openstack/openstack-helm
Code Issues Proposed changes

Merge "Ingress: Move to namespaced ingress controllers and edge VIP"

Browse Source
This commit is contained in:
Zuul 2018-01-15 16:49:28 +00:00 committed by Gerrit Code Review
commit c59d44d7e6
18 changed files with 520 additions and 90 deletions

27
helm-toolkit/templates/utils/_to_k8s_env_vars.tpl Normal file

@ -0,0 +1,27 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "helm-toolkit.utils.to_k8s_env_vars" -}}
{{range $key, $value := . -}}
{{- if kindIs "slice" $value -}}
- name: {{ $key }}
value: {{ include "helm-toolkit.utils.joinListWithComma" $value | quote }}
{{else -}}
- name: {{ $key }}
value: {{ $value | quote }}
{{ end -}}
{{- end -}}
{{- end -}}

31
ingress/templates/bin/_ingress-controller.sh.tpl

@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
@ -17,9 +17,26 @@ limitations under the License.
*/}}
set -ex
exec /usr/bin/dumb-init \
/nginx-ingress-controller \
--default-backend-service=${POD_NAMESPACE}/ingress-error-pages \
--configmap=${POD_NAMESPACE}/ingress-conf \
--tcp-services-configmap=${POD_NAMESPACE}/ingress-services-tcp \
--udp-services-configmap=${POD_NAMESPACE}/ingress-services-udp
COMMAND="${@:-start}"
function start () {
exec /usr/bin/dumb-init \
/nginx-ingress-controller \
{{- if eq .Values.deployment.mode "namespace" }}
--watch-namespace ${POD_NAMESPACE} \
{{- end }}
--http-port=${PORT_HTTP} \
--https-port=${PORT_HTTPS} \
--election-id=${RELEASE_NAME} \
--ingress-class=${INGRESS_CLASS} \
--default-backend-service=${POD_NAMESPACE}/${ERROR_PAGE_SERVICE} \
--configmap=${POD_NAMESPACE}/ingress-conf \
--tcp-services-configmap=${POD_NAMESPACE}/ingress-services-tcp \
--udp-services-configmap=${POD_NAMESPACE}/ingress-services-udp
}
function stop () {
kill -TERM 1
}
$COMMAND

8
ingress/templates/bin/_ingress-error-pages.sh.tpl

@ -17,4 +17,10 @@ limitations under the License.
*/}}
set -ex
exec /server
COMMAND="${@:-start}"
if [ "x${COMMAND}" == "xstart" ]; then
exec /server
elif [ "x${COMMAND}" == "xstop" ]; then
kill -TERM 1
fi

57
ingress/templates/bin/_ingress-vip.sh.tpl Normal file

@ -0,0 +1,57 @@
#!/bin/bash
# Copyright 2018 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
COMMAND="${@:-start}"
function kernel_modules () {
chroot /mnt/host-rootfs modprobe dummy
}
function test_vip () {
ip addr show ${interface} | \
awk "/inet / && /${interface}/{print \$2 }" | \
awk -F '/' '{ print $1 }' | \
grep -q "${addr%/*}"
}
function start () {
ip link show ${interface} > /dev/null || ip link add ${interface} type dummy
if ! test_vip; then
ip addr add ${addr} dev ${interface}
fi
ip link set ${interface} up
}
function sleep () {
exec bash -c "while :; do sleep 2073600; done"
}
function stop () {
ip link show ${interface} > /dev/null || exit 0
if test_vip; then
ip addr del ${addr} dev ${interface}
fi
if [ "$(ip address show ${interface} | \
awk "/inet / && /${interface}/{print \$2 }" | \
wc -l)" -le "0" ]; then
ip link set ${interface} down
ip link del ${interface}
fi
}
$COMMAND

4
ingress/templates/configmap-bin.yaml

@ -22,6 +22,10 @@ kind: ConfigMap
metadata:
name: ingress-bin
data:
{{- if and .Values.network.host_namespace .Values.network.vip.manage }}
ingress-vip.sh: |
{{ tuple "bin/_ingress-vip.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}
ingress-controller.sh: |+
{{ tuple "bin/_ingress-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ingress-error-pages.sh: |+

9
ingress/templates/configmap-conf.yaml

@ -16,11 +16,18 @@ limitations under the License.
{{- if .Values.manifests.configmap_conf }}
{{- $envAll := . }}
{{- if and .Values.network.host_namespace .Values.network.vip.manage -}}
{{- if empty (index .Values.conf.ingress "bind-address") -}}
{{- set .Values.conf.ingress "bind-address" ( .Values.network.vip.addr | split "/" )._0 | quote | trunc 0 -}}
{{- end -}}
{{- end -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-conf
data:
{{ toYaml .Values.config.controller | indent 2 }}
{{ toYaml .Values.conf.ingress | indent 2 }}
{{- end }}

4
ingress/templates/configmap-services-tcp.yaml

@ -21,8 +21,8 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-services-tcp
{{- if not (empty $envAll.Values.config.services.tcp) }}
{{- if not (empty $envAll.Values.conf.services.tcp) }}
data:
{{ toYaml $envAll.Values.config.services.tcp | indent 2 }}
{{ toYaml $envAll.Values.conf.services.tcp | indent 2 }}
{{- end }}
{{- end }}

4
ingress/templates/configmap-services-udp.yaml

@ -21,8 +21,8 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-services-udp
{{- if not (empty $envAll.Values.config.services.udp) }}
{{- if not (empty $envAll.Values.conf.services.udp) }}
data:
{{ toYaml $envAll.Values.config.services.udp | indent 2 }}
{{ toYaml $envAll.Values.conf.services.udp | indent 2 }}
{{- end }}
{{- end }}

9
ingress/templates/deployment-error.yaml

@ -38,7 +38,7 @@ spec:
{{ tuple $envAll "ingress" "error-pages" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
terminationGracePeriodSeconds: 60
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.error_pages.timeout | default "60" }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
@ -57,6 +57,13 @@ spec:
- containerPort: 8080
command:
- /tmp/ingress-error-pages.sh
- start
lifecycle:
preStop:
exec:
command:
- /tmp/ingress-error-pages.sh
- stop
volumeMounts:
- name: ingress-bin
mountPath: /tmp/ingress-error-pages.sh

152
ingress/templates/deployment-ingress.yaml

@ -18,13 +18,21 @@ limitations under the License.
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ingress }}
{{- $serviceAccountName := "ingress-api"}}
{{- if empty .Values.conf.controller.INGRESS_CLASS -}}
{{- if eq .Values.deployment.mode "cluster" }}
{{- set .Values.conf.controller "INGRESS_CLASS" .Values.deployment.cluster.class | quote | trunc 0 -}}
{{- else if eq .Values.deployment.mode "namespace" }}
{{- set .Values.conf.controller "INGRESS_CLASS" "nginx" | quote | trunc 0 -}}
{{- end }}
{{- end -}}
{{- $serviceAccountName := printf "%s-%s" .Release.Name "ingress" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: nginx-ingress-clusterrole
name: {{ $serviceAccountName }}
rules:
- apiGroups:
- ""
@ -76,11 +84,11 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-clusterrole-nisa-binding
name: {{ $serviceAccountName }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-clusterrole
name: {{ $serviceAccountName }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
@ -89,7 +97,7 @@ subjects:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-role
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
rules:
- apiGroups:
@ -106,11 +114,7 @@ rules:
resources:
- configmaps
resourceNames:
# Defaults to "<election-id>-<ingress-class>"
# Here: "<ingress-controller-leader>-<nginx>"
# This has to be adapted if you change either parameter
# when launching the nginx-ingress-controller.
- "ingress-controller-leader-nginx"
- {{ printf "%s-%s" .Release.Name .Values.conf.controller.INGRESS_CLASS | quote }}
verbs:
- get
- update
@ -132,39 +136,39 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: nginx-ingress-role-nisa-binding
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-role
name: {{ $serviceAccountName }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
---
{{- if eq .Values.deployment_type "Deployment" }}
{{- if eq .Values.deployment.type "Deployment" }}
apiVersion: apps/v1beta1
kind: Deployment
{{- else if eq .Values.deployment_type "DaemonSet" }}
{{- else if eq .Values.deployment.type "DaemonSet" }}
apiVersion: extensions/v1beta1
kind: DaemonSet
{{- end }}
metadata:
name: ingress-api
name: ingress
spec:
{{- if eq .Values.deployment_type "Deployment" }}
{{- if eq .Values.deployment.type "Deployment" }}
replicas: {{ .Values.pod.replicas.ingress }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
{{- end }}
template:
metadata:
labels:
{{ tuple $envAll "ingress" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
app: ingress-api
spec:
serviceAccountName: {{ $serviceAccountName }}
{{- if eq .Values.deployment_type "Deployment" }}
{{- if eq .Values.deployment.type "Deployment" }}
affinity:
{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
{{- end }}
@ -174,11 +178,50 @@ spec:
hostNetwork: true
{{- end }}
dnsPolicy: "ClusterFirstWithHostNet"
terminationGracePeriodSeconds: 60
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.server.timeout | default "60" }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{- if and .Values.network.host_namespace .Values.network.vip.manage }}
- name: ingress-vip-kernel-modules
image: {{ .Values.images.tags.ingress }}
imagePullPolicy: {{ .Values.images.pull_policy }}
securityContext:
capabilities:
add:
- SYS_MODULE
runAsUser: 0
command:
- /tmp/ingress-vip.sh
- kernel_modules
volumeMounts:
- name: ingress-bin
mountPath: /tmp/ingress-vip.sh
subPath: ingress-vip.sh
readOnly: true
- name: host-rootfs
mountPath: /mnt/host-rootfs
readOnly: true
- name: ingress-vip-init
image: {{ .Values.images.tags.ingress }}
imagePullPolicy: {{ .Values.images.pull_policy }}
securityContext:
capabilities:
add:
- NET_ADMIN
runAsUser: 0
env:
{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.vip | indent 12 }}
command:
- /tmp/ingress-vip.sh
- start
volumeMounts:
- name: ingress-bin
mountPath: /tmp/ingress-vip.sh
subPath: ingress-vip.sh
readOnly: true
{{- end }}
containers:
- name: ingress-api
- name: ingress
image: {{ .Values.images.tags.ingress }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.ingress | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
@ -203,21 +246,72 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: PORT_HTTP
value: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: PORT_HTTPS
value: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: RELEASE_NAME
value: {{ .Release.Name | quote }}
- name: ERROR_PAGE_SERVICE
value: {{ tuple "ingress" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote }}
{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.conf.controller | indent 12 }}
ports:
- containerPort: 80
hostPort: 80
- containerPort: 443
hostPort: 443
- containerPort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.host_namespace }}
hostPort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
- containerPort: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.host_namespace }}
hostPort: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
command:
- /tmp/ingress-controller.sh
- start
lifecycle:
preStop:
exec:
command:
- /tmp/ingress-controller.sh
- stop
volumeMounts:
- name: ingress-bin
mountPath: /tmp/ingress-controller.sh
subPath: ingress-controller.sh
readOnly: true
volumes:
- name: ingress-bin
configMap:
name: ingress-bin
defaultMode: 0555
{{- if and .Values.network.host_namespace .Values.network.vip.manage }}
- name: ingress-vip
image: {{ .Values.images.tags.ingress }}
imagePullPolicy: {{ .Values.images.pull_policy }}
securityContext:
capabilities:
add:
- NET_ADMIN
runAsUser: 0
env:
{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.vip | indent 12 }}
command:
- /tmp/ingress-vip.sh
- sleep
lifecycle:
preStop:
exec:
command:
- /tmp/ingress-vip.sh
- stop
volumeMounts:
- name: ingress-bin
mountPath: /tmp/ingress-vip.sh
subPath: ingress-vip.sh
readOnly: true
{{- end }}
volumes:
- name: ingress-bin
configMap:
name: ingress-bin
defaultMode: 0555
{{- if and .Values.network.host_namespace .Values.network.vip.manage }}
- name: host-rootfs
hostPath:
path: /
{{- end }}
{{- end }}

53
ingress/templates/endpoints-ingress.yaml Normal file

@ -0,0 +1,53 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.endpoints_ingress }}
{{- $envAll := . }}
{{- if and .Values.network.host_namespace .Values.network.vip.manage -}}
---
apiVersion: "v1"
kind: "Endpoints"
metadata:
labels:
{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
endpoint: vip
name: {{ tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
subsets:
- addresses:
- ip: {{ ( .Values.network.vip.addr | split "/" )._0 | quote }}
ports:
- port: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
protocol: TCP
name: http
- port: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
protocol: TCP
name: https
{{- if not (empty $envAll.Values.conf.services.tcp) }}
{{range $key, $value := $envAll.Values.conf.services.tcp -}}
- port: {{ $key }}
protocol: TCP
name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }}
{{ end -}}
{{- end }}
{{- if not (empty $envAll.Values.conf.services.udp) }}
{{range $key, $value := $envAll.Values.conf.services.udp -}}
- port: {{ $key }}
protocol: UDP
name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }}
{{ end -}}
{{- end }}
{{- end }}
{{- end }}

40
ingress/templates/ingress.yaml Normal file

@ -0,0 +1,40 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.ingress }}
{{- $envAll := . }}
{{- if eq .Values.deployment.mode "namespace" }}
{{- if empty (index .Values.network.ingress.annotations "kubernetes.io/ingress.class") -}}
{{- set .Values.network.ingress.annotations "kubernetes.io/ingress.class" .Values.deployment.cluster.class | quote | trunc 0 -}}
{{- end -}}
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ .Release.Namespace }}-{{ .Release.Name }}
annotations:
{{ toYaml .Values.network.ingress.annotations | indent 4 }}
spec:
rules:
- host: {{ printf "%s.%s.svc.%s" "*" .Release.Namespace .Values.endpoints.cluster_domain_suffix | quote }}
http:
paths:
- path: /
backend:
serviceName: {{ tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
servicePort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
{{- end }}

2
ingress/templates/service-error.yaml

@ -22,7 +22,7 @@ kind: Service
metadata:
labels:
{{ tuple $envAll "ingress" "error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
name: ingress-error-pages
name: {{ tuple "ingress" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
clusterIP: None
ports:

38
ingress/templates/service-ingress.yaml

@ -21,18 +21,42 @@ apiVersion: v1
kind: Service
metadata:
labels:
app: ingress-api
name: {{ .Values.endpoints.ingress.host }}
{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- if and .Values.network.host_namespace .Values.network.vip.manage }}
endpoint: vip
{{- end }}
name: {{ tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
{{- if and .Values.network.host_namespace .Values.network.vip.manage }}
clusterIP: None
{{- end }}
ports:
- name: http
port: {{ .Values.endpoints.ingress.port.http }}
port: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
protocol: TCP
targetPort: 80
targetPort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: https
port: {{ .Values.endpoints.ingress.port.https }}
port: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
protocol: TCP
targetPort: 443
targetPort: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if not (empty $envAll.Values.conf.services.tcp) }}
{{range $key, $value := $envAll.Values.conf.services.tcp -}}
- name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }}
port: {{ $key }}
protocol: TCP
targetPort: {{ $key }}
{{ end -}}
{{- end }}
{{- if not (empty $envAll.Values.conf.services.udp) }}
{{range $key, $value := $envAll.Values.conf.services.udp -}}
- name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }}
port: {{ $key }}
protocol: UDP
targetPort: {{ $key }}
{{ end -}}
{{- end }}
{{- if not (and .Values.network.host_namespace .Values.network.vip.manage) }}
selector:
app: ingress-api
{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- end }}
{{- end }}

56
ingress/values.yaml

@ -17,6 +17,12 @@
# Declare name/value pairs to be passed into your templates.
# name: value
deployment:
mode: namespace
type: Deployment
cluster:
class: "nginx-cluster"
images:
tags:
entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
@ -44,6 +50,11 @@ pod:
rolling_update:
max_unavailable: 1
max_surge: 3
termination_grace_period:
server:
timeout: 60
error_pages:
timeout: 60
resources:
enabled: false
ingress:
@ -66,7 +77,18 @@ labels:
node_selector_value: enabled
network:
host_namespace: true
host_namespace: false
vip:
manage: false
interface: ingress-vip
addr: 172.18.0.1/32
ingress:
annotations:
#NOTE(portdirect): if left blank this is populated from
# .deployment.cluster.class
kubernetes.io/ingress.class: null
nginx.ingress.kubernetes.io/proxy-body-size: "0"
external_policy_local: false
dependencies:
error_pages:
@ -75,21 +97,35 @@ dependencies:
jobs: null
endpoints:
cluster_domain_suffix: cluster.local
ingress:
host: openstack
hosts:
default: ingress
error_pages: ingress-error-pages
host_fqdn_override:
default: null
port:
http: 80
https: 443
http:
default: 80
https:
default: 443
deployment_type: DaemonSet
config:
conf:
controller:
#NOTE(portdirect): if left blank this is populated from
# .deployment.cluster.class in cluster mode, or set to
# "nginx" in namespace mode
INGRESS_CLASS: null
ingress:
enable-underscores-in-headers: "true"
#NOTE(portdirect): if left blank this is populated from
# .network.vip.addr when running in host networking
# and .network.vip.manage=true, otherwise it is left as
# an empty string (the default).
bind-address: null
services:
tcp: null
udp:
53: "kube-system/kube-dns:53"
udp: null
manifests:
configmap_bin: true
@ -98,5 +134,7 @@ manifests:
configmap_services_udp: true
deployment_error: true
deployment_ingress: true
endpoints_ingress: true
ingress: true
service_error: true
service_ingress: true

28
tools/deployment/common/ingress.sh

@ -1,28 +0,0 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Deploy command
helm install ./ingress \
--namespace=openstack \
--name=ingress
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack
#NOTE: Display info
helm status ingress

1
tools/deployment/developer/03-ingress.sh

@ -1 +0,0 @@
../common/ingress.sh

44
tools/deployment/developer/03-ingress.sh Executable file

@ -0,0 +1,44 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Pull images and lint chart
make pull-images ingress
#NOTE: Deploy global ingress
helm install ./ingress \
--namespace=kube-system \
--name=ingress-kube-system \
--set deployment.mode=cluster \
--set deployment.type=DaemonSet \
--set network.host_namespace=true \
--set network.vip.manage=true \
--set network.vip.addr=172.18.0.1/32 \
--set conf.services.udp.53='kube-system/kube-dns:53'
#NOTE: Deploy namespace ingress
helm install ./ingress \
--namespace=openstack \
--name=ingress-openstack
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
./tools/deployment/common/wait-for-pods.sh openstack
#NOTE: Display info
helm status ingress-kube-system
helm status ingress-openstack

1
tools/deployment/multinode/020-ingress.sh

@ -1 +0,0 @@
../common/ingress.sh

42
tools/deployment/multinode/020-ingress.sh Executable file

@ -0,0 +1,42 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Deploy global ingress
helm install ./ingress \
--namespace=kube-system \
--name=ingress-kube-system \
--set pod.replicas.error_page=2 \
--set deployment.mode=cluster \
--set deployment.type=DaemonSet \
--set network.host_namespace=true \
--set conf.services.udp.53='kube-system/kube-dns:53'
#NOTE: Deploy namespace ingress
helm install ./ingress \
--namespace=openstack \
--name=ingress-openstack \
--set pod.replicas.ingress=2 \
--set pod.replicas.error_page=2
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
./tools/deployment/common/wait-for-pods.sh openstack
#NOTE: Display info
helm status ingress-kube-system
helm status ingress-openstack