Ingress: Move to namespaced ingress controllers and edge VIP

This PS moves to namespace specific ingress controllers, and a
cluster wide ingress controller that acts as the external front
door to the cluster. The cluster ingress controller will also
be able to create a dummy interface that can be announced via the
OpenStack-Helm-Infra Calico chart.

The ability to exercise the edge VIP feature is currently only
demonstrated in the single node gate and guide, as it requires
additional configuration, or hardware to set up the routes in
a multinode env.

Change-Id: I8b823b93465f2e90aaabcca9ec9b783d34539e07
This commit is contained in:
portdirect 2018-01-12 13:58:40 -05:00
parent 9d40323eb1
commit 35dfb998f4
18 changed files with 520 additions and 90 deletions

View File

@ -0,0 +1,27 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "helm-toolkit.utils.to_k8s_env_vars" -}}
{{range $key, $value := . -}}
{{- if kindIs "slice" $value -}}
- name: {{ $key }}
value: {{ include "helm-toolkit.utils.joinListWithComma" $value | quote }}
{{else -}}
- name: {{ $key }}
value: {{ $value | quote }}
{{ end -}}
{{- end -}}
{{- end -}}

View File

@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
@ -17,9 +17,26 @@ limitations under the License.
*/}}
set -ex
COMMAND="${@:-start}"
function start () {
exec /usr/bin/dumb-init \
/nginx-ingress-controller \
--default-backend-service=${POD_NAMESPACE}/ingress-error-pages \
{{- if eq .Values.deployment.mode "namespace" }}
--watch-namespace ${POD_NAMESPACE} \
{{- end }}
--http-port=${PORT_HTTP} \
--https-port=${PORT_HTTPS} \
--election-id=${RELEASE_NAME} \
--ingress-class=${INGRESS_CLASS} \
--default-backend-service=${POD_NAMESPACE}/${ERROR_PAGE_SERVICE} \
--configmap=${POD_NAMESPACE}/ingress-conf \
--tcp-services-configmap=${POD_NAMESPACE}/ingress-services-tcp \
--udp-services-configmap=${POD_NAMESPACE}/ingress-services-udp
}
function stop () {
kill -TERM 1
}
$COMMAND

View File

@ -17,4 +17,10 @@ limitations under the License.
*/}}
set -ex
COMMAND="${@:-start}"
if [ "x${COMMAND}" == "xstart" ]; then
exec /server
elif [ "x${COMMAND}" == "xstop" ]; then
kill -TERM 1
fi

View File

@ -0,0 +1,57 @@
#!/bin/bash
# Copyright 2018 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
COMMAND="${@:-start}"
function kernel_modules () {
chroot /mnt/host-rootfs modprobe dummy
}
function test_vip () {
ip addr show ${interface} | \
awk "/inet / && /${interface}/{print \$2 }" | \
awk -F '/' '{ print $1 }' | \
grep -q "${addr%/*}"
}
function start () {
ip link show ${interface} > /dev/null || ip link add ${interface} type dummy
if ! test_vip; then
ip addr add ${addr} dev ${interface}
fi
ip link set ${interface} up
}
function sleep () {
exec bash -c "while :; do sleep 2073600; done"
}
function stop () {
ip link show ${interface} > /dev/null || exit 0
if test_vip; then
ip addr del ${addr} dev ${interface}
fi
if [ "$(ip address show ${interface} | \
awk "/inet / && /${interface}/{print \$2 }" | \
wc -l)" -le "0" ]; then
ip link set ${interface} down
ip link del ${interface}
fi
}
$COMMAND

View File

@ -22,6 +22,10 @@ kind: ConfigMap
metadata:
name: ingress-bin
data:
{{- if and .Values.network.host_namespace .Values.network.vip.manage }}
ingress-vip.sh: |
{{ tuple "bin/_ingress-vip.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}
ingress-controller.sh: |+
{{ tuple "bin/_ingress-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ingress-error-pages.sh: |+

View File

@ -16,11 +16,18 @@ limitations under the License.
{{- if .Values.manifests.configmap_conf }}
{{- $envAll := . }}
{{- if and .Values.network.host_namespace .Values.network.vip.manage -}}
{{- if empty (index .Values.conf.ingress "bind-address") -}}
{{- set .Values.conf.ingress "bind-address" ( .Values.network.vip.addr | split "/" )._0 | quote | trunc 0 -}}
{{- end -}}
{{- end -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-conf
data:
{{ toYaml .Values.config.controller | indent 2 }}
{{ toYaml .Values.conf.ingress | indent 2 }}
{{- end }}

View File

@ -21,8 +21,8 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-services-tcp
{{- if not (empty $envAll.Values.config.services.tcp) }}
{{- if not (empty $envAll.Values.conf.services.tcp) }}
data:
{{ toYaml $envAll.Values.config.services.tcp | indent 2 }}
{{ toYaml $envAll.Values.conf.services.tcp | indent 2 }}
{{- end }}
{{- end }}

View File

@ -21,8 +21,8 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-services-udp
{{- if not (empty $envAll.Values.config.services.udp) }}
{{- if not (empty $envAll.Values.conf.services.udp) }}
data:
{{ toYaml $envAll.Values.config.services.udp | indent 2 }}
{{ toYaml $envAll.Values.conf.services.udp | indent 2 }}
{{- end }}
{{- end }}

View File

@ -38,7 +38,7 @@ spec:
{{ tuple $envAll "ingress" "error-pages" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
terminationGracePeriodSeconds: 60
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.error_pages.timeout | default "60" }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
@ -57,6 +57,13 @@ spec:
- containerPort: 8080
command:
- /tmp/ingress-error-pages.sh
- start
lifecycle:
preStop:
exec:
command:
- /tmp/ingress-error-pages.sh
- stop
volumeMounts:
- name: ingress-bin
mountPath: /tmp/ingress-error-pages.sh

View File

@ -18,13 +18,21 @@ limitations under the License.
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ingress }}
{{- $serviceAccountName := "ingress-api"}}
{{- if empty .Values.conf.controller.INGRESS_CLASS -}}
{{- if eq .Values.deployment.mode "cluster" }}
{{- set .Values.conf.controller "INGRESS_CLASS" .Values.deployment.cluster.class | quote | trunc 0 -}}
{{- else if eq .Values.deployment.mode "namespace" }}
{{- set .Values.conf.controller "INGRESS_CLASS" "nginx" | quote | trunc 0 -}}
{{- end }}
{{- end -}}
{{- $serviceAccountName := printf "%s-%s" .Release.Name "ingress" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: nginx-ingress-clusterrole
name: {{ $serviceAccountName }}
rules:
- apiGroups:
- ""
@ -76,11 +84,11 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-clusterrole-nisa-binding
name: {{ $serviceAccountName }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-clusterrole
name: {{ $serviceAccountName }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
@ -89,7 +97,7 @@ subjects:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-role
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
rules:
- apiGroups:
@ -106,11 +114,7 @@ rules:
resources:
- configmaps
resourceNames:
# Defaults to "<election-id>-<ingress-class>"
# Here: "<ingress-controller-leader>-<nginx>"
# This has to be adapted if you change either parameter
# when launching the nginx-ingress-controller.
- "ingress-controller-leader-nginx"
- {{ printf "%s-%s" .Release.Name .Values.conf.controller.INGRESS_CLASS | quote }}
verbs:
- get
- update
@ -132,39 +136,39 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: nginx-ingress-role-nisa-binding
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-role
name: {{ $serviceAccountName }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
---
{{- if eq .Values.deployment_type "Deployment" }}
{{- if eq .Values.deployment.type "Deployment" }}
apiVersion: apps/v1beta1
kind: Deployment
{{- else if eq .Values.deployment_type "DaemonSet" }}
{{- else if eq .Values.deployment.type "DaemonSet" }}
apiVersion: extensions/v1beta1
kind: DaemonSet
{{- end }}
metadata:
name: ingress-api
name: ingress
spec:
{{- if eq .Values.deployment_type "Deployment" }}
{{- if eq .Values.deployment.type "Deployment" }}
replicas: {{ .Values.pod.replicas.ingress }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
{{- end }}
template:
metadata:
labels:
{{ tuple $envAll "ingress" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
app: ingress-api
spec:
serviceAccountName: {{ $serviceAccountName }}
{{- if eq .Values.deployment_type "Deployment" }}
{{- if eq .Values.deployment.type "Deployment" }}
affinity:
{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
{{- end }}
@ -174,11 +178,50 @@ spec:
hostNetwork: true
{{- end }}
dnsPolicy: "ClusterFirstWithHostNet"
terminationGracePeriodSeconds: 60
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.server.timeout | default "60" }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{- if and .Values.network.host_namespace .Values.network.vip.manage }}
- name: ingress-vip-kernel-modules
image: {{ .Values.images.tags.ingress }}
imagePullPolicy: {{ .Values.images.pull_policy }}
securityContext:
capabilities:
add:
- SYS_MODULE
runAsUser: 0
command:
- /tmp/ingress-vip.sh
- kernel_modules
volumeMounts:
- name: ingress-bin
mountPath: /tmp/ingress-vip.sh
subPath: ingress-vip.sh
readOnly: true
- name: host-rootfs
mountPath: /mnt/host-rootfs
readOnly: true
- name: ingress-vip-init
image: {{ .Values.images.tags.ingress }}
imagePullPolicy: {{ .Values.images.pull_policy }}
securityContext:
capabilities:
add:
- NET_ADMIN
runAsUser: 0
env:
{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.vip | indent 12 }}
command:
- /tmp/ingress-vip.sh
- start
volumeMounts:
- name: ingress-bin
mountPath: /tmp/ingress-vip.sh
subPath: ingress-vip.sh
readOnly: true
{{- end }}
containers:
- name: ingress-api
- name: ingress
image: {{ .Values.images.tags.ingress }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.ingress | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
@ -203,21 +246,72 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: PORT_HTTP
value: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: PORT_HTTPS
value: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: RELEASE_NAME
value: {{ .Release.Name | quote }}
- name: ERROR_PAGE_SERVICE
value: {{ tuple "ingress" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote }}
{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.conf.controller | indent 12 }}
ports:
- containerPort: 80
hostPort: 80
- containerPort: 443
hostPort: 443
- containerPort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.host_namespace }}
hostPort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
- containerPort: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.host_namespace }}
hostPort: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
command:
- /tmp/ingress-controller.sh
- start
lifecycle:
preStop:
exec:
command:
- /tmp/ingress-controller.sh
- stop
volumeMounts:
- name: ingress-bin
mountPath: /tmp/ingress-controller.sh
subPath: ingress-controller.sh
readOnly: true
{{- if and .Values.network.host_namespace .Values.network.vip.manage }}
- name: ingress-vip
image: {{ .Values.images.tags.ingress }}
imagePullPolicy: {{ .Values.images.pull_policy }}
securityContext:
capabilities:
add:
- NET_ADMIN
runAsUser: 0
env:
{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.vip | indent 12 }}
command:
- /tmp/ingress-vip.sh
- sleep
lifecycle:
preStop:
exec:
command:
- /tmp/ingress-vip.sh
- stop
volumeMounts:
- name: ingress-bin
mountPath: /tmp/ingress-vip.sh
subPath: ingress-vip.sh
readOnly: true
{{- end }}
volumes:
- name: ingress-bin
configMap:
name: ingress-bin
defaultMode: 0555
{{- if and .Values.network.host_namespace .Values.network.vip.manage }}
- name: host-rootfs
hostPath:
path: /
{{- end }}
{{- end }}

View File

@ -0,0 +1,53 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.endpoints_ingress }}
{{- $envAll := . }}
{{- if and .Values.network.host_namespace .Values.network.vip.manage -}}
---
apiVersion: "v1"
kind: "Endpoints"
metadata:
labels:
{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
endpoint: vip
name: {{ tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
subsets:
- addresses:
- ip: {{ ( .Values.network.vip.addr | split "/" )._0 | quote }}
ports:
- port: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
protocol: TCP
name: http
- port: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
protocol: TCP
name: https
{{- if not (empty $envAll.Values.conf.services.tcp) }}
{{range $key, $value := $envAll.Values.conf.services.tcp -}}
- port: {{ $key }}
protocol: TCP
name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }}
{{ end -}}
{{- end }}
{{- if not (empty $envAll.Values.conf.services.udp) }}
{{range $key, $value := $envAll.Values.conf.services.udp -}}
- port: {{ $key }}
protocol: UDP
name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }}
{{ end -}}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,40 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.ingress }}
{{- $envAll := . }}
{{- if eq .Values.deployment.mode "namespace" }}
{{- if empty (index .Values.network.ingress.annotations "kubernetes.io/ingress.class") -}}
{{- set .Values.network.ingress.annotations "kubernetes.io/ingress.class" .Values.deployment.cluster.class | quote | trunc 0 -}}
{{- end -}}
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ .Release.Namespace }}-{{ .Release.Name }}
annotations:
{{ toYaml .Values.network.ingress.annotations | indent 4 }}
spec:
rules:
- host: {{ printf "%s.%s.svc.%s" "*" .Release.Namespace .Values.endpoints.cluster_domain_suffix | quote }}
http:
paths:
- path: /
backend:
serviceName: {{ tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
servicePort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
{{- end }}

View File

@ -22,7 +22,7 @@ kind: Service
metadata:
labels:
{{ tuple $envAll "ingress" "error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
name: ingress-error-pages
name: {{ tuple "ingress" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
clusterIP: None
ports:

View File

@ -21,18 +21,42 @@ apiVersion: v1
kind: Service
metadata:
labels:
app: ingress-api
name: {{ .Values.endpoints.ingress.host }}
{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- if and .Values.network.host_namespace .Values.network.vip.manage }}
endpoint: vip
{{- end }}
name: {{ tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
{{- if and .Values.network.host_namespace .Values.network.vip.manage }}
clusterIP: None
{{- end }}
ports:
- name: http
port: {{ .Values.endpoints.ingress.port.http }}
port: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
protocol: TCP
targetPort: 80
targetPort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: https
port: {{ .Values.endpoints.ingress.port.https }}
port: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
protocol: TCP
targetPort: 443
selector:
app: ingress-api
targetPort: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if not (empty $envAll.Values.conf.services.tcp) }}
{{range $key, $value := $envAll.Values.conf.services.tcp -}}
- name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }}
port: {{ $key }}
protocol: TCP
targetPort: {{ $key }}
{{ end -}}
{{- end }}
{{- if not (empty $envAll.Values.conf.services.udp) }}
{{range $key, $value := $envAll.Values.conf.services.udp -}}
- name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }}
port: {{ $key }}
protocol: UDP
targetPort: {{ $key }}
{{ end -}}
{{- end }}
{{- if not (and .Values.network.host_namespace .Values.network.vip.manage) }}
selector:
{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- end }}
{{- end }}

View File

@ -17,6 +17,12 @@
# Declare name/value pairs to be passed into your templates.
# name: value
deployment:
mode: namespace
type: Deployment
cluster:
class: "nginx-cluster"
images:
tags:
entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
@ -44,6 +50,11 @@ pod:
rolling_update:
max_unavailable: 1
max_surge: 3
termination_grace_period:
server:
timeout: 60
error_pages:
timeout: 60
resources:
enabled: false
ingress:
@ -66,7 +77,18 @@ labels:
node_selector_value: enabled
network:
host_namespace: true
host_namespace: false
vip:
manage: false
interface: ingress-vip
addr: 172.18.0.1/32
ingress:
annotations:
#NOTE(portdirect): if left blank this is populated from
# .deployment.cluster.class
kubernetes.io/ingress.class: null
nginx.ingress.kubernetes.io/proxy-body-size: "0"
external_policy_local: false
dependencies:
error_pages:
@ -75,21 +97,35 @@ dependencies:
jobs: null
endpoints:
cluster_domain_suffix: cluster.local
ingress:
host: openstack
hosts:
default: ingress
error_pages: ingress-error-pages
host_fqdn_override:
default: null
port:
http: 80
https: 443
http:
default: 80
https:
default: 443
deployment_type: DaemonSet
config:
conf:
controller:
#NOTE(portdirect): if left blank this is populated from
# .deployment.cluster.class in cluster mode, or set to
# "nginx" in namespace mode
INGRESS_CLASS: null
ingress:
enable-underscores-in-headers: "true"
#NOTE(portdirect): if left blank this is populated from
# .network.vip.addr when running in host networking
# and .network.vip.manage=true, otherwise it is left as
# an empty string (the default).
bind-address: null
services:
tcp: null
udp:
53: "kube-system/kube-dns:53"
udp: null
manifests:
configmap_bin: true
@ -98,5 +134,7 @@ manifests:
configmap_services_udp: true
deployment_error: true
deployment_ingress: true
endpoints_ingress: true
ingress: true
service_error: true
service_ingress: true

View File

@ -1,28 +0,0 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Deploy command
helm install ./ingress \
--namespace=openstack \
--name=ingress
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack
#NOTE: Display info
helm status ingress

View File

@ -1 +0,0 @@
../common/ingress.sh

View File

@ -0,0 +1,44 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Pull images and lint chart
make pull-images ingress
#NOTE: Deploy global ingress
helm install ./ingress \
--namespace=kube-system \
--name=ingress-kube-system \
--set deployment.mode=cluster \
--set deployment.type=DaemonSet \
--set network.host_namespace=true \
--set network.vip.manage=true \
--set network.vip.addr=172.18.0.1/32 \
--set conf.services.udp.53='kube-system/kube-dns:53'
#NOTE: Deploy namespace ingress
helm install ./ingress \
--namespace=openstack \
--name=ingress-openstack
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
./tools/deployment/common/wait-for-pods.sh openstack
#NOTE: Display info
helm status ingress-kube-system
helm status ingress-openstack

View File

@ -1 +0,0 @@
../common/ingress.sh

View File

@ -0,0 +1,42 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Deploy global ingress
helm install ./ingress \
--namespace=kube-system \
--name=ingress-kube-system \
--set pod.replicas.error_page=2 \
--set deployment.mode=cluster \
--set deployment.type=DaemonSet \
--set network.host_namespace=true \
--set conf.services.udp.53='kube-system/kube-dns:53'
#NOTE: Deploy namespace ingress
helm install ./ingress \
--namespace=openstack \
--name=ingress-openstack \
--set pod.replicas.ingress=2 \
--set pod.replicas.error_page=2
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
./tools/deployment/common/wait-for-pods.sh openstack
#NOTE: Display info
helm status ingress-kube-system
helm status ingress-openstack