From ad468883c6d431bcc8cd5c49452800ff7e93e294 Mon Sep 17 00:00:00 2001
From: Drew Walters <drewwalters96@gmail.com>
Date: Mon, 11 Feb 2019 22:35:52 +0000
Subject: [PATCH] mini-mirror: Add ingress

Currently, services rely on an in-cluster service address in order to
interact with mini-mirror. This change introduces support for cluster
ingress so services or nodes may resolve mini-mirror from outside a
cluster.

Change-Id: I5cc451de3f3e1be7d046bf9ca50b1ad53682d01b
---
 .../templates/deployment-mini-mirror.yaml     |  4 +--
 .../templates/ingress-mini-mirror.yaml        | 21 ++++++++++++++++
 mini-mirror/templates/secret-ingress-tls.yaml | 21 ++++++++++++++++
 .../service-ingress-mini-mirror.yaml          | 21 ++++++++++++++++
 .../templates/service-mini-mirror.yaml        |  6 ++---
 mini-mirror/values.yaml                       | 25 ++++++++++++++++++-
 6 files changed, 92 insertions(+), 6 deletions(-)
 create mode 100644 mini-mirror/templates/ingress-mini-mirror.yaml
 create mode 100644 mini-mirror/templates/secret-ingress-tls.yaml
 create mode 100644 mini-mirror/templates/service-ingress-mini-mirror.yaml

diff --git a/mini-mirror/templates/deployment-mini-mirror.yaml b/mini-mirror/templates/deployment-mini-mirror.yaml
index 4dd6e776..3b888d6e 100644
--- a/mini-mirror/templates/deployment-mini-mirror.yaml
+++ b/mini-mirror/templates/deployment-mini-mirror.yaml
@@ -40,8 +40,8 @@ spec:
         - name: mini-mirror-api
 {{ tuple $envAll "mini-mirror" | include "helm-toolkit.snippets.image" | indent 10 }}
           ports:
-            - name: http
-              containerPort: {{ tuple "api" "port" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+            - name: api
+              containerPort: {{ tuple "api" "port" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
 {{ if .Values.network.api.node_port.enabled }}
               nodePort: {{ .Values.network.api.node_port.port }}
 {{ end }}
diff --git a/mini-mirror/templates/ingress-mini-mirror.yaml b/mini-mirror/templates/ingress-mini-mirror.yaml
new file mode 100644
index 00000000..642e3783
--- /dev/null
+++ b/mini-mirror/templates/ingress-mini-mirror.yaml
@@ -0,0 +1,21 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+Copyright 2019, AT&T Intellectual Property
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.ingress .Values.network.api.ingress.public }}
+{{- $ingressOpts := dict "envAll" . "backendServiceType" "api" "backendPort" "api" -}}
+{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
+{{- end }}
diff --git a/mini-mirror/templates/secret-ingress-tls.yaml b/mini-mirror/templates/secret-ingress-tls.yaml
new file mode 100644
index 00000000..d6284eb0
--- /dev/null
+++ b/mini-mirror/templates/secret-ingress-tls.yaml
@@ -0,0 +1,21 @@
+{{/*
+Copyright 2017-2018 The Openstack-Helm Authors.
+Copyright 2019, AT&T Intellectual Property
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.secret_ingress_tls }}
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "api" ) }}
+{{- end }}
+
diff --git a/mini-mirror/templates/service-ingress-mini-mirror.yaml b/mini-mirror/templates/service-ingress-mini-mirror.yaml
new file mode 100644
index 00000000..e674e2aa
--- /dev/null
+++ b/mini-mirror/templates/service-ingress-mini-mirror.yaml
@@ -0,0 +1,21 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+Copyright 2019, AT&T Intellectual Property
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.service_ingress .Values.network.api.ingress.public }}
+{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "api" -}}
+{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
+{{- end }}
diff --git a/mini-mirror/templates/service-mini-mirror.yaml b/mini-mirror/templates/service-mini-mirror.yaml
index bf781714..ef42e085 100644
--- a/mini-mirror/templates/service-mini-mirror.yaml
+++ b/mini-mirror/templates/service-mini-mirror.yaml
@@ -20,14 +20,14 @@ limitations under the License.
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ tuple "api" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+  name: {{ tuple "api" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
 spec:
   ports:
-  - name: http
+  - name: api
 {{ if .Values.network.api.node_port.enabled }}
     nodePort: {{ .Values.network.api.node_port.port }}
 {{ end }}
-    port: {{ .Values.endpoints.api.port.http.public }}
+    port: {{ tuple "api" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
     protocol: TCP
     targetPort: 80
   selector:
diff --git a/mini-mirror/values.yaml b/mini-mirror/values.yaml
index 64a4ff79..ef1265a2 100644
--- a/mini-mirror/values.yaml
+++ b/mini-mirror/values.yaml
@@ -110,12 +110,19 @@ endpoints:
       public: mini-mirror
     host_fqdn_override:
       default: null
+      # NOTE(drewwalters96): this chart supports TLS for fqdn over-ridden
+      # public endpoints using the following format:
+      # public:
+      #   host: null
+      #   tls:
+      #     crt: null
+      #     key: null
     path:
       default: /
     scheme:
       default: http
     port:
-      http:
+      api:
         default: 8888
         public: 80
 
@@ -125,13 +132,29 @@ network:
     node_port:
       enabled: false
       port: 8888
+    ingress:
+      public: true
+      classes:
+        namespace: "nginx"
+        cluster: "nginx-cluster"
+      annotations:
+        nginx.ingress.kubernetes.io/rewrite-target: /
+
+secrets:
+  tls:
+    api:
+      api:
+        public: mini-mirror-tls-public
 
 manifests:
   configmap_bin: true
   configmap_etc: true
   deployment_mini_mirror: true
   helm_test: true
+  ingress: true
   job_image_repo_sync: true
+  secret_ingress_tls: true
+  service_ingress: true
   service_mini_mirror: true
 
 conf: