Adding Ingress controller deployment script

Bash script that deploys traefik ingress controller with tls
The only required parameter is external ip (-i)

Change-Id: Iee1616f37d2af437048406d15e48f0c8ad15c5eb

tools/ingress/controller.yaml

@@ -0,0 +1,47 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  labels:
+    app: traefik
+  name: traefik
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: traefik
+    spec:
+      volumes:
+      - name: ssl
+        secret:
+          secretName: traefik-cert
+      - name: config
+        configMap:
+          name: traefik-conf
+      containers:
+      - image: traefik:latest
+        name: traefik
+        volumeMounts:
+        - mountPath: "/ssl"
+          name: "ssl"
+        - mountPath: "/config"
+          name: "config"
+        args:
+        - --configfile=/config/traefik.toml
+        - --kubernetes
+        - --logLevel=DEBUG
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: traefik
+spec:
+  externalIPs:
+    - EXTERNAL_IP
+  ports:
+    - name: http
+      port: HTTP_PORT
+    - name: https
+      port: HTTPS_PORT
+  selector:
+    app: traefik

tools/ingress/deploy-ingress-controller.sh

@@ -0,0 +1,85 @@
+#!/bin/bash
+
+set -e
+
+function usage {
+    local base_name=$(basename $0)
+    echo "Usage:"
+    echo "  $base_name -i <external IP>"
+    echo "  $base_name -p <http port (default: 80)>"
+    echo "  $base_name -s <https port (default: 8443)>"
+    echo "  $base_name -n <namespace>"
+    echo "  $base_name -k <path to tls key>"
+    echo "  $base_name -c <path to tls cert>"
+    echo "  $base_name -d <ingress domain (default: ccp.external)>"
+    echo "  $base_name -i <external IP>"
+}
+
+NAMESPACE=" --namespace kube-system"
+DOMAIN="ccp.external"
+HTTP_PORT=80
+HTTPS_PORT=8443
+
+while getopts "p:s:k:c:d:n:i:h" opt; do
+    case $opt in
+        "p" )
+            HTTP_PORT="$OPTARG"
+            ;;
+        "s" )
+            HTTPS_PORT="$OPTARG"
+            ;;
+        "k" )
+            TLS_KEY="$OPTARG"
+            ;;
+        "c" )
+            TLS_CERT="$OPTARG"
+            ;;
+        "d" )
+            DOMAIN="$OPTARG"
+            ;;
+        "n" )
+            NAMESPACE=" --namespace $OPTARG"
+            ;;
+        "i" )
+            EXTERNAL_IP="$OPTARG"
+            ;;
+        "h" )
+            usage
+            exit 0
+            ;;
+        * )
+            usage
+            exit 1
+            ;;
+    esac
+done
+
+which kubectl 1>/dev/null
+
+function kube_cmd {
+    kubectl $NAMESPACE "$@"
+}
+
+workdir=$(dirname $0)
+
+if [ -z $EXTERNAL_IP ]; then
+    echo "External IP should be provided via -i param"
+    usage
+    exit 1
+fi
+
+if [ -z $TLS_KEY ] || [ -z $TLS_CERT ]; then
+    TLS_KEY="tls.key"
+    TLS_CERT="tls.crt"
+    CLEANUP="True"
+    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $TLS_KEY -out $TLS_CERT -subj "/CN=*.$DOMAIN"
+fi
+
+kube_cmd create secret generic traefik-cert --from-file=$TLS_CERT --from-file=$TLS_KEY
+sed -e "s/HTTP_PORT/$HTTP_PORT/g" -e "s/HTTPS_PORT/$HTTPS_PORT/g" $workdir/traefik-conf.yaml | kube_cmd create -f -
+sleep 1
+sed -e "s/HTTP_PORT/$HTTP_PORT/g" -e "s/HTTPS_PORT/$HTTPS_PORT/g" -e "s/EXTERNAL_IP/$EXTERNAL_IP/g" $workdir/controller.yaml | kube_cmd create -f -
+
+if [ -n $CLEANUP ]; then
+    rm $TLS_KEY $TLS_CERT
+fi

tools/ingress/traefik-conf.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: traefik-conf
+data:
+  traefik.toml: |
+    defaultEntryPoints = ["http","https"]
+    [entryPoints]
+      [entryPoints.http]
+      address = ":HTTP_PORT"
+        [entryPoints.http.redirect]
+          entryPoint = "https"
+      [entryPoints.https]
+      address = ":HTTPS_PORT"
+        [entryPoints.https.tls]
+          [[entryPoints.https.tls.certificates]]
+          CertFile = "/ssl/tls.crt"
+          KeyFile = "/ssl/tls.key"