openstack
/
openstack-helm-infra
Code Issues Proposed changes

Remove ingress chart 

We have not been using it for a while since some
time ago we switched to the upstream ingress-nginx.

Change-Id: I2afe101cec2ddc562190812fc27bb3fad11469f1
This commit is contained in:
Vladimir Kozhukalov 2024-04-20 01:34:29 -05:00
parent d31027cfb4
commit 67fae419b8
46 changed files with 1 additions and 2025 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/source/install/multinode.rst
View File

@ -18,7 +18,7 @@ Alternatively, this step can be performed by running the script directly:
Deploy Cluster and Namespace Ingress Controllers
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
.. literalinclude:: ../../../tools/deployment/multinode/020-ingress.sh
.. literalinclude:: ../../../tools/deployment/common/ingress.sh
:language: shell
:lines: 1,17-

1
ingress/.helmignore
View File

@ -1 +0,0 @@
values_overrides

25
ingress/Chart.yaml
View File

@ -1,25 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
apiVersion: v1
appVersion: v1.8.2
description: OpenStack-Helm Ingress Controller
name: ingress
version: 0.2.19
home: https://github.com/kubernetes/ingress
sources:
- https://github.com/kubernetes/ingress
- https://opendev.org/openstack/openstack-helm
maintainers:
- name: OpenStack-Helm Authors
...

18
ingress/requirements.yaml
View File

@ -1,18 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
dependencies:
- name: helm-toolkit
repository: file://../helm-toolkit
version: ">= 0.1.0"
...

69
ingress/templates/bin/_ingress-controller.sh.tpl
View File

@ -1,69 +0,0 @@
#!/bin/bash
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
COMMAND="${@:-start}"
function start () {
find /tmp -maxdepth 1 \! -path /tmp -perm /222 -exec rm -rfv {} \;
declare -A desired_opts
desired_opts["--stream-port"]="${PORT_STREAM}"
desired_opts["--profiler-port"]="${PORT_PROFILER}"
possible_opts=$(/nginx-ingress-controller --help 2>&1 | awk '/^ --/ { print $1 }')
extra_opts=()
for k in "${!desired_opts[@]}"; do
if echo "$possible_opts" | grep -q -- ^${k}$; then
extra_opts+=($k=${desired_opts[$k]})
fi
done
exec /usr/bin/dumb-init \
/nginx-ingress-controller \
{{- if eq .Values.deployment.mode "namespace" }}
--watch-namespace ${POD_NAMESPACE} \
{{- end }}
--http-port=${PORT_HTTP} \
--https-port=${PORT_HTTPS} \
--healthz-port=${PORT_HEALTHZ} \
--status-port=${PORT_STATUS} \
--default-server-port=${DEFAULT_SERVER_PORT} \
--election-id=${RELEASE_NAME} \
--controller-class=${CONTROLLER_CLASS} \
--ingress-class=${INGRESS_CLASS} \
{{- if .Values.deployment.cluster.ingressClassByName }}
--ingress-class-by-name=${INGRESS_CLASS_BY_NAME} \
{{- end }}
--default-backend-service=${POD_NAMESPACE}/${ERROR_PAGE_SERVICE} \
{{- if .Values.conf.default_ssl_certificate.enabled }}
{{- $ns := .Values.conf.default_ssl_certificate.namespace | default .Release.Namespace }}
{{- $secret := .Values.conf.default_ssl_certificate.name | default .Values.secrets.tls.ingress.api.public }}
--default-ssl-certificate={{ $ns }}/{{ $secret }} \
{{- end }}
--configmap=${POD_NAMESPACE}/ingress-conf \
--tcp-services-configmap=${POD_NAMESPACE}/ingress-services-tcp \
--udp-services-configmap=${POD_NAMESPACE}/ingress-services-udp \
"${extra_opts[@]}"
}
function stop () {
sleep 5
kill -TERM 1
}
$COMMAND

29
ingress/templates/bin/_ingress-vip-keepalived.sh.tpl
View File

@ -1,29 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
COMMAND="${@:-start}"
function kernel_modules () {
chroot /mnt/host-rootfs modprobe ip_vs
}
function start () {
# Exit if the interface does not exist
ip link show ${interface} > /dev/null || exit 1
ip link set ${interface} up
}
$COMMAND

60
ingress/templates/bin/_ingress-vip-routed.sh.tpl
View File

@ -1,60 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
COMMAND="${@:-start}"
function kernel_modules () {
chroot /mnt/host-rootfs modprobe dummy
}
function test_vip () {
ip addr show ${interface} | \
awk "/inet / && /${interface}/{print \$2 }" | \
awk -F '/' '{ print $1 }' | \
grep -q "${addr%/*}"
}
function start () {
ip link show ${interface} > /dev/null || ip link add ${interface} type dummy
if ! test_vip; then
ip addr add ${addr} dev ${interface}
fi
ip link set ${interface} up
garp_interface=$(ip route list match "${addr}" scope link | \
awk '$2 == "dev" { print $3; exit }')
if [ -n "${garp_interface}" ]; then
arping -U -c 3 -I "${garp_interface}" "${addr%/*}" || true
fi
}
function sleep () {
exec bash -c "while :; do sleep 2073600; done"
}
function stop () {
ip link show ${interface} > /dev/null || exit 0
if test_vip; then
ip addr del ${addr} dev ${interface}
fi
if [ "$(ip address show ${interface} | \
awk "/inet / && /${interface}/{print \$2 }" | \
wc -l)" -le "0" ]; then
ip link set ${interface} down
ip link del ${interface}
fi
}
$COMMAND

37
ingress/templates/configmap-bin.yaml
View File

@ -1,37 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_bin }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-bin
data:
{{- if .Values.images.local_registry.active }}
image-repo-sync.sh: |
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
{{- end }}
{{- if and .Values.network.host_namespace .Values.network.vip.manage }}
ingress-vip.sh: |
{{- if eq .Values.network.vip.mode "routed" }}
{{ tuple "bin/_ingress-vip-routed.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- else if eq .Values.network.vip.mode "keepalived" }}
{{ tuple "bin/_ingress-vip-keepalived.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}
{{- end }}
ingress-controller.sh: |
{{ tuple "bin/_ingress-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}

38
ingress/templates/configmap-conf.yaml
View File

@ -1,38 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_conf }}
{{- $envAll := . }}
{{- if and .Values.network.host_namespace .Values.network.vip.manage -}}
{{- if empty (index .Values.network.vip "mode") -}}
{{- $_ := set .Values.network.vip "mode" "routed" }}
{{- end -}}
{{- if empty (index .Values.conf.ingress "bind-address") -}}
{{- $_ := set .Values.conf.ingress "bind-address" ( .Values.network.vip.addr | split "/" )._0 }}
{{- end -}}
{{- else -}}
{{- if empty (index .Values.conf.ingress "bind-address") -}}
{{- $_ := unset .Values.conf.ingress "bind-address" }}
{{- end -}}
{{- end -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-conf
data:
{{ toYaml .Values.conf.ingress | indent 2 }}
{{- end }}

26
ingress/templates/configmap-services-tcp.yaml
View File

@ -1,26 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_services_tcp }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-services-tcp
{{- if not (empty $envAll.Values.conf.services.tcp) }}
data:
{{ toYaml $envAll.Values.conf.services.tcp | indent 2 }}
{{- end }}
{{- end }}

26
ingress/templates/configmap-services-udp.yaml
View File

@ -1,26 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_services_udp }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-services-udp
{{- if not (empty $envAll.Values.conf.services.udp) }}
data:
{{ toYaml $envAll.Values.conf.services.udp | indent 2 }}
{{- end }}
{{- end }}

78
ingress/templates/deployment-error.yaml
View File

@ -1,78 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.deployment_error }}
{{- $envAll := . }}
{{- $serviceAccountName := "ingress-error-pages" }}
{{ tuple $envAll "error_pages" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ingress-error-pages
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "ingress" "error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
replicas: {{ .Values.pod.replicas.error_page }}
selector:
matchLabels:
{{ tuple $envAll "ingress" "error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "ingress" "error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-conf.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "ingress-error-pages" "containerNames" (list "init" "ingress-error-pages") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "error_pages" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
shareProcessNamespace: true
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "ingress" "error-pages" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.error_server.node_selector_key }}: {{ .Values.labels.error_server.node_selector_value | quote }}
{{ if $envAll.Values.pod.tolerations.ingress.enabled }}
{{ tuple $envAll "ingress" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.error_pages.timeout | default "60" }}
initContainers:
{{ tuple $envAll "error_pages" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: ingress-error-pages
{{ tuple $envAll "error_pages" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.error_pages | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "error_pages" "container" "ingress_error_pages" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
ports:
- containerPort: 8080
volumeMounts:
- name: pod-tmp
mountPath: /tmp
volumes:
- name: pod-tmp
emptyDir: {}
{{- end }}

402
ingress/templates/deployment-ingress.yaml
View File

@ -1,402 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.deployment_ingress }}
{{- $envAll := . }}
{{- $serviceAccountName := printf "%s-%s" .Release.Name "ingress" }}
{{ tuple $envAll "ingress" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ $serviceAccountName }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses/status
- ingressclasses/status
verbs:
- update
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ $serviceAccountName }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ $serviceAccountName }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- {{ $envAll.Release.Name }}
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- create
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- create
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ $serviceAccountName }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
---
{{- if eq .Values.deployment.type "Deployment" }}
apiVersion: apps/v1
kind: Deployment
{{- else if eq .Values.deployment.type "DaemonSet" }}
apiVersion: apps/v1
kind: DaemonSet
{{- end }}
metadata:
name: ingress
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
app: ingress-api
app.kubernetes.io/name: "ingress-api"
app.kubernetes.io/instance: {{ $serviceAccountName }}
app.kubernetes.io/component: "ingress"
app.kubernetes.io/managed-by: {{ $envAll.Release.Service }}
{{- if $envAll.Chart.AppVersion }}
app.kubernetes.io/version: {{ $envAll.Chart.AppVersion | quote }}
{{- end }}
spec:
{{- if eq .Values.deployment.type "Deployment" }}
replicas: {{ .Values.pod.replicas.ingress }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
{{- end }}
selector:
matchLabels:
{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
app: ingress-api
template:
metadata:
labels:
{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
app: ingress-api
app.kubernetes.io/name: "ingress-api"
app.kubernetes.io/instance: {{ $serviceAccountName }}
app.kubernetes.io/component: "ingress"
app.kubernetes.io/managed-by: {{ $envAll.Release.Service }}
{{- if $envAll.Chart.AppVersion }}
app.kubernetes.io/version: {{ $envAll.Chart.AppVersion | quote }}
{{- end }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-conf.yaml" . | include "helm-toolkit.utils.hash" }}
{{- $containers := "init ingress" }}
{{- if and .Values.network.host_namespace .Values.network.vip.manage }}
{{- $containers = printf "%s ingress-vip-kernel-modules ingress-vip-init ingress-vip" $containers }}
{{- end }}
{{- $containers = splitList " " $containers }}
{{ dict "envAll" $envAll "podName" "ingress-server" "containerNames" $containers | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
shareProcessNamespace: true
serviceAccountName: {{ $serviceAccountName }}
{{- if eq .Values.deployment.type "Deployment" }}
affinity:
{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
{{- end }}
{{ if $envAll.Values.pod.tolerations.ingress.enabled }}
{{ tuple $envAll "ingress" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
nodeSelector:
{{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value | quote }}
{{- if .Values.network.host_namespace }}
hostNetwork: true
{{- end }}
dnsPolicy: {{ .Values.pod.dns_policy }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.server.timeout | default "60" }}
initContainers:
{{ tuple $envAll "ingress" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{- if and .Values.network.host_namespace .Values.network.vip.manage }}
- name: ingress-vip-kernel-modules
{{ tuple $envAll "ingress_module_init" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ dict "envAll" $envAll "application" "server" "container" "ingress_vip_kernel_modules" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- /tmp/nginx/ingress-vip.sh
- kernel_modules
volumeMounts:
- name: pod-tmp
mountPath: /tmp/nginx
- name: ingress-bin
mountPath: /tmp/nginx/ingress-vip.sh
subPath: ingress-vip.sh
readOnly: true
- name: host-rootfs
mountPath: /mnt/host-rootfs
mountPropagation: HostToContainer
readOnly: true
- name: ingress-vip-init
{{ tuple $envAll "ingress_routed_vip" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ dict "envAll" $envAll "application" "server" "container" "ingress_vip_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
env:
{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.vip | indent 12 }}
command:
- /tmp/nginx/ingress-vip.sh
- start
volumeMounts:
- name: pod-tmp
mountPath: /tmp/nginx
- name: ingress-bin
mountPath: /tmp/nginx/ingress-vip.sh
subPath: ingress-vip.sh
readOnly: true
{{- end }}
containers:
- name: ingress
{{ tuple $envAll "ingress" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.ingress | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "server" "container" "ingress" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
readinessProbe:
httpGet:
path: /healthz
port: {{ tuple "ingress" "internal" "healthz" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
scheme: HTTP
livenessProbe:
httpGet:
path: /healthz
port: {{ tuple "ingress" "internal" "healthz" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 1
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: PORT_HTTP
value: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: PORT_HTTPS
value: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: PORT_STATUS
value: {{ tuple "ingress" "internal" "status" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: PORT_STREAM
value: {{ tuple "ingress" "internal" "stream" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: PORT_PROFILER
value: {{ tuple "ingress" "internal" "profiler" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: PORT_HEALTHZ
value: {{ tuple "ingress" "internal" "healthz" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: DEFAULT_SERVER_PORT
value: {{ tuple "ingress" "internal" "server" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: RELEASE_NAME
value: {{ .Release.Name | quote }}
- name: ERROR_PAGE_SERVICE
value: {{ tuple "ingress" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote }}
- name: INGRESS_CLASS
value: "{{ .Values.deployment.cluster.class }}"
{{- if .Values.deployment.cluster.ingressClassByName }}
- name: INGRESS_CLASS_BY_NAME
value: "{{ .Values.deployment.cluster.ingressClassByName }}"
{{- end }}
- name: CONTROLLER_CLASS
value: "{{ .Values.deployment.cluster.controllerClass }}"
ports:
- containerPort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.host_namespace }}
hostPort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
- containerPort: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.host_namespace }}
hostPort: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
- containerPort: {{ tuple "ingress" "internal" "status" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.host_namespace }}
hostPort: {{ tuple "ingress" "internal" "status" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
- containerPort: {{ tuple "ingress" "internal" "healthz" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.host_namespace }}
hostPort: {{ tuple "ingress" "internal" "healthz" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
- containerPort: {{ tuple "ingress" "internal" "server" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.host_namespace }}
hostPort: {{ tuple "ingress" "internal" "server" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
command:
- /tmp/nginx/ingress-controller.sh
- start
lifecycle:
preStop:
exec:
command:
- /tmp/nginx/ingress-controller.sh
- stop
volumeMounts:
- name: pod-tmp
mountPath: /tmp/nginx
- name: ingress-bin
mountPath: /tmp/nginx/ingress-controller.sh
subPath: ingress-controller.sh
readOnly: true
{{- if and .Values.network.host_namespace .Values.network.vip.manage }}
- name: ingress-vip
{{- if eq .Values.network.vip.mode "routed" }}
{{ tuple $envAll "ingress_routed_vip" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ dict "envAll" $envAll "application" "server" "container" "ingress_vip" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
env:
{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.vip | indent 12 }}
command:
- /tmp/nginx/ingress-vip.sh
- sleep
lifecycle:
preStop:
exec:
command:
- /tmp/nginx/ingress-vip.sh
- stop
volumeMounts:
- name: pod-tmp
mountPath: /tmp/nginx
- name: ingress-bin
mountPath: /tmp/nginx/ingress-vip.sh
subPath: ingress-vip.sh
readOnly: true
{{- else if eq .Values.network.vip.mode "keepalived" }}
{{ tuple $envAll "keepalived" | include "helm-toolkit.snippets.image" | indent 10 }}
env:
- name: KEEPALIVED_INTERFACE
value: {{ .Values.network.vip.interface | quote }}
- name: KEEPALIVED_VIRTUAL_IPS
value: {{ ( .Values.network.vip.addr | split "/" )._0 | quote }}
- name: KEEPALIVED_UNICAST_PEERS
value: null
- name: KEEPALIVED_ROUTER_ID
value: {{ .Values.network.vip.keepalived_router_id | quote }}
{{- end }}
{{- end }}
volumes:
- name: pod-tmp
emptyDir: {}
- name: ingress-bin
configMap:
name: ingress-bin
defaultMode: 0555
{{- if and .Values.network.host_namespace .Values.network.vip.manage }}
- name: host-rootfs
hostPath:
path: /
{{- end }}
{{- end }}

51
ingress/templates/endpoints-ingress.yaml
View File

@ -1,51 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.endpoints_ingress }}
{{- $envAll := . }}
{{- if and .Values.network.host_namespace .Values.network.vip.manage -}}
---
apiVersion: "v1"
kind: "Endpoints"
metadata:
labels:
{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
endpoint: vip
name: {{ tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
subsets:
- addresses:
- ip: {{ ( .Values.network.vip.addr | split "/" )._0 | quote }}
ports:
- port: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
protocol: TCP
name: http
- port: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
protocol: TCP
name: https
{{- if not (empty $envAll.Values.conf.services.tcp) }}
{{range $key, $value := $envAll.Values.conf.services.tcp -}}
- port: {{ $key }}
protocol: TCP
name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }}
{{ end -}}
{{- end }}
{{- if not (empty $envAll.Values.conf.services.udp) }}
{{range $key, $value := $envAll.Values.conf.services.udp -}}
- port: {{ $key }}
protocol: UDP
name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }}
{{ end -}}
{{- end }}
{{- end }}
{{- end }}

32
ingress/templates/ingress-class.yaml
View File

@ -1,32 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.ingressClass }}
{{- $envAll := . }}
{{- if empty (index .Values.network.ingress.spec "ingressClassName") }}
{{- $_ := set .Values.network.ingress.spec "ingressClassName" .Values.deployment.cluster.class -}}
{{- end }}
{{- if empty (index .Values.network.ingressClass.spec "controller") }}
{{- $_ := set .Values.network.ingressClass.spec "controller" .Values.deployment.cluster.controllerClass -}}
{{- end }}
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
labels:
app.kubernetes.io/component: controller
name: {{ index $envAll.Values.network.ingress.spec "ingressClassName" | quote }}
spec:
controller: {{ index $envAll.Values.network.ingressClass.spec "controller" | quote }}
{{- end }}

46
ingress/templates/ingress.yaml
View File

@ -1,46 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.ingress }}
{{- $envAll := . }}
{{- if eq .Values.deployment.mode "namespace" }}
{{- if empty (index .Values.network.ingress.spec "ingressClassName") -}}
{{- $_ := set .Values.network.ingress.spec "ingressClassName" .Values.deployment.cluster.class -}}
{{- end -}}
{{- $serviceName := tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" -}}
{{- $servicePort := tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" -}}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Release.Namespace }}-{{ .Release.Name }}
spec:
{{ toYaml .Values.network.ingress.spec | indent 2 }}
rules:
- host: {{ printf "%s.%s.svc.%s" "*" .Release.Namespace .Values.endpoints.cluster_domain_suffix | quote }}
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: {{ $serviceName }}
port:
{{- if or (kindIs "int" $servicePort) (regexMatch "^[0-9]{1,5}$" $servicePort) }}
number: {{ $servicePort | int }}
{{- else }}
name: {{ $servicePort | quote }}
{{- end }}
{{- end }}
{{- end }}

21
ingress/templates/job-image-repo-sync.yaml
View File

@ -1,21 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "ingress" -}}
{{- if .Values.pod.tolerations.ingress.enabled -}}
{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
{{- end }}

18
ingress/templates/network_policy.yaml
View File

@ -1,18 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.network_policy -}}
{{- $netpol_opts := dict "envAll" . "name" "application" "label" "ingress" -}}
{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{- end -}}

25
ingress/templates/secret-dhparam.yaml
View File

@ -1,25 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_dhparam }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Secret
metadata:
name: secret-dhparam
type: Opaque
data:
dhparam.pem: {{ .Values.secrets.dhparam.secret_dhparam | b64enc }}
{{- end }}

17
ingress/templates/secret-ingress-tls.yaml
View File

@ -1,17 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_ingress_tls }}
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "ingress" ) }}
{{- end }}

17
ingress/templates/secret-registry.yaml
View File

@ -1,17 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

32
ingress/templates/service-error.yaml
View File

@ -1,32 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_error }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
labels:
{{ tuple $envAll "ingress" "error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
name: {{ tuple "ingress" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
clusterIP: None
ports:
- port: 80
protocol: TCP
targetPort: 8080
selector:
{{ tuple $envAll "ingress" "error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- end }}

36
ingress/templates/service-ingress-metrics-exporter.yaml
View File

@ -1,36 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.monitoring.prometheus.service_exporter }}
{{- if .Values.monitoring.prometheus.enabled }}
{{- $envAll := . }}
{{- $prometheus_annotations := $envAll.Values.monitoring.prometheus.ingress_exporter }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "ingress_exporter" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
labels:
{{ tuple $envAll "ingress_exporter" "metrics" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
annotations:
{{- if .Values.monitoring.prometheus.enabled }}
{{ tuple $prometheus_annotations | include "helm-toolkit.snippets.prometheus_service_annotations" | indent 4 }}
{{- end }}
spec:
ports:
- name: metrics
port: {{ .Values.endpoints.ingress_exporter.port.metrics.default }}
selector:
{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}{{- end }}
{{- end }}

77
ingress/templates/service-ingress.yaml
View File

@ -1,77 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_ingress }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
labels:
{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- if and .Values.network.host_namespace .Values.network.vip.manage }}
endpoint: vip
{{- end }}
name: {{ tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
{{- if and .Values.network.host_namespace .Values.network.vip.manage }}
clusterIP: None
{{- end }}
{{- if .Values.network.vip.assign_as_external_ip }}
externalIPs:
- {{ (.Values.network.vip.addr | split "/")._0 }}
{{- end }}
ports:
- name: http
port: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
protocol: TCP
targetPort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.ingress.node_port.enabled }}
nodePort: {{ .Values.network.ingress.node_port.http_port }}
{{- end }}
- name: https
port: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
protocol: TCP
targetPort: {{ tuple "ingress" "internal" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.network.ingress.node_port.enabled }}
nodePort: {{ .Values.network.ingress.node_port.https_port }}
{{- end }}
- name: status
port: {{ tuple "ingress" "internal" "status" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
protocol: TCP
targetPort: {{ tuple "ingress" "internal" "status" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if not (empty $envAll.Values.conf.services.tcp) }}
{{range $key, $value := $envAll.Values.conf.services.tcp -}}
- name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }}
port: {{ $key }}
protocol: TCP
targetPort: {{ $key }}
{{ end -}}
{{- end }}
{{- if not (empty $envAll.Values.conf.services.udp) }}
{{range $key, $value := $envAll.Values.conf.services.udp -}}
- name: {{ cat ((( $value | split "/" )._1 | split ":" )._0 | trunc 8 ) $key | nospace | quote }}
port: {{ $key }}
protocol: UDP
targetPort: {{ $key }}
{{ end -}}
{{- end }}
{{- if not (and .Values.network.host_namespace .Values.network.vip.manage) }}
selector:
{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- end }}
{{- if .Values.network.ingress.node_port.enabled }}
type: NodePort
{{- end }}
{{- end }}

363
ingress/values.yaml
View File

@ -1,363 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for ingress.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
---
deployment:
mode: namespace
type: Deployment
cluster:
class: "nginx-cluster"
ingressClassByName: false
controllerClass: "k8s.io/nginx-ingress"
images:
tags:
entrypoint: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
ingress: registry.k8s.io/ingress-nginx/controller:v1.8.2
ingress_module_init: docker.io/openstackhelm/neutron:xena-ubuntu_focal
ingress_routed_vip: docker.io/openstackhelm/neutron:xena-ubuntu_focal
error_pages: registry.k8s.io/defaultbackend:1.4
keepalived: docker.io/osixia/keepalived:1.4.5
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: docker.io/library/docker:17.07.0
pull_policy: "IfNotPresent"
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
pod:
security_context:
error_pages:
pod:
runAsUser: 65534
container:
ingress_error_pages:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
server:
pod:
runAsUser: 65534
container:
ingress_vip_kernel_modules:
capabilities:
add:
- SYS_MODULE
readOnlyRootFilesystem: true
runAsUser: 0
ingress_vip_init:
capabilities:
add:
- NET_ADMIN
readOnlyRootFilesystem: true
runAsUser: 0
ingress:
readOnlyRootFilesystem: false
runAsUser: 101
ingress_vip:
capabilities:
add:
- NET_ADMIN
readOnlyRootFilesystem: true
runAsUser: 0
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
weight:
default: 10
tolerations:
ingress:
enabled: false
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
dns_policy: "ClusterFirstWithHostNet"
replicas:
ingress: 1
error_page: 1
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
termination_grace_period:
server:
timeout: 60
error_pages:
timeout: 60
resources:
enabled: false
ingress:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
error_pages:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
image_repo_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
labels:
server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
error_server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
network:
host_namespace: false
vip:
manage: false
# what type of vip manage machanism will be used
# possible options: routed, keepalived
mode: routed
interface: ingress-vip
addr: 172.18.0.1/32
keepalived_router_id: 100
# Use .network.vip.addr as an external IP for the service
# Useful if the CNI or provider can set up routes, etc.
assign_as_external_ip: false
ingressClass:
spec:
controller: null
ingress:
spec:
ingressClassName: null
node_port:
enabled: false
http_port: 30080
https_port: 30443
annotations:
# NOTE(portdirect): if left blank this is populated from
# .deployment.cluster.class
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-Frame-Options: deny";
more_set_headers "X-Permitted-Cross-Domain-Policies: none";
more_set_headers "Content-Security-Policy: script-src 'self'";
external_policy_local: false
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- ingress-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
error_pages:
jobs: null
ingress:
jobs: null
image_repo_sync:
services:
- endpoint: internal
service: local_image_registry
monitoring:
prometheus:
enabled: true
ingress_exporter:
scrape: true
port: 10254
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
ingress:
username: ingress
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
ingress:
hosts:
default: ingress
error_pages: ingress-error-pages
host_fqdn_override:
default: null
# NOTE: The values under .endpoints.ingress.host_fqdn_override.public.tls
# will be used for the default SSL certificate.
# See also the .conf.default_ssl_certificate options below.
public:
tls:
crt: ""
key: ""
port:
http:
default: 80
https:
default: 443
healthz:
default: 10254
status:
default: 10246
stream:
default: 10247
profiler:
default: 10245
server:
default: 8181
ingress_exporter:
namespace: null
hosts:
default: ingress-exporter
host_fqdn_override:
default: null
path:
default: null
scheme:
default: 'http'
port:
metrics:
default: 10254
kube_dns:
namespace: kube-system
name: kubernetes-dns
hosts:
default: kube-dns
host_fqdn_override:
default: null
path:
default: null
scheme: http
port:
dns_tcp:
default: 53
dns:
default: 53
protocol: UDP
network_policy:
ingress:
ingress:
- {}
egress:
- {}
secrets:
oci_image_registry:
ingress: ingress-oci-image-registry-key
tls:
ingress:
api:
# .secrets.tls.ingress.api.public="name of the TLS secret to create for the default cert"
# NOTE: The contents of the secret are from .endpoints.ingress.host_fqdn_override.public.tls
public: default-tls-public
dhparam:
secret_dhparam: |
conf:
ingress:
enable-underscores-in-headers: "true"
# NOTE(portdirect): if left blank this is populated from
# .network.vip.addr when running in host networking
# and .network.vip.manage=true, otherwise it is left as
# an empty string (the default).
bind-address: null
enable-vts-status: "true"
server-tokens: "false"
ssl-dh-param: openstack/secret-dhparam
# This block sets the --default-ssl-certificate option
# https://kubernetes.github.io/ingress-nginx/user-guide/tls/#default-ssl-certificate
default_ssl_certificate:
# .conf.default_ssl_certificate.enabled=true: use a default certificate
enabled: false
# If referencing an existing TLS secret with the default cert
# .conf.default_ssl_certificate.name="name of the secret"
# (defaults to value of .secrets.tls.ingress.api.public)
# .conf.default_ssl_certificate.namespace="namespace of the secret"
# (optional, defaults to release namespace)
name: ""
namespace: ""
# NOTE: To create a new secret to hold the default certificate, leave the
# above values empty, and specify:
# .endpoints.ingress.host_fqdn_override.public.tls.crt="PEM cert data"
# .endpoints.ingress.host_fqdn_override.public.tls.key="PEM key data"
# .manifests.secret_ingress_tls=true
services:
tcp: null
udp: null
manifests:
configmap_bin: true
configmap_conf: true
configmap_services_tcp: true
configmap_services_udp: true
deployment_error: true
deployment_ingress: true
endpoints_ingress: true
ingress: true
ingressClass: true
secret_ingress_tls: false
secret_dhparam: false
service_error: true
service_ingress: true
job_image_repo_sync: true
monitoring:
prometheus:
service_exporter: true
network_policy: false
secret_registry: true
...

14
ingress/values_overrides/apparmor.yaml
View File

@ -1,14 +0,0 @@
---
pod:
mandatory_access_control:
type: apparmor
ingress-error-pages:
init: runtime/default
ingress-error-pages: runtime/default
ingress-server:
init: runtime/default
ingress-vip-kernel-modules: runtime/default
ingress-vip-init: runtime/default
ingress: runtime/default
ingress-vip: runtime/default
...

7
ingress/values_overrides/ingress-class-cluster.yaml
View File

@ -1,7 +0,0 @@
---
deployment:
mode: cluster
type: DaemonSet
network:
host_namespace: true
...

8
ingress/values_overrides/ingress-class-namespaced.yaml
View File

@ -1,8 +0,0 @@
---
deployment:
mode: namespace
type: Deployment
cluster:
class: "ucp-ingress"
controllerClass: "k8s.io/ucp-ingress"
...

4
ingress/values_overrides/netpol.yaml
View File

@ -1,4 +0,0 @@
---
manifests:
network_policy: true
...

6
ingress/values_overrides/rocky-opensuse_15.yaml
View File

@ -1,6 +0,0 @@
---
images:
tags:
ingress_module_init: "docker.io/openstackhelm/neutron:rocky-opensuse_15"
ingress_routed_vip: "docker.io/openstackhelm/neutron:rocky-opensuse_15"
...

63
tools/deployment/apparmor/015-ingress.sh
View File

@ -1,63 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make ingress
: ${OSH_INFRA_EXTRA_HELM_ARGS_KUBE_SYSTEM:="$(./tools/deployment/common/get-values-overrides.sh ingress)"}
: ${OSH_INFRA_EXTRA_HELM_ARGS_OPENSTACK:="$(./tools/deployment/common/get-values-overrides.sh ingress)"}
: ${OSH_INFRA_EXTRA_HELM_ARGS_CEPH:="$(./tools/deployment/common/get-values-overrides.sh ingress)"}
#NOTE: Deploy command
: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
#NOTE: Deploy global ingress with IngressClass nginx-cluster
tee /tmp/ingress-kube-system.yaml <<EOF
deployment:
mode: cluster
type: DaemonSet
network:
host_namespace: true
EOF
helm upgrade --install ingress-kube-system ./ingress \
--namespace=kube-system \
--values=/tmp/ingress-kube-system.yaml \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_INGRESS_KUBE_SYSTEM}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
#NOTE: Deploy namespace ingress
# NOTE: In namespace osh-infra with IngressClass nginx-osh-infra
helm upgrade --install ingress-osh-infra ./ingress \
--namespace=osh-infra \
--set deployment.cluster.class=nginx-osh-infra \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_INGRESS_OPENSTACK}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
# NOTE: In namespace ceph with IngressClass nginx-ceph
helm upgrade --install ingress-ceph ./ingress \
--namespace=ceph \
--set deployment.cluster.class=nginx-ceph \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_INGRESS_CEPH}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh ceph

44
tools/deployment/common/020-ingress.sh
View File

@ -1,44 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make ingress
#NOTE: Deploy global ingress with IngressClass nginx-cluster
tee /tmp/ingress-kube-system.yaml <<EOF
deployment:
mode: cluster
type: DaemonSet
network:
host_namespace: true
EOF
helm upgrade --install ingress-kube-system ./ingress \
--namespace=kube-system \
--values=/tmp/ingress-kube-system.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
#NOTE: Deploy namespace ingress
# NOTE: In namespace osh-infra with IngressClass nginx-osh-infra
helm upgrade --install ingress-osh-infra ./ingress \
--namespace=osh-infra \
--set deployment.cluster.class=nginx-osh-infra \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_INGRESS_OPENSTACK}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra

1
tools/deployment/elastic-beats/020-ingress.sh
View File

@ -1 +0,0 @@
../multinode/020-ingress.sh

1
tools/deployment/federated-monitoring/010-ingress.sh
View File

@ -1 +0,0 @@
../common/020-ingress.sh

45
tools/deployment/keystone-auth/020-ingress.sh
View File

@ -1,45 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make ingress
#NOTE: Deploy global ingress with IngressClass nginx-cluster
tee /tmp/ingress-kube-system.yaml <<EOF
deployment:
mode: cluster
type: DaemonSet
network:
host_namespace: true
EOF
helm upgrade --install ingress-kube-system ./ingress \
--namespace=kube-system \
--values=/tmp/ingress-kube-system.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
#NOTE: Deploy namespace ingress
for NAMESPACE in openstack; do
helm upgrade --install ingress-${NAMESPACE} ./ingress \
--namespace=${NAMESPACE} \
--set deployment.cluster.class=nginx-${NAMESPACE} \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_INGRESS_OPENSTACK}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh ${NAMESPACE}
done

1
tools/deployment/mariadb-operator-cluster/020-ingress.sh
View File

@ -1 +0,0 @@
../keystone-auth/020-ingress.sh

56
tools/deployment/multinode/020-ingress.sh
View File

@ -1,56 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make ingress
#NOTE: Deploy global ingress with IngressClass nginx-cluster
tee /tmp/ingress-kube-system.yaml <<EOF
pod:
replicas:
error_page: 2
deployment:
mode: cluster
type: DaemonSet
network:
host_namespace: true
EOF
helm upgrade --install ingress-kube-system ./ingress \
--namespace=kube-system \
--values=/tmp/ingress-kube-system.yaml \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_INGRESS_KUBE_SYSTEM}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
#NOTE: Deploy namespaced ingress controllers
for NAMESPACE in osh-infra ceph; do
#NOTE: Deploy namespace ingress
tee /tmp/ingress-${NAMESPACE}.yaml <<EOF
pod:
replicas:
ingress: 2
error_page: 2
EOF
helm upgrade --install ingress-${NAMESPACE} ./ingress \
--namespace=${NAMESPACE} \
--set deployment.cluster.class=nginx-${NAMESPACE} \
--values=/tmp/ingress-${NAMESPACE}.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh ${NAMESPACE}
done

1
tools/deployment/network-policy/010-ingress.sh
View File

@ -1 +0,0 @@
../common/020-ingress.sh

45
tools/deployment/openstack-support-rook/010-ingress.sh
View File

@ -1,45 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make ingress
#NOTE: Deploy global ingress with IngressClass nginx-cluster
tee /tmp/ingress-kube-system.yaml <<EOF
deployment:
mode: cluster
type: DaemonSet
network:
host_namespace: true
EOF
helm upgrade --install ingress-kube-system ./ingress \
--namespace=kube-system \
--values=/tmp/ingress-kube-system.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
#NOTE: Deploy namespace ingress
for NAMESPACE in ceph openstack; do
helm upgrade --install ingress-${NAMESPACE} ./ingress \
--namespace=${NAMESPACE} \
--set deployment.cluster.class=nginx-${NAMESPACE} \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_INGRESS_OPENSTACK}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh ${NAMESPACE}
done

45
tools/deployment/openstack-support/010-ingress.sh
View File

@ -1,45 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make ingress
#NOTE: Deploy global ingress with IngressClass nginx-cluster
tee /tmp/ingress-kube-system.yaml <<EOF
deployment:
mode: cluster
type: DaemonSet
network:
host_namespace: true
EOF
helm upgrade --install ingress-kube-system ./ingress \
--namespace=kube-system \
--values=/tmp/ingress-kube-system.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
#NOTE: Deploy namespace ingress
for NAMESPACE in ceph openstack; do
helm upgrade --install ingress-${NAMESPACE} ./ingress \
--namespace=${NAMESPACE} \
--set deployment.cluster.class=nginx-${NAMESPACE} \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_INGRESS_OPENSTACK}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh ${NAMESPACE}
done

1
tools/deployment/osh-infra-local-storage/010-ingress.sh
View File

@ -1 +0,0 @@
../osh-infra-monitoring/020-ingress.sh

45
tools/deployment/osh-infra-logging-tls/010-ingress.sh
View File

@ -1,45 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make ingress
#NOTE: Deploy global ingress with IngressClass nginx-cluster
tee /tmp/ingress-kube-system.yaml <<EOF
deployment:
mode: cluster
type: DaemonSet
network:
host_namespace: true
EOF
helm upgrade --install ingress-kube-system ./ingress \
--namespace=kube-system \
--values=/tmp/ingress-kube-system.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
#NOTE: Deploy namespace ingress
for NAMESPACE in osh-infra ceph; do
helm upgrade --install ingress-${NAMESPACE} ./ingress \
--namespace=${NAMESPACE} \
--set deployment.cluster.class=nginx-${NAMESPACE} \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_INGRESS_OPENSTACK}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh ${NAMESPACE}
done

45
tools/deployment/osh-infra-logging/010-ingress.sh
View File

@ -1,45 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make ingress
#NOTE: Deploy global ingress with IngressClass nginx-cluster
tee /tmp/ingress-kube-system.yaml <<EOF
deployment:
mode: cluster
type: DaemonSet
network:
host_namespace: true
EOF
helm upgrade --install ingress-kube-system ./ingress \
--namespace=kube-system \
--values=/tmp/ingress-kube-system.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
#NOTE: Deploy namespace ingress
for NAMESPACE in osh-infra ceph; do
helm upgrade --install ingress-${NAMESPACE} ./ingress \
--namespace=${NAMESPACE} \
--set deployment.cluster.class=nginx-${NAMESPACE} \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_INGRESS_OPENSTACK}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh ${NAMESPACE}
done

1
tools/deployment/osh-infra-monitoring-tls/020-ingress.sh
View File

@ -1 +0,0 @@
../common/020-ingress.sh

1
tools/deployment/osh-infra-monitoring/020-ingress.sh
View File

@ -1 +0,0 @@
../common/020-ingress.sh

46
tools/deployment/tenant-ceph/020-ingress.sh
View File

@ -1,46 +0,0 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make ingress
#NOTE: Deploy global ingress with IngressClass nginx-cluster
tee /tmp/ingress-kube-system.yaml <<EOF
deployment:
mode: cluster
type: DaemonSet
network:
host_namespace: true
EOF
helm upgrade --install ingress-kube-system ./ingress \
--namespace=kube-system \
--values=/tmp/ingress-kube-system.yaml \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_INGRESS_KUBE_SYSTEM}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
#NOTE: Deploy namespaced ingress controllers
for NAMESPACE in osh-infra ceph tenant-ceph; do
#NOTE: Deploy namespace ingress
helm upgrade --install ingress-${NAMESPACE} ./ingress \
--namespace=${NAMESPACE} \
--set deployment.cluster.class=nginx-${NAMESPACE}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh ${NAMESPACE}
done