protocol: TCP + targetPort: {{ $key }} + {{ end -}} + {{- end }} + {{- if not (empty $envAll.Values.conf.services.udp) }} + {{range $key, $value := $envAll.Values.conf.services.udp -}} + - name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }} + port: {{ $key }} + protocol: UDP + targetPort: {{ $key }} + {{ end -}} + {{- end }} +{{- if not (and .Values.network.host_namespace .Values.network.vip.manage) }} selector: - app: ingress-api +{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- end }} {{- end }} diff --git a/ingress/values.yaml b/ingress/values.yaml index 0d89af64..50e25903 100644 --- a/ingress/values.yaml +++ b/ingress/values.yaml @@ -17,6 +17,12 @@ # Declare name/value pairs to be passed into your templates. # name: value +deployment: + mode: namespace + type: Deployment + cluster: + class: "nginx-cluster" + images: tags: entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 @@ -44,6 +50,11 @@ pod: rolling_update: max_unavailable: 1 max_surge: 3 + termination_grace_period: + server: + timeout: 60 + error_pages: + timeout: 60 resources: enabled: false ingress: @@ -66,7 +77,18 @@ labels: node_selector_value: enabled network: - host_namespace: true + host_namespace: false + vip: + manage: false + interface: ingress-vip + addr: 172.18.0.1/32 + ingress: + annotations: + #NOTE(portdirect): if left blank this is populated from + # .deployment.cluster.class + kubernetes.io/ingress.class: null + nginx.ingress.kubernetes.io/proxy-body-size: "0" + external_policy_local: false dependencies: error_pages: @@ -75,21 +97,35 @@ dependencies: jobs: null endpoints: + cluster_domain_suffix: cluster.local ingress: - host: openstack + hosts: + default: ingress + error_pages: ingress-error-pages + host_fqdn_override: + default: null port: - http: 80 - https: 443 + http: + default: 80 + https: + default: 443 -deployment_type: DaemonSet - -config: +conf: controller: + #NOTE(portdirect): if left blank this is populated from + # .deployment.cluster.class in cluster mode, or set to + # "nginx" in namespace mode + INGRESS_CLASS: null + ingress: enable-underscores-in-headers: "true" + #NOTE(portdirect): if left blank this is populated from + # .network.vip.addr when running in host networking + # and .network.vip.manage=true, otherwise it is left as + # an empty string (the default). + bind-address: null services: tcp: null - udp: - 53: "kube-system/kube-dns:53" + udp: null manifests: configmap_bin: true @@ -98,5 +134,7 @@ manifests: configmap_services_udp: true deployment_error: true deployment_ingress: true + endpoints_ingress: true + ingress: true service_error: true service_ingress: true diff --git a/tools/deployment/common/ingress.sh b/tools/deployment/common/ingress.sh deleted file mode 100755 index 426cb030..00000000 --- a/tools/deployment/common/ingress.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -set -xe - -#NOTE: Deploy command -helm install ./ingress \ - --namespace=openstack \ - --name=ingress - -#NOTE: Wait for deploy -./tools/deployment/common/wait-for-pods.sh openstack - -#NOTE: Display info -helm status ingress diff --git a/tools/deployment/developer/03-ingress.sh b/tools/deployment/developer/03-ingress.sh deleted file mode 120000 index 47bb302d..00000000 --- a/tools/deployment/developer/03-ingress.sh +++ /dev/null @@ -1 +0,0 @@ -../common/ingress.sh \ No newline at end of file diff --git a/tools/deployment/developer/03-ingress.sh b/tools/deployment/developer/03-ingress.sh new file mode 100755 index 00000000..34f17f7a --- /dev/null +++ b/tools/deployment/developer/03-ingress.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +#NOTE: Pull images and lint chart +make pull-images ingress + +#NOTE: Deploy global ingress +helm install ./ingress \ + --namespace=kube-system \ + --name=ingress-kube-system \ + --set deployment.mode=cluster \ + --set deployment.type=DaemonSet \ + --set network.host_namespace=true \ + --set network.vip.manage=true \ + --set network.vip.addr=172.18.0.1/32 \ + --set conf.services.udp.53='kube-system/kube-dns:53' + +#NOTE: Deploy namespace ingress +helm install ./ingress \ + --namespace=openstack \ + --name=ingress-openstack + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh kube-system +./tools/deployment/common/wait-for-pods.sh openstack + +#NOTE: Display info +helm status ingress-kube-system +helm status ingress-openstack diff --git a/tools/deployment/multinode/020-ingress.sh b/tools/deployment/multinode/020-ingress.sh deleted file mode 120000 index 47bb302d..00000000 --- a/tools/deployment/multinode/020-ingress.sh +++ /dev/null @@ -1 +0,0 @@ -../common/ingress.sh \ No newline at end of file diff --git a/tools/deployment/multinode/020-ingress.sh b/tools/deployment/multinode/020-ingress.sh new file mode 100755 index 00000000..3058f6e1 --- /dev/null +++ b/tools/deployment/multinode/020-ingress.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +#NOTE: Deploy global ingress +helm install ./ingress \ + --namespace=kube-system \ + --name=ingress-kube-system \ + --set pod.replicas.error_page=2 \ + --set deployment.mode=cluster \ + --set deployment.type=DaemonSet \ + --set network.host_namespace=true \ + --set conf.services.udp.53='kube-system/kube-dns:53' + +#NOTE: Deploy namespace ingress +helm install ./ingress \ + --namespace=openstack \ + --name=ingress-openstack \ + --set pod.replicas.ingress=2 \ + --set pod.replicas.error_page=2 + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh kube-system +./tools/deployment/common/wait-for-pods.sh openstack + +#NOTE: Display info +helm status ingress-kube-system +helm status ingress-openstack