From 35dfb998f4d3e2426aead036a9d06559f7247a5b Mon Sep 17 00:00:00 2001 From: portdirect Date: Fri, 12 Jan 2018 13:58:40 -0500 Subject: [PATCH] Ingress: Move to namespaced ingress controllers and edge VIP This PS moves to namespace specific ingress controllers, and a cluster wide ingress controller that acts as the external front door to the cluster. The cluster ingress controller will also be able to create a dummy interface that can be announced via the OpenStack-Helm-Infra Calico chart. The ability to exercise the edge VIP feature is currently only demonstrated in the single node gate and guide, as it requires additional configuration, or hardware to set up the routes in a multinode env. Change-Id: I8b823b93465f2e90aaabcca9ec9b783d34539e07 --- .../templates/utils/_to_k8s_env_vars.tpl | 27 ++++ .../templates/bin/_ingress-controller.sh.tpl | 31 +++- .../templates/bin/_ingress-error-pages.sh.tpl | 8 +- ingress/templates/bin/_ingress-vip.sh.tpl | 57 +++++++ ingress/templates/configmap-bin.yaml | 4 + ingress/templates/configmap-conf.yaml | 9 +- ingress/templates/configmap-services-tcp.yaml | 4 +- ingress/templates/configmap-services-udp.yaml | 4 +- ingress/templates/deployment-error.yaml | 9 +- ingress/templates/deployment-ingress.yaml | 152 ++++++++++++++---- ingress/templates/endpoints-ingress.yaml | 53 ++++++ ingress/templates/ingress.yaml | 40 +++++ ingress/templates/service-error.yaml | 2 +- ingress/templates/service-ingress.yaml | 38 ++++- ingress/values.yaml | 56 +++++-- tools/deployment/common/ingress.sh | 28 ---- tools/deployment/developer/03-ingress.sh | 45 +++++- tools/deployment/multinode/020-ingress.sh | 43 ++++- 18 files changed, 520 insertions(+), 90 deletions(-) create mode 100644 helm-toolkit/templates/utils/_to_k8s_env_vars.tpl create mode 100644 ingress/templates/bin/_ingress-vip.sh.tpl create mode 100644 ingress/templates/endpoints-ingress.yaml create mode 100644 ingress/templates/ingress.yaml delete mode 100755 tools/deployment/common/ingress.sh mode change 120000 => 100755 tools/deployment/developer/03-ingress.sh mode change 120000 => 100755 tools/deployment/multinode/020-ingress.sh diff --git a/helm-toolkit/templates/utils/_to_k8s_env_vars.tpl b/helm-toolkit/templates/utils/_to_k8s_env_vars.tpl new file mode 100644 index 0000000000..5fe11114d6 --- /dev/null +++ b/helm-toolkit/templates/utils/_to_k8s_env_vars.tpl @@ -0,0 +1,27 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.utils.to_k8s_env_vars" -}} +{{range $key, $value := . -}} +{{- if kindIs "slice" $value -}} +- name: {{ $key }} + value: {{ include "helm-toolkit.utils.joinListWithComma" $value | quote }} +{{else -}} +- name: {{ $key }} + value: {{ $value | quote }} +{{ end -}} +{{- end -}} +{{- end -}} diff --git a/ingress/templates/bin/_ingress-controller.sh.tpl b/ingress/templates/bin/_ingress-controller.sh.tpl index c2e142bf81..6514ae59ca 100644 --- a/ingress/templates/bin/_ingress-controller.sh.tpl +++ b/ingress/templates/bin/_ingress-controller.sh.tpl @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash {{/* Copyright 2017 The Openstack-Helm Authors. @@ -17,9 +17,26 @@ limitations under the License. */}} set -ex -exec /usr/bin/dumb-init \ - /nginx-ingress-controller \ - --default-backend-service=${POD_NAMESPACE}/ingress-error-pages \ - --configmap=${POD_NAMESPACE}/ingress-conf \ - --tcp-services-configmap=${POD_NAMESPACE}/ingress-services-tcp \ - --udp-services-configmap=${POD_NAMESPACE}/ingress-services-udp +COMMAND="${@:-start}" + +function start () { + exec /usr/bin/dumb-init \ + /nginx-ingress-controller \ + {{- if eq .Values.deployment.mode "namespace" }} + --watch-namespace ${POD_NAMESPACE} \ + {{- end }} + --http-port=${PORT_HTTP} \ + --https-port=${PORT_HTTPS} \ + --election-id=${RELEASE_NAME} \ + --ingress-class=${INGRESS_CLASS} \ + --default-backend-service=${POD_NAMESPACE}/${ERROR_PAGE_SERVICE} \ + --configmap=${POD_NAMESPACE}/ingress-conf \ + --tcp-services-configmap=${POD_NAMESPACE}/ingress-services-tcp \ + --udp-services-configmap=${POD_NAMESPACE}/ingress-services-udp +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/ingress/templates/bin/_ingress-error-pages.sh.tpl b/ingress/templates/bin/_ingress-error-pages.sh.tpl index 240fb18a88..cf62c33f48 100644 --- a/ingress/templates/bin/_ingress-error-pages.sh.tpl +++ b/ingress/templates/bin/_ingress-error-pages.sh.tpl @@ -17,4 +17,10 @@ limitations under the License. */}} set -ex -exec /server +COMMAND="${@:-start}" + +if [ "x${COMMAND}" == "xstart" ]; then + exec /server +elif [ "x${COMMAND}" == "xstop" ]; then + kill -TERM 1 +fi diff --git a/ingress/templates/bin/_ingress-vip.sh.tpl b/ingress/templates/bin/_ingress-vip.sh.tpl new file mode 100644 index 0000000000..3df0053ef6 --- /dev/null +++ b/ingress/templates/bin/_ingress-vip.sh.tpl @@ -0,0 +1,57 @@ +#!/bin/bash + +# Copyright 2018 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +COMMAND="${@:-start}" + +function kernel_modules () { + chroot /mnt/host-rootfs modprobe dummy +} + +function test_vip () { + ip addr show ${interface} | \ + awk "/inet / && /${interface}/{print \$2 }" | \ + awk -F '/' '{ print $1 }' | \ + grep -q "${addr%/*}" +} + +function start () { + ip link show ${interface} > /dev/null || ip link add ${interface} type dummy + if ! test_vip; then + ip addr add ${addr} dev ${interface} + fi + ip link set ${interface} up +} + +function sleep () { + exec bash -c "while :; do sleep 2073600; done" +} + +function stop () { + ip link show ${interface} > /dev/null || exit 0 + if test_vip; then + ip addr del ${addr} dev ${interface} + fi + if [ "$(ip address show ${interface} | \ + awk "/inet / && /${interface}/{print \$2 }" | \ + wc -l)" -le "0" ]; then + ip link set ${interface} down + ip link del ${interface} + fi +} + +$COMMAND diff --git a/ingress/templates/configmap-bin.yaml b/ingress/templates/configmap-bin.yaml index 79508a4ee6..ff08e5ded8 100644 --- a/ingress/templates/configmap-bin.yaml +++ b/ingress/templates/configmap-bin.yaml @@ -22,6 +22,10 @@ kind: ConfigMap metadata: name: ingress-bin data: +{{- if and .Values.network.host_namespace .Values.network.vip.manage }} + ingress-vip.sh: | +{{ tuple "bin/_ingress-vip.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} ingress-controller.sh: |+ {{ tuple "bin/_ingress-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} ingress-error-pages.sh: |+ diff --git a/ingress/templates/configmap-conf.yaml b/ingress/templates/configmap-conf.yaml index 711aeae4af..cedfcd2b89 100644 --- a/ingress/templates/configmap-conf.yaml +++ b/ingress/templates/configmap-conf.yaml @@ -16,11 +16,18 @@ limitations under the License. {{- if .Values.manifests.configmap_conf }} {{- $envAll := . }} + +{{- if and .Values.network.host_namespace .Values.network.vip.manage -}} +{{- if empty (index .Values.conf.ingress "bind-address") -}} +{{- set .Values.conf.ingress "bind-address" ( .Values.network.vip.addr | split "/" )._0 | quote | trunc 0 -}} +{{- end -}} +{{- end -}} + --- apiVersion: v1 kind: ConfigMap metadata: name: ingress-conf data: -{{ toYaml .Values.config.controller | indent 2 }} +{{ toYaml .Values.conf.ingress | indent 2 }} {{- end }} diff --git a/ingress/templates/configmap-services-tcp.yaml b/ingress/templates/configmap-services-tcp.yaml index e39faee96a..4454702f96 100644 --- a/ingress/templates/configmap-services-tcp.yaml +++ b/ingress/templates/configmap-services-tcp.yaml @@ -21,8 +21,8 @@ apiVersion: v1 kind: ConfigMap metadata: name: ingress-services-tcp -{{- if not (empty $envAll.Values.config.services.tcp) }} +{{- if not (empty $envAll.Values.conf.services.tcp) }} data: -{{ toYaml $envAll.Values.config.services.tcp | indent 2 }} +{{ toYaml $envAll.Values.conf.services.tcp | indent 2 }} {{- end }} {{- end }} diff --git a/ingress/templates/configmap-services-udp.yaml b/ingress/templates/configmap-services-udp.yaml index 9090b91878..402010560d 100644 --- a/ingress/templates/configmap-services-udp.yaml +++ b/ingress/templates/configmap-services-udp.yaml @@ -21,8 +21,8 @@ apiVersion: v1 kind: ConfigMap metadata: name: ingress-services-udp -{{- if not (empty $envAll.Values.config.services.udp) }} +{{- if not (empty $envAll.Values.conf.services.udp) }} data: -{{ toYaml $envAll.Values.config.services.udp | indent 2 }} +{{ toYaml $envAll.Values.conf.services.udp | indent 2 }} {{- end }} {{- end }} diff --git a/ingress/templates/deployment-error.yaml b/ingress/templates/deployment-error.yaml index 560cb27125..c29e7f3f2c 100644 --- a/ingress/templates/deployment-error.yaml +++ b/ingress/templates/deployment-error.yaml @@ -38,7 +38,7 @@ spec: {{ tuple $envAll "ingress" "error-pages" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - terminationGracePeriodSeconds: 60 + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.error_pages.timeout | default "60" }} initContainers: {{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: @@ -57,6 +57,13 @@ spec: - containerPort: 8080 command: - /tmp/ingress-error-pages.sh + - start + lifecycle: + preStop: + exec: + command: + - /tmp/ingress-error-pages.sh + - stop volumeMounts: - name: ingress-bin mountPath: /tmp/ingress-error-pages.sh diff --git a/ingress/templates/deployment-ingress.yaml b/ingress/templates/deployment-ingress.yaml index c3d6f076a7..b72d43ea18 100644 --- a/ingress/templates/deployment-ingress.yaml +++ b/ingress/templates/deployment-ingress.yaml @@ -18,13 +18,21 @@ limitations under the License. {{- $envAll := . }} {{- $dependencies := .Values.dependencies.ingress }} -{{- $serviceAccountName := "ingress-api"}} +{{- if empty .Values.conf.controller.INGRESS_CLASS -}} +{{- if eq .Values.deployment.mode "cluster" }} +{{- set .Values.conf.controller "INGRESS_CLASS" .Values.deployment.cluster.class | quote | trunc 0 -}} +{{- else if eq .Values.deployment.mode "namespace" }} +{{- set .Values.conf.controller "INGRESS_CLASS" "nginx" | quote | trunc 0 -}} +{{- end }} +{{- end -}} + +{{- $serviceAccountName := printf "%s-%s" .Release.Name "ingress" }} {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: - name: nginx-ingress-clusterrole + name: {{ $serviceAccountName }} rules: - apiGroups: - "" @@ -76,11 +84,11 @@ rules: apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: - name: nginx-ingress-clusterrole-nisa-binding + name: {{ $serviceAccountName }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: nginx-ingress-clusterrole + name: {{ $serviceAccountName }} subjects: - kind: ServiceAccount name: {{ $serviceAccountName }} @@ -89,7 +97,7 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role metadata: - name: nginx-ingress-role + name: {{ $serviceAccountName }} namespace: {{ $envAll.Release.Namespace }} rules: - apiGroups: @@ -106,11 +114,7 @@ rules: resources: - configmaps resourceNames: - # Defaults to "-" - # Here: "-" - # This has to be adapted if you change either parameter - # when launching the nginx-ingress-controller. - - "ingress-controller-leader-nginx" + - {{ printf "%s-%s" .Release.Name .Values.conf.controller.INGRESS_CLASS | quote }} verbs: - get - update @@ -132,39 +136,39 @@ rules: apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: - name: nginx-ingress-role-nisa-binding + name: {{ $serviceAccountName }} namespace: {{ $envAll.Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: nginx-ingress-role + name: {{ $serviceAccountName }} subjects: - kind: ServiceAccount name: {{ $serviceAccountName }} namespace: {{ $envAll.Release.Namespace }} --- -{{- if eq .Values.deployment_type "Deployment" }} +{{- if eq .Values.deployment.type "Deployment" }} apiVersion: apps/v1beta1 kind: Deployment -{{- else if eq .Values.deployment_type "DaemonSet" }} +{{- else if eq .Values.deployment.type "DaemonSet" }} apiVersion: extensions/v1beta1 kind: DaemonSet {{- end }} metadata: - name: ingress-api + name: ingress spec: -{{- if eq .Values.deployment_type "Deployment" }} +{{- if eq .Values.deployment.type "Deployment" }} replicas: {{ .Values.pod.replicas.ingress }} {{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} {{- end }} template: metadata: labels: -{{ tuple $envAll "ingress" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} +{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} app: ingress-api spec: serviceAccountName: {{ $serviceAccountName }} -{{- if eq .Values.deployment_type "Deployment" }} +{{- if eq .Values.deployment.type "Deployment" }} affinity: {{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} {{- end }} @@ -174,11 +178,50 @@ spec: hostNetwork: true {{- end }} dnsPolicy: "ClusterFirstWithHostNet" - terminationGracePeriodSeconds: 60 + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.server.timeout | default "60" }} initContainers: {{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{- if and .Values.network.host_namespace .Values.network.vip.manage }} + - name: ingress-vip-kernel-modules + image: {{ .Values.images.tags.ingress }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + capabilities: + add: + - SYS_MODULE + runAsUser: 0 + command: + - /tmp/ingress-vip.sh + - kernel_modules + volumeMounts: + - name: ingress-bin + mountPath: /tmp/ingress-vip.sh + subPath: ingress-vip.sh + readOnly: true + - name: host-rootfs + mountPath: /mnt/host-rootfs + readOnly: true + - name: ingress-vip-init + image: {{ .Values.images.tags.ingress }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + capabilities: + add: + - NET_ADMIN + runAsUser: 0 + env: +{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.vip | indent 12 }} + command: + - /tmp/ingress-vip.sh + - start + volumeMounts: + - name: ingress-bin + mountPath: /tmp/ingress-vip.sh + subPath: ingress-vip.sh + readOnly: true +{{- end }} containers: - - name: ingress-api + - name: ingress image: {{ .Values.images.tags.ingress }} imagePullPolicy: {{ .Values.images.pull_policy }} {{ tuple $envAll $envAll.Values.pod.resources.ingress | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} @@ -203,21 +246,72 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: PORT_HTTP + value: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} + - name: PORT_HTTPS + value: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} + - name: RELEASE_NAME + value: {{ .Release.Name | quote }} + - name: ERROR_PAGE_SERVICE + value: {{ tuple "ingress" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote }} +{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.conf.controller | indent 12 }} ports: - - containerPort: 80 - hostPort: 80 - - containerPort: 443 - hostPort: 443 + - containerPort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- if .Values.network.host_namespace }} + hostPort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- end }} + - containerPort: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- if .Values.network.host_namespace }} + hostPort: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- end }} command: - /tmp/ingress-controller.sh + - start + lifecycle: + preStop: + exec: + command: + - /tmp/ingress-controller.sh + - stop volumeMounts: - name: ingress-bin mountPath: /tmp/ingress-controller.sh subPath: ingress-controller.sh readOnly: true - volumes: - - name: ingress-bin - configMap: - name: ingress-bin - defaultMode: 0555 +{{- if and .Values.network.host_namespace .Values.network.vip.manage }} + - name: ingress-vip + image: {{ .Values.images.tags.ingress }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + capabilities: + add: + - NET_ADMIN + runAsUser: 0 + env: +{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.vip | indent 12 }} + command: + - /tmp/ingress-vip.sh + - sleep + lifecycle: + preStop: + exec: + command: + - /tmp/ingress-vip.sh + - stop + volumeMounts: + - name: ingress-bin + mountPath: /tmp/ingress-vip.sh + subPath: ingress-vip.sh + readOnly: true +{{- end }} + volumes: + - name: ingress-bin + configMap: + name: ingress-bin + defaultMode: 0555 + {{- if and .Values.network.host_namespace .Values.network.vip.manage }} + - name: host-rootfs + hostPath: + path: / + {{- end }} {{- end }} diff --git a/ingress/templates/endpoints-ingress.yaml b/ingress/templates/endpoints-ingress.yaml new file mode 100644 index 0000000000..92977e13ec --- /dev/null +++ b/ingress/templates/endpoints-ingress.yaml @@ -0,0 +1,53 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.endpoints_ingress }} +{{- $envAll := . }} +{{- if and .Values.network.host_namespace .Values.network.vip.manage -}} +--- +apiVersion: "v1" +kind: "Endpoints" +metadata: + labels: +{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + endpoint: vip + name: {{ tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +subsets: + - addresses: + - ip: {{ ( .Values.network.vip.addr | split "/" )._0 | quote }} + ports: + - port: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + protocol: TCP + name: http + - port: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + protocol: TCP + name: https + {{- if not (empty $envAll.Values.conf.services.tcp) }} + {{range $key, $value := $envAll.Values.conf.services.tcp -}} + - port: {{ $key }} + protocol: TCP + name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }} + {{ end -}} + {{- end }} + {{- if not (empty $envAll.Values.conf.services.udp) }} + {{range $key, $value := $envAll.Values.conf.services.udp -}} + - port: {{ $key }} + protocol: UDP + name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }} + {{ end -}} + {{- end }} +{{- end }} +{{- end }} diff --git a/ingress/templates/ingress.yaml b/ingress/templates/ingress.yaml new file mode 100644 index 0000000000..0882d5bc7d --- /dev/null +++ b/ingress/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.ingress }} +{{- $envAll := . }} +{{- if eq .Values.deployment.mode "namespace" }} +{{- if empty (index .Values.network.ingress.annotations "kubernetes.io/ingress.class") -}} +{{- set .Values.network.ingress.annotations "kubernetes.io/ingress.class" .Values.deployment.cluster.class | quote | trunc 0 -}} +{{- end -}} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ .Release.Namespace }}-{{ .Release.Name }} + annotations: +{{ toYaml .Values.network.ingress.annotations | indent 4 }} +spec: + rules: + - host: {{ printf "%s.%s.svc.%s" "*" .Release.Namespace .Values.endpoints.cluster_domain_suffix | quote }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- end }} +{{- end }} diff --git a/ingress/templates/service-error.yaml b/ingress/templates/service-error.yaml index a816288cfa..b17d4d2ec3 100644 --- a/ingress/templates/service-error.yaml +++ b/ingress/templates/service-error.yaml @@ -22,7 +22,7 @@ kind: Service metadata: labels: {{ tuple $envAll "ingress" "error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} - name: ingress-error-pages + name: {{ tuple "ingress" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: clusterIP: None ports: diff --git a/ingress/templates/service-ingress.yaml b/ingress/templates/service-ingress.yaml index c711741c25..ca9af8ce21 100644 --- a/ingress/templates/service-ingress.yaml +++ b/ingress/templates/service-ingress.yaml @@ -21,18 +21,42 @@ apiVersion: v1 kind: Service metadata: labels: - app: ingress-api - name: {{ .Values.endpoints.ingress.host }} +{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- if and .Values.network.host_namespace .Values.network.vip.manage }} + endpoint: vip +{{- end }} + name: {{ tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: +{{- if and .Values.network.host_namespace .Values.network.vip.manage }} + clusterIP: None +{{- end }} ports: - name: http - port: {{ .Values.endpoints.ingress.port.http }} + port: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} protocol: TCP - targetPort: 80 + targetPort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - name: https - port: {{ .Values.endpoints.ingress.port.https }} + port: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} protocol: TCP - targetPort: 443 + targetPort: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{- if not (empty $envAll.Values.conf.services.tcp) }} + {{range $key, $value := $envAll.Values.conf.services.tcp -}} + - name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }} + port: {{ $key }} + protocol: TCP + targetPort: {{ $key }} + {{ end -}} + {{- end }} + {{- if not (empty $envAll.Values.conf.services.udp) }} + {{range $key, $value := $envAll.Values.conf.services.udp -}} + - name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }} + port: {{ $key }} + protocol: UDP + targetPort: {{ $key }} + {{ end -}} + {{- end }} +{{- if not (and .Values.network.host_namespace .Values.network.vip.manage) }} selector: - app: ingress-api +{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- end }} {{- end }} diff --git a/ingress/values.yaml b/ingress/values.yaml index 0d89af64b4..50e25903dd 100644 --- a/ingress/values.yaml +++ b/ingress/values.yaml @@ -17,6 +17,12 @@ # Declare name/value pairs to be passed into your templates. # name: value +deployment: + mode: namespace + type: Deployment + cluster: + class: "nginx-cluster" + images: tags: entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 @@ -44,6 +50,11 @@ pod: rolling_update: max_unavailable: 1 max_surge: 3 + termination_grace_period: + server: + timeout: 60 + error_pages: + timeout: 60 resources: enabled: false ingress: @@ -66,7 +77,18 @@ labels: node_selector_value: enabled network: - host_namespace: true + host_namespace: false + vip: + manage: false + interface: ingress-vip + addr: 172.18.0.1/32 + ingress: + annotations: + #NOTE(portdirect): if left blank this is populated from + # .deployment.cluster.class + kubernetes.io/ingress.class: null + nginx.ingress.kubernetes.io/proxy-body-size: "0" + external_policy_local: false dependencies: error_pages: @@ -75,21 +97,35 @@ dependencies: jobs: null endpoints: + cluster_domain_suffix: cluster.local ingress: - host: openstack + hosts: + default: ingress + error_pages: ingress-error-pages + host_fqdn_override: + default: null port: - http: 80 - https: 443 + http: + default: 80 + https: + default: 443 -deployment_type: DaemonSet - -config: +conf: controller: + #NOTE(portdirect): if left blank this is populated from + # .deployment.cluster.class in cluster mode, or set to + # "nginx" in namespace mode + INGRESS_CLASS: null + ingress: enable-underscores-in-headers: "true" + #NOTE(portdirect): if left blank this is populated from + # .network.vip.addr when running in host networking + # and .network.vip.manage=true, otherwise it is left as + # an empty string (the default). + bind-address: null services: tcp: null - udp: - 53: "kube-system/kube-dns:53" + udp: null manifests: configmap_bin: true @@ -98,5 +134,7 @@ manifests: configmap_services_udp: true deployment_error: true deployment_ingress: true + endpoints_ingress: true + ingress: true service_error: true service_ingress: true diff --git a/tools/deployment/common/ingress.sh b/tools/deployment/common/ingress.sh deleted file mode 100755 index 426cb0301c..0000000000 --- a/tools/deployment/common/ingress.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -set -xe - -#NOTE: Deploy command -helm install ./ingress \ - --namespace=openstack \ - --name=ingress - -#NOTE: Wait for deploy -./tools/deployment/common/wait-for-pods.sh openstack - -#NOTE: Display info -helm status ingress diff --git a/tools/deployment/developer/03-ingress.sh b/tools/deployment/developer/03-ingress.sh deleted file mode 120000 index 47bb302d8c..0000000000 --- a/tools/deployment/developer/03-ingress.sh +++ /dev/null @@ -1 +0,0 @@ -../common/ingress.sh \ No newline at end of file diff --git a/tools/deployment/developer/03-ingress.sh b/tools/deployment/developer/03-ingress.sh new file mode 100755 index 0000000000..34f17f7a1c --- /dev/null +++ b/tools/deployment/developer/03-ingress.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +#NOTE: Pull images and lint chart +make pull-images ingress + +#NOTE: Deploy global ingress +helm install ./ingress \ + --namespace=kube-system \ + --name=ingress-kube-system \ + --set deployment.mode=cluster \ + --set deployment.type=DaemonSet \ + --set network.host_namespace=true \ + --set network.vip.manage=true \ + --set network.vip.addr=172.18.0.1/32 \ + --set conf.services.udp.53='kube-system/kube-dns:53' + +#NOTE: Deploy namespace ingress +helm install ./ingress \ + --namespace=openstack \ + --name=ingress-openstack + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh kube-system +./tools/deployment/common/wait-for-pods.sh openstack + +#NOTE: Display info +helm status ingress-kube-system +helm status ingress-openstack diff --git a/tools/deployment/multinode/020-ingress.sh b/tools/deployment/multinode/020-ingress.sh deleted file mode 120000 index 47bb302d8c..0000000000 --- a/tools/deployment/multinode/020-ingress.sh +++ /dev/null @@ -1 +0,0 @@ -../common/ingress.sh \ No newline at end of file diff --git a/tools/deployment/multinode/020-ingress.sh b/tools/deployment/multinode/020-ingress.sh new file mode 100755 index 0000000000..3058f6e1bf --- /dev/null +++ b/tools/deployment/multinode/020-ingress.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +#NOTE: Deploy global ingress +helm install ./ingress \ + --namespace=kube-system \ + --name=ingress-kube-system \ + --set pod.replicas.error_page=2 \ + --set deployment.mode=cluster \ + --set deployment.type=DaemonSet \ + --set network.host_namespace=true \ + --set conf.services.udp.53='kube-system/kube-dns:53' + +#NOTE: Deploy namespace ingress +helm install ./ingress \ + --namespace=openstack \ + --name=ingress-openstack \ + --set pod.replicas.ingress=2 \ + --set pod.replicas.error_page=2 + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh kube-system +./tools/deployment/common/wait-for-pods.sh openstack + +#NOTE: Display info +helm status ingress-kube-system +helm status ingress-openstack