Merge "[ingress] introduce keepalived sidecar for ingress vip"

2018-07-19 23:46:30 +00:00 · 2018-07-19 23:46:30 +00:00 · 993bb43009
commit 993bb43009
parent 803faedac0 b37eb252e4
6 changed files with 55 additions and 2 deletions
--- a/ingress/templates/bin/_ingress-vip-keepalived.sh.tpl
+++ b/ingress/templates/bin/_ingress-vip-keepalived.sh.tpl
@ -0,0 +1,31 @@
+#!/bin/bash
+
+# Copyright 2018 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -ex
+
+COMMAND="${@:-start}"
+
+function kernel_modules () {
+  chroot /mnt/host-rootfs modprobe ip_vs
+}
+
+function start () {
+  # Exit if the interface does not exist
+  ip link show ${interface} > /dev/null || exit 1
+  ip link set ${interface} up
+}
+
+$COMMAND
--- a/ingress/templates/bin/_ingress-vip-routed.sh.tpl
+++ b/ingress/templates/bin/_ingress-vip-routed.sh.tpl
--- a/ingress/templates/configmap-bin.yaml
+++ b/ingress/templates/configmap-bin.yaml
@ -28,7 +28,11 @@ data:
 {{- end }}
 {{- if and .Values.network.host_namespace .Values.network.vip.manage }}
  ingress-vip.sh: |
-{{ tuple "bin/_ingress-vip.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- if eq .Values.network.vip.mode "routed" }}
+{{ tuple "bin/_ingress-vip-routed.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- else if eq .Values.network.vip.mode "keepalived" }}
+{{ tuple "bin/_ingress-vip-keepalived.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- end }}
 {{- end }}
  ingress-controller.sh: |
 {{ tuple "bin/_ingress-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
--- a/ingress/templates/configmap-conf.yaml
+++ b/ingress/templates/configmap-conf.yaml
@ -18,6 +18,9 @@ limitations under the License.
 {{- $envAll := . }}

 {{- if and .Values.network.host_namespace .Values.network.vip.manage -}}
+{{- if empty (index .Values.network.vip "mode") -}}
+{{- $_ := set .Values.network.vip "mode" "routed" }}
+{{- end -}}
 {{- if empty (index .Values.conf.ingress "bind-address") -}}
 {{- $_ := set .Values.conf.ingress "bind-address" ( .Values.network.vip.addr | split "/" )._0 }}
 {{- end -}}
--- a/ingress/templates/deployment-ingress.yaml
+++ b/ingress/templates/deployment-ingress.yaml
@ -283,12 +283,13 @@ spec:
              readOnly: true
 {{- if and .Values.network.host_namespace .Values.network.vip.manage }}
        - name: ingress-vip
-{{ tuple $envAll "ingress" | include "helm-toolkit.snippets.image" | indent 10 }}
          securityContext:
            capabilities:
              add:
                - NET_ADMIN
            runAsUser: 0
+{{- if eq .Values.network.vip.mode "routed" }}
+{{ tuple $envAll "ingress" | include "helm-toolkit.snippets.image" | indent 10 }}
          env:
 {{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.vip | indent 12 }}
          command:
@ -305,6 +306,16 @@ spec:
              mountPath: /tmp/ingress-vip.sh
              subPath: ingress-vip.sh
              readOnly: true
+{{- else if eq .Values.network.vip.mode "keepalived" }}
+{{ tuple $envAll "keepalived" | include "helm-toolkit.snippets.image" | indent 10 }}
+          env:
+          - name: KEEPALIVED_INTERFACE
+            value: {{ .Values.network.vip.interface | quote }}
+          - name: KEEPALIVED_VIRTUAL_IPS
+            value: {{ ( .Values.network.vip.addr | split "/" )._0  | quote }}
+          - name: KEEPALIVED_UNICAST_PEERS
+            value: null
+{{- end }}
 {{- end }}
      volumes:
        - name: ingress-bin
--- a/ingress/values.yaml
+++ b/ingress/values.yaml
@ -29,6 +29,7 @@ images:
    # https://github.com/kubernetes/ingress-nginx/blob/09524cd3363693463da5bf4a9bb3900da435ad05/Changelog.md#090
    ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
    error_pages: gcr.io/google_containers/defaultbackend:1.0
+    keepalived: osixia/keepalived:1.4.5
    dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
    image_repo_sync: docker.io/docker:17.07.0
  pull_policy: "IfNotPresent"
@ -98,6 +99,9 @@ network:
  host_namespace: false
  vip:
    manage: false
+    # what type of vip manage machanism will be used
+    # possible options: routed, keepalived
+    mode: routed
    interface: ingress-vip
    addr: 172.18.0.1/32
  ingress: