From 69711430486c2a915b17c3845522dabb4b22fc81 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Tue, 20 Mar 2018 16:47:29 -0500 Subject: [PATCH] Ingress: support arbitary hostnames. This PS allows arbitary hostnames to be used for public endpoints, provided the resolve externally to the ingress controllers. Change-Id: I44411687f756968d00178d487af66c2393e6bde0 --- barbican/values.yaml | 14 ++--- ceilometer/values.yaml | 4 +- cinder/values.yaml | 4 +- congress/values.yaml | 4 +- glance/values.yaml | 8 ++- gnocchi/values.yaml | 4 +- heat/values.yaml | 12 +++-- .../templates/manifests/_ingress.yaml.tpl | 52 +++++++++++-------- horizon/values.yaml | 4 +- ironic/values.yaml | 5 ++ keystone/values.yaml | 4 +- magnum/values.yaml | 4 +- mistral/values.yaml | 4 +- neutron/values.yaml | 4 +- nova/values.yaml | 12 +++-- senlin/values.yaml | 4 +- 16 files changed, 98 insertions(+), 45 deletions(-) diff --git a/barbican/values.yaml b/barbican/values.yaml index 5afedb3b42..136ddb0609 100644 --- a/barbican/values.yaml +++ b/barbican/values.yaml @@ -43,11 +43,11 @@ pod: barbican: uid: 42424 affinity: - anti: - type: - default: preferredDuringSchedulingIgnoredDuringExecution - topologyKey: - default: kubernetes.io/hostname + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname mounts: barbican_api: init_container: null @@ -149,8 +149,10 @@ network: api: ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml index 09f45d3f9f..cf98bd8dce 100644 --- a/ceilometer/values.yaml +++ b/ceilometer/values.yaml @@ -62,8 +62,10 @@ network: api: ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / port: 8777 node_port: diff --git a/cinder/values.yaml b/cinder/values.yaml index 25ba354590..ffc47d40fd 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -246,8 +246,10 @@ network: api: ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: diff --git a/congress/values.yaml b/congress/values.yaml index 3e5977275b..7c865aee04 100644 --- a/congress/values.yaml +++ b/congress/values.yaml @@ -54,8 +54,10 @@ network: api: ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false diff --git a/glance/values.yaml b/glance/values.yaml index 369970bcf3..2100b47e0f 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -286,8 +286,10 @@ network: api: ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/proxy-body-size: "1024M" external_policy_local: false @@ -297,8 +299,10 @@ network: registry: ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: diff --git a/gnocchi/values.yaml b/gnocchi/values.yaml index 11cafd16ca..4ad33ba345 100644 --- a/gnocchi/values.yaml +++ b/gnocchi/values.yaml @@ -40,8 +40,10 @@ network: api: ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: diff --git a/heat/values.yaml b/heat/values.yaml index 488b67028b..03b8f2cec5 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -250,8 +250,10 @@ network: api: ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: @@ -260,8 +262,10 @@ network: cfn: ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false @@ -269,8 +273,10 @@ network: cloudwatch: ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false diff --git a/helm-toolkit/templates/manifests/_ingress.yaml.tpl b/helm-toolkit/templates/manifests/_ingress.yaml.tpl index 430c561307..5e640660eb 100644 --- a/helm-toolkit/templates/manifests/_ingress.yaml.tpl +++ b/helm-toolkit/templates/manifests/_ingress.yaml.tpl @@ -19,6 +19,19 @@ limitations under the License. # {- $ingressOpts := dict "envAll" . "backendServiceType" "key-manager" -} # { $ingressOpts | include "helm-toolkit.manifests.ingress" } +{{- define "helm-toolkit.manifests.ingress._host_rules" -}} +{{- $vHost := index . "vHost" -}} +{{- $backendName := index . "backendName" -}} +{{- $backendPort := index . "backendPort" -}} +- host: {{ $vHost }} + http: + paths: + - path: / + backend: + serviceName: {{ $backendName }} + servicePort: {{ $backendPort }} +{{- end }} + {{- define "helm-toolkit.manifests.ingress" -}} {{- $envAll := index . "envAll" -}} {{- $backendService := index . "backendService" | default "api" -}} @@ -27,7 +40,6 @@ limitations under the License. {{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} {{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} --- apiVersion: extensions/v1beta1 @@ -35,29 +47,27 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: + kubernetes.io/ingress.class: {{ index $envAll.Values.network $backendService "ingress" "classes" "namespace" | quote }} {{ toYaml (index $envAll.Values.network $backendService "ingress" "annotations") | indent 4 }} spec: rules: -{{ if ne $hostNameNamespaced $hostNameFull }} -{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }} - - host: {{ $vHost }} - http: - paths: - - path: / - backend: - serviceName: {{ $backendName }} - servicePort: {{ $backendPort }} +{{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix)}} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4}} {{- end }} -{{- else }} -{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced }} - - host: {{ $vHost }} - http: - paths: - - path: / - backend: - serviceName: {{ $backendName }} - servicePort: {{ $backendPort }} +{{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} +{{- $hostNameFullRules := dict "vHost" $hostNameFull "backendName" $backendName "backendPort" $backendPort }} +{{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4}} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $ingressName }} + annotations: + kubernetes.io/ingress.class: {{ index $envAll.Values.network $backendService "ingress" "classes" "cluster" | quote }} +{{ toYaml (index $envAll.Values.network $backendService "ingress" "annotations") | indent 4 }} +spec: + rules: +{{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4}} {{- end }} {{- end }} - -{{- end }} diff --git a/horizon/values.yaml b/horizon/values.yaml index d7cad6ab16..8853467ebe 100644 --- a/horizon/values.yaml +++ b/horizon/values.yaml @@ -40,8 +40,10 @@ network: dashboard: ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: diff --git a/ironic/values.yaml b/ironic/values.yaml index b21e4b9248..63da381789 100644 --- a/ironic/values.yaml +++ b/ironic/values.yaml @@ -111,6 +111,11 @@ network: api: ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30511 diff --git a/keystone/values.yaml b/keystone/values.yaml index ca46b8c0e2..7210c512c6 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -60,8 +60,10 @@ network: api: ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: diff --git a/magnum/values.yaml b/magnum/values.yaml index 51f12a2149..ad3326896c 100644 --- a/magnum/values.yaml +++ b/magnum/values.yaml @@ -125,8 +125,10 @@ network: api: ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: diff --git a/mistral/values.yaml b/mistral/values.yaml index 03a9736d1c..ed01666f2b 100644 --- a/mistral/values.yaml +++ b/mistral/values.yaml @@ -57,8 +57,10 @@ network: api: ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false diff --git a/neutron/values.yaml b/neutron/values.yaml index 27979d1e94..36f6ba405c 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -109,8 +109,10 @@ network: server: ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: diff --git a/nova/values.yaml b/nova/values.yaml index 801f34169b..fe40d25c51 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -133,8 +133,10 @@ network: port: 8774 ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: @@ -144,8 +146,10 @@ network: port: 8775 ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: @@ -155,8 +159,10 @@ network: port: 8778 ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false diff --git a/senlin/values.yaml b/senlin/values.yaml index 356098ec86..16094eaf93 100644 --- a/senlin/values.yaml +++ b/senlin/values.yaml @@ -138,8 +138,10 @@ network: api: ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false