diff --git a/doc/source/user/index.rst b/doc/source/user/index.rst index 4cb0120603..579cfb323e 100644 --- a/doc/source/user/index.rst +++ b/doc/source/user/index.rst @@ -354,6 +354,8 @@ the table are linked to more details elsewhere in the user guide. +---------------------------------------+--------------------+---------------+ | `octavia_ingress_controller_tag`_ | see below | see below | +---------------------------------------+--------------------+---------------+ +| `nginx_ingress_controller_tag`_ | see below | see below | ++---------------------------------------+--------------------+---------------+ | `kubelet_options`_ | extra kubelet args | "" | +---------------------------------------+--------------------+---------------+ | `kubeapi_options`_ | extra kubeapi args | "" | @@ -1350,10 +1352,10 @@ worker nodes security group. For example:: --dst-port 443:443 _`ingress_controller` - This label sets the Ingress Controller to be used. Currently 'traefik' and - 'octavia' are supported. The default is '', meaning no Ingress Controller - is configured. For more details about octavia-ingress-controller please refer - to `cloud-provider-openstack document + This label sets the Ingress Controller to be used. Currently 'traefik', + 'nginx' and 'octavia' are supported. The default is '', meaning no Ingress + Controller is configured. For more details about octavia-ingress-controller + please refer to `cloud-provider-openstack document `_ _`ingress_controller_role` @@ -1370,6 +1372,9 @@ _`ingress_controller_role` _`octavia_ingress_controller_tag` The image tag for octavia-ingress-controller. Stein-default: 1.13.2-alpha +_`nginx_ingress_controller_tag` + The image tag for nginx-ingress-controller. Stein-default: 0.23.0 + DNS --- diff --git a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml index 7067586fc6..dd98cba9c6 100644 --- a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml +++ b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml @@ -95,3 +95,4 @@ write_files: AUTOSCALER_TAG="$AUTOSCALER_TAG" MIN_NODE_COUNT="$MIN_NODE_COUNT" MAX_NODE_COUNT="$MAX_NODE_COUNT" + NGINX_INGRESS_CONTROLLER_TAG="$NGINX_INGRESS_CONTROLLER_TAG" diff --git a/magnum/drivers/common/templates/kubernetes/helm/ingress-nginx.sh b/magnum/drivers/common/templates/kubernetes/helm/ingress-nginx.sh new file mode 100755 index 0000000000..1d978b38b6 --- /dev/null +++ b/magnum/drivers/common/templates/kubernetes/helm/ingress-nginx.sh @@ -0,0 +1,252 @@ +#!/bin/bash + +. /etc/sysconfig/heat-params + +set -ex + +step="nginx-ingress" +printf "Starting to run ${step}\n" + +### Configuration +############################################################################### +CHART_NAME="nginx-ingress" +CHART_VERSION="1.4.0" + +if [ "$(echo ${INGRESS_CONTROLLER} | tr '[:upper:]' '[:lower:]')" = "nginx" ]; then + +HELM_MODULE_CONFIG_FILE="/srv/magnum/kubernetes/helm/${CHART_NAME}.yaml" +[ -f ${HELM_MODULE_CONFIG_FILE} ] || { + echo "Writing File: ${HELM_MODULE_CONFIG_FILE}" + mkdir -p $(dirname ${HELM_MODULE_CONFIG_FILE}) + cat << EOF > ${HELM_MODULE_CONFIG_FILE} +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: ${CHART_NAME}-config + namespace: magnum-tiller + labels: + app: helm +data: + install-${CHART_NAME}.sh: | + #!/bin/bash + set -e + set -x + mkdir -p \${HELM_HOME} + cp /etc/helm/* \${HELM_HOME} + + # HACK - Force wait because of bug https://github.com/helm/helm/issues/5170 + until helm init --client-only --wait + do + sleep 5s + done + helm repo update + + if [[ \$(helm history ${CHART_NAME} | grep ${CHART_NAME}) ]]; then + echo "${CHART_NAME} already installed on server. Continue..." + exit 0 + else + helm install stable/${CHART_NAME} --namespace kube-system --name ${CHART_NAME} --version v${CHART_VERSION} --values /opt/magnum/install-${CHART_NAME}-values.yaml + fi + + install-${CHART_NAME}-values.yaml: | + controller: + name: controller + image: + repository: ${CONTAINER_INFRA_PREFIX:-quay.io/kubernetes-ingress-controller/}nginx-ingress-controller + tag: ${NGINX_INGRESS_CONTROLLER_TAG} + pullPolicy: IfNotPresent + runAsUser: 33 + config: {} + headers: {} + hostNetwork: true + dnsPolicy: ClusterFirst + daemonset: + useHostPort: true + hostPorts: + http: 80 + https: 443 + stats: 18080 + defaultBackendService: "" + electionID: ingress-controller-leader + ingressClass: nginx + podLabels: {} + publishService: + enabled: false + pathOverride: "" + scope: + enabled: false + namespace: "" # defaults to .Release.Namespace + extraArgs: + enable-ssl-passthrough: "" + extraEnvs: [] + kind: DaemonSet + updateStrategy: {} + minReadySeconds: 0 + tolerations: [] + affinity: {} + nodeSelector: + role: ${INGRESS_CONTROLLER_ROLE} + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + port: 10254 + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + port: 10254 + podAnnotations: {} + replicaCount: 1 + minAvailable: 1 + resources: + limits: + cpu: 100m + memory: 64Mi + requests: + cpu: 100m + memory: 64Mi + autoscaling: + enabled: false + customTemplate: + configMapName: "" + configMapKey: "" + service: + annotations: {} + labels: {} + clusterIP: "" + externalIPs: [] + loadBalancerIP: "" + loadBalancerSourceRanges: [] + enableHttp: true + enableHttps: true + externalTrafficPolicy: "" + healthCheckNodePort: 0 + targetPorts: + http: http + https: https + type: NodePort + nodePorts: + http: "32080" + https: "32443" + extraContainers: [] + extraVolumeMounts: [] + extraVolumes: [] + extraInitContainers: [] + stats: + enabled: false + service: + annotations: {} + clusterIP: "" + externalIPs: [] + loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 18080 + type: ClusterIP + metrics: + enabled: false + service: + annotations: {} + clusterIP: "" + externalIPs: [] + loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 9913 + type: ClusterIP + serviceMonitor: + enabled: false + additionalLabels: {} + namespace: "" + lifecycle: {} + priorityClassName: "" + revisionHistoryLimit: 10 + defaultBackend: + enabled: true + name: default-backend + image: + repository: ${CONTAINER_INFRA_PREFIX:-k8s.gcr.io/}defaultbackend + tag: "1.4" + pullPolicy: IfNotPresent + extraArgs: {} + port: 8080 + tolerations: [] + affinity: {} + podLabels: {} + nodeSelector: {} + podAnnotations: {} + replicaCount: 1 + minAvailable: 1 + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi + service: + annotations: {} + clusterIP: "" + externalIPs: [] + loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 80 + type: ClusterIP + priorityClassName: "" + rbac: + create: true + podSecurityPolicy: + enabled: false + serviceAccount: + create: true + name: + imagePullSecrets: [] + tcp: {} + udp: {} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: install-${CHART_NAME}-job + namespace: magnum-tiller +spec: + backoffLimit: 5 + template: + spec: + serviceAccountName: tiller + containers: + - name: config-helm + image: ${CONTAINER_INFRA_PREFIX:-docker.io/openstackmagnum/}helm-client:dev + command: + - bash + args: + - /opt/magnum/install-${CHART_NAME}.sh + env: + - name: HELM_HOME + value: /helm_home + - name: TILLER_NAMESPACE + value: magnum-tiller + - name: HELM_TLS_ENABLE + value: "true" + volumeMounts: + - name: install-${CHART_NAME}-config + mountPath: /opt/magnum/ + - mountPath: /etc/helm + name: helm-client-certs + restartPolicy: Never + volumes: + - name: install-${CHART_NAME}-config + configMap: + name: ${CHART_NAME}-config + - name: helm-client-certs + secret: + secretName: helm-client-secret +EOF +} +fi + +printf "Finished running ${step}\n" diff --git a/magnum/drivers/heat/k8s_fedora_template_def.py b/magnum/drivers/heat/k8s_fedora_template_def.py index 0abe5f66cd..8d2d3dd3b9 100644 --- a/magnum/drivers/heat/k8s_fedora_template_def.py +++ b/magnum/drivers/heat/k8s_fedora_template_def.py @@ -120,7 +120,8 @@ class K8sFedoraTemplateDefinition(k8s_template_def.K8sTemplateDefinition): 'node_problem_detector_tag', 'auto_healing_enabled', 'auto_scaling_enabled', 'draino_tag', 'autoscaler_tag', - 'min_node_count', 'max_node_count'] + 'min_node_count', 'max_node_count', + 'nginx_ingress_controller_tag'] for label in label_list: label_value = cluster.labels.get(label) diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml index 58e2b84c3f..51e9834286 100644 --- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml +++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml @@ -605,6 +605,11 @@ parameters: description: > maximum node count of cluster workers when doing scale up + nginx_ingress_controller_tag: + type: string + description: nginx ingress controller docker image tag + default: 0.23.0 + resources: ###################################################################### @@ -889,6 +894,7 @@ resources: autoscaler_tag: {get_param: autoscaler_tag} min_node_count: {get_param: min_node_count} max_node_count: {get_param: max_node_count} + nginx_ingress_controller_tag: {get_param: nginx_ingress_controller_tag} kube_cluster_config: type: OS::Heat::SoftwareConfig @@ -926,6 +932,7 @@ resources: template: {get_file: ../../common/templates/kubernetes/helm/prometheus-operator.sh} params: "${ADMIN_PASSWD}": {get_param: grafana_admin_passwd} + - get_file: ../../common/templates/kubernetes/helm/ingress-nginx.sh - get_file: ../../common/templates/kubernetes/fragments/install-helm-modules.sh kube_cluster_deploy: diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml index 221b3b090f..5b1ab15eff 100644 --- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml +++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml @@ -471,6 +471,10 @@ parameters: description: > maximum node count of cluster workers when doing scale up + nginx_ingress_controller_tag: + type: string + description: nginx ingress controller docker image tag + resources: ###################################################################### # @@ -589,6 +593,7 @@ resources: "$AUTOSCALER_TAG": {get_param: autoscaler_tag} "$MIN_NODE_COUNT": {get_param: min_node_count} "$MAX_NODE_COUNT": {get_param: max_node_count} + "$NGINX_INGRESS_CONTROLLER_TAG": {get_param: nginx_ingress_controller_tag} install_openstack_ca: type: OS::Heat::SoftwareConfig diff --git a/magnum/tests/unit/drivers/test_template_definition.py b/magnum/tests/unit/drivers/test_template_definition.py index 3837c52943..35e1f5d1fb 100644 --- a/magnum/tests/unit/drivers/test_template_definition.py +++ b/magnum/tests/unit/drivers/test_template_definition.py @@ -459,6 +459,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase): 'ingress_controller_role') octavia_ingress_controller_tag = mock_cluster.labels.get( 'octavia_ingress_controller_tag') + nginx_ingress_controller_tag = mock_cluster.labels.get( + 'nginx_ingress_controller_tag') kubelet_options = mock_cluster.labels.get( 'kubelet_options') kubeapi_options = mock_cluster.labels.get( @@ -550,6 +552,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase): 'ingress_controller': ingress_controller, 'ingress_controller_role': ingress_controller_role, 'octavia_ingress_controller_tag': octavia_ingress_controller_tag, + 'nginx_ingress_controller_tag': nginx_ingress_controller_tag, 'octavia_enabled': False, 'kube_service_account_key': 'public_key', 'kube_service_account_private_key': 'private_key', @@ -846,6 +849,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase): 'ingress_controller_role') octavia_ingress_controller_tag = mock_cluster.labels.get( 'octavia_ingress_controller_tag') + nginx_ingress_controller_tag = mock_cluster.labels.get( + 'nginx_ingress_controller_tag') kubelet_options = mock_cluster.labels.get( 'kubelet_options') kubeapi_options = mock_cluster.labels.get( @@ -939,6 +944,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase): 'ingress_controller': ingress_controller, 'ingress_controller_role': ingress_controller_role, 'octavia_ingress_controller_tag': octavia_ingress_controller_tag, + 'nginx_ingress_controller_tag': nginx_ingress_controller_tag, 'octavia_enabled': False, 'kube_service_account_key': 'public_key', 'kube_service_account_private_key': 'private_key', diff --git a/releasenotes/notes/helm-install-ingress-nginx-fe2acec1dd3032e3.yaml b/releasenotes/notes/helm-install-ingress-nginx-fe2acec1dd3032e3.yaml new file mode 100644 index 0000000000..1c998fb559 --- /dev/null +++ b/releasenotes/notes/helm-install-ingress-nginx-fe2acec1dd3032e3.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Add nginx as an additional Ingress controller option for Kubernetes. + Installation is done via the upstream nginx-ingress helm chart, and + selection can be done via label ingress_controller=nginx.