From cff2bb1c8c434d2ed968dc81d573ec449798c11e Mon Sep 17 00:00:00 2001 From: Jimmy Song Date: Fri, 27 Oct 2017 19:10:06 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BD=BF=E7=94=A8Helm=E5=AE=89=E8=A3=85Nginx?= =?UTF-8?q?=20ingress?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- SUMMARY.md | 2 + manifests/nginx-ingress/Chart.yaml | 18 ++ manifests/nginx-ingress/README.md | 133 +++++++++ manifests/nginx-ingress/templates/NOTES.txt | 64 +++++ .../nginx-ingress/templates/_helpers.tpl | 49 ++++ .../nginx-ingress/templates/clusterrole.yaml | 69 +++++ .../templates/clusterrolebinding.yaml | 19 ++ .../templates/controller-configmap.yaml | 15 ++ .../templates/controller-daemonset.yaml | 138 ++++++++++ .../templates/controller-deployment.yaml | 142 ++++++++++ .../templates/controller-metrics-service.yaml | 38 +++ .../templates/controller-service.yaml | 65 +++++ .../templates/controller-stats-service.yaml | 38 +++ .../templates/default-backend-deployment.yaml | 61 +++++ .../templates/default-backend-service.yaml | 37 +++ manifests/nginx-ingress/templates/role.yaml | 44 +++ .../nginx-ingress/templates/rolebinding.yaml | 19 ++ .../templates/serviceaccount.yaml | 11 + .../templates/tcp-configmap.yaml | 14 + .../templates/udp-configmap.yaml | 14 + manifests/nginx-ingress/values.yaml | 253 ++++++++++++++++++ practice/helm.md | 2 +- practice/nginx-ingress-installation.md | 174 ++++++++++++ usecases/edge-computing.md | 7 + 24 files changed, 1425 insertions(+), 1 deletion(-) create mode 100755 manifests/nginx-ingress/Chart.yaml create mode 100755 manifests/nginx-ingress/README.md create mode 100755 manifests/nginx-ingress/templates/NOTES.txt create mode 100755 manifests/nginx-ingress/templates/_helpers.tpl create mode 100755 manifests/nginx-ingress/templates/clusterrole.yaml create mode 100755 manifests/nginx-ingress/templates/clusterrolebinding.yaml create mode 100755 manifests/nginx-ingress/templates/controller-configmap.yaml create mode 100755 manifests/nginx-ingress/templates/controller-daemonset.yaml create mode 100755 manifests/nginx-ingress/templates/controller-deployment.yaml create mode 100755 manifests/nginx-ingress/templates/controller-metrics-service.yaml create mode 100755 manifests/nginx-ingress/templates/controller-service.yaml create mode 100755 manifests/nginx-ingress/templates/controller-stats-service.yaml create mode 100755 manifests/nginx-ingress/templates/default-backend-deployment.yaml create mode 100755 manifests/nginx-ingress/templates/default-backend-service.yaml create mode 100755 manifests/nginx-ingress/templates/role.yaml create mode 100755 manifests/nginx-ingress/templates/rolebinding.yaml create mode 100755 manifests/nginx-ingress/templates/serviceaccount.yaml create mode 100755 manifests/nginx-ingress/templates/tcp-configmap.yaml create mode 100755 manifests/nginx-ingress/templates/udp-configmap.yaml create mode 100755 manifests/nginx-ingress/values.yaml create mode 100644 practice/nginx-ingress-installation.md create mode 100644 usecases/edge-computing.md diff --git a/SUMMARY.md b/SUMMARY.md index 77e04a3cb..c0772478a 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -70,6 +70,7 @@ - [4.2.2 分布式负载测试](practice/distributed-load-test.md) - [4.2.3 网络和集群性能测试](practice/network-and-cluster-perfermance-test.md) - [4.2.4 边缘节点配置](practice/edge-node-configuration.md) + - [4.2.5 使用Helm安装Nginx ingress](practice/nginx-ingress-installation.md) - [4.3 运维管理](practice/operation.md) - [4.3.1 服务滚动升级](practice/service-rolling-update.md) - [4.3.2 应用日志收集](practice/app-log-collection.md) @@ -105,6 +106,7 @@ - [5.2.1 Spark standalone on Kubernetes](usecases/spark-standalone-on-kubernetes.md) - [5.2.2 运行支持kubernetes原生调度的Spark程序](usecases/running-spark-with-kubernetes-native-scheduler.md) - [5.3 Serverless架构](usecases/serverless.md) + - [5.4 边缘计算](usecases/edge-computing.md) - [6. 开发指南](develop/index.md) - [6.1 开发环境搭建](develop/developing-environment.md) - [6.2 单元测试和集成测试](develop/testing.md) diff --git a/manifests/nginx-ingress/Chart.yaml b/manifests/nginx-ingress/Chart.yaml new file mode 100755 index 000000000..ce235ee41 --- /dev/null +++ b/manifests/nginx-ingress/Chart.yaml @@ -0,0 +1,18 @@ +appVersion: 0.9.0-beta.15 +description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration. +engine: gotpl +icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png +keywords: +- ingress +- nginx +maintainers: +- email: jack.zampolin@gmail.com + name: jackzampolin +- email: mgoodness@gmail.com + name: mgoodness +- email: chance.zibolski@coreos.com + name: chancez +name: nginx-ingress +sources: +- https://github.com/kubernetes/ingress-nginx +version: 0.8.9 diff --git a/manifests/nginx-ingress/README.md b/manifests/nginx-ingress/README.md new file mode 100755 index 000000000..489e42e5b --- /dev/null +++ b/manifests/nginx-ingress/README.md @@ -0,0 +1,133 @@ +# nginx-ingress + +[nginx-ingress](https://github.com/kubernetes/ingress/tree/master/controllers/nginx) is an Ingress controller that uses ConfigMap to store the nginx configuration. + +To use, add the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. + +## TL;DR; + +```console +$ helm install stable/nginx-ingress +``` + +## Introduction + +This chart bootstraps an nginx-ingress deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + - Kubernetes 1.4+ with Beta APIs enabled + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm install --name my-release stable/nginx-ingress +``` + +The command deploys nginx-ingress on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the nginx-ingress chart and their default values. + +Parameter | Description | Default +--- | --- | --- +`controller.name` | name of the controller component | `controller` +`controller.image.repository` | controller container image repository | `gcr.io/google_containers/nginx-ingress-controller` +`controller.image.tag` | controller container image tag | `0.9.0-beta.15` +`controller.image.pullPolicy` | controller container image pull policy | `IfNotPresent` +`controller.config` | nginx ConfigMap entries | none +`controller.hostNetwork` | If the nginx deployment / daemonset should run on the host's network namespace | false +`controller.defaultBackendService` | default 404 backend service; required only if `defaultBackend.enabled = false` | `""` +`controller.electionID` | election ID to use for the status update | `ingress-controller-leader` +`controller.ingressClass` | name of the ingress class to route through this controller | `nginx` +`controller.scope.enabled` | limit the scope of the ingress controller | `false` (watch all namespaces) +`controller.scope.namespace` | namespace to watch for ingress | `""` (use the release namespace) +`controller.extraArgs` | Additional controller container arguments | `{}` +`controller.kind` | install as Deployment or DaemonSet | `Deployment` +`controller.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` +`controller.nodeSelector` | node labels for pod assignment | `{}` +`controller.podAnnotations` | annotations to be added to pods | `{}` +`controller.replicaCount` | desired number of controller pods | `1` +`controller.resources` | controller pod resource requests & limits | `{}` +`controller.service.annotations` | annotations for controller service | `{}` +`controller.publishService.enabled` | if true, the controller will set the endpoint records on the ingress objects to reflect those on the service | `false` +`controller.publishService.pathOverride` | override of the default publish-service name | `""` +`controller.service.clusterIP` | internal controller cluster service IP | `""` +`controller.service.externalIPs` | controller service external IP addresses | `[]` +`controller.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` +`controller.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` +`controller.service.targetPorts.http` | Sets the targetPort that maps to the Ingress' port 80 | `80` +`controller.service.targetPorts.https` | Sets the targetPort that maps to the Ingress' port 443 | `443` +`controller.service.type` | type of controller service to create | `LoadBalancer` +`controller.service.nodePorts.http` | If `controller.service.type` is `NodePort` and this is non-empty, it sets the nodePort that maps to the Ingress' port 80 | `""` +`controller.service.nodePorts.https` | If `controller.service.type` is `NodePort` and this is non-empty, it sets the nodePort that maps to the Ingress' port 443 | `""` +`controller.stats.enabled` | if true, enable "vts-status" page & Prometheus metrics | `false` +`controller.stats.service.annotations` | annotations for controller stats service | `{}` +`controller.stats.service.clusterIP` | internal controller stats cluster service IP | `""` +`controller.stats.service.externalIPs` | controller service stats external IP addresses | `[]` +`controller.stats.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` +`controller.stats.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` +`controller.stats.service.type` | type of controller stats service to create | `ClusterIP` +`defaultBackend.name` | name of the default backend component | `default-backend` +`defaultBackend.image.repository` | default backend container image repository | `gcr.io/google_containers/defaultbackend` +`defaultBackend.image.tag` | default backend container image tag | `1.3` +`defaultBackend.image.pullPolicy` | default backend container image pull policy | `IfNotPresent` +`defaultBackend.extraArgs` | Additional default backend container arguments | `{}` +`defaultBackend.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` +`defaultBackend.nodeSelector` | node labels for pod assignment | `{}` +`defaultBackend.podAnnotations` | annotations to be added to pods | `{}` +`defaultBackend.replicaCount` | desired number of default backend pods | `1` +`defaultBackend.resources` | default backend pod resource requests & limits | `{}` +`defaultBackend.service.annotations` | annotations for default backend service | `{}` +`defaultBackend.service.clusterIP` | internal default backend cluster service IP | `""` +`defaultBackend.service.externalIPs` | default backend service external IP addresses | `[]` +`defaultBackend.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` +`defaultBackend.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` +`defaultBackend.service.type` | type of default backend service to create | `ClusterIP` +`rbac.create` | If true, create & use RBAC resources | `false` +`rbac.serviceAccountName` | ServiceAccount to be used (ignored if rbac.create=true) | `default` +`statsExporter.name` | name of the Prometheus metrics exporter component | `stats-exporter` +`statsExporter.image.repository` | Prometheus metrics exporter container image repository | `sophos/nginx-vts-exporter` +`statsExporter.image.tag` | Prometheus metrics exporter image tag | `v0.6` +`statsExporter.image.pullPolicy` | Prometheus metrics exporter image pull policy | `IfNotPresent` +`statsExporter.endpoint` | path at which Prometheus metrics are exposed | `/metrics` +`statsExporter.extraArgs` | Additional Prometheus metrics exporter container arguments | `{}` +`statsExporter.metricsNamespace` | namespace used for metrics labeling | `nginx` +`statsExporter.statusPage` | URL of "vts-stats" page exposed by controller | `http://localhost:18080/nginx_status/format/json` +`statsExporter.resources` | Prometheus metrics exporter resource requests & limits | `{}` +`statsExporter.service.annotations` | annotations for Prometheus metrics exporter service | `{}` +`statsExporter.service.clusterIP` | cluster IP address to assign to service | `""` +`statsExporter.service.externalIPs` | Prometheus metrics exporter service external IP addresses | `[]` +`statsExporter.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` +`statsExporter.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` +`statsExporter.service.servicePort` | Prometheus metrics exporter service port | `9913` +`statsExporter.service.type` | type of Prometheus metrics exporter service to create | `ClusterIP` +`tcp` | TCP service key:value pairs | `{}` +`udp` | UDP service key:value pairs | `{}` + +```console +$ helm install stable/nginx-ingress --name my-release \ + --set controller.stats.enabled=true +``` + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +$ helm install stable/nginx-ingress --name my-release -f values.yaml +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/manifests/nginx-ingress/templates/NOTES.txt b/manifests/nginx-ingress/templates/NOTES.txt new file mode 100755 index 000000000..81efaa586 --- /dev/null +++ b/manifests/nginx-ingress/templates/NOTES.txt @@ -0,0 +1,64 @@ +The nginx-ingress controller has been installed. + +{{- if contains "NodePort" .Values.controller.service.type }} +Get the application URL by running these commands: + +{{- if (not (empty .Values.controller.service.nodePorts.http)) }} + export HTTP_NODE_PORT={{ .Values.controller.service.nodePorts.http }} +{{- else }} + export HTTP_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[0].nodePort}" {{ template "controller.fullname" . }}) +{{- end }} +{{- if (not (empty .Values.controller.service.nodePorts.https)) }} + export HTTPS_NODE_PORT={{ .Values.controller.service.nodePorts.https }} +{{- else }} + export HTTPS_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[1].nodePort}" {{ template "controller.fullname" . }}) +{{- end }} + export NODE_IP=$(kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}") + + echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP." + echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS." +{{- else if contains "LoadBalancer" .Values.controller.service.type }} +It may take a few minutes for the LoadBalancer IP to be available. +You can watch the status by running 'kubectl --namespace {{ .Release.Namespace }} get services -o wide -w {{ template "controller.fullname" . }}' +{{- else if contains "ClusterIP" .Values.controller.service.type }} +Get the application URL by running these commands: + export POD_NAME=$(kubectl --namespace {{ .Release.Namespace }} get pods -o jsonpath="{.items[0].metadata.name}" -l "app={{ template "name" . }},component={{ .Values.controller.name }},release={{ .Release.Name }}") + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 + echo "Visit http://127.0.0.1:8080 to access your application." +{{- end }} + +An example Ingress that makes use of the controller: + + apiVersion: extensions/v1beta1 + kind: Ingress + metadata: + annotations: + kubernetes.io/ingress.class: nginx + name: example + namespace: foo + spec: + rules: + - host: www.example.com + http: + paths: + - backend: + serviceName: exampleService + servicePort: 80 + path: / + # This section is only required if TLS is to be enabled for the Ingress + tls: + - hosts: + - www.example.com + secretName: example-tls + +If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided: + + apiVersion: v1 + kind: Secret + metadata: + name: example-tls + namespace: foo + data: + tls.crt: + tls.key: + type: kubernetes.io/tls diff --git a/manifests/nginx-ingress/templates/_helpers.tpl b/manifests/nginx-ingress/templates/_helpers.tpl new file mode 100755 index 000000000..57dd458dd --- /dev/null +++ b/manifests/nginx-ingress/templates/_helpers.tpl @@ -0,0 +1,49 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified controller name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "controller.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.controller.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Construct the path for the publish-service. + +By convention this will simply use the / to match the name of the +service generated. + +Users can provide an override for an explicit service they want bound via `.Values.controller.publishService.pathOverride` + +*/}} +{{- define "controller.publishServicePath" -}} +{{- $defServiceName := printf "%s/%s" .Release.Namespace (include "controller.fullname" .) -}} +{{- $servicePath := default $defServiceName .Values.controller.publishService.pathOverride }} +{{- print $servicePath | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified default backend name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "defaultBackend.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/manifests/nginx-ingress/templates/clusterrole.yaml b/manifests/nginx-ingress/templates/clusterrole.yaml new file mode 100755 index 000000000..84e41601b --- /dev/null +++ b/manifests/nginx-ingress/templates/clusterrole.yaml @@ -0,0 +1,69 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "fullname" . }} +rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + verbs: + - list + - watch +{{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }} + - apiGroups: + - "" + resources: + - namespaces + resourceNames: + - "{{ .Values.controller.scope.namespace }}" + verbs: + - get +{{- end }} + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - update + - watch + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - update +{{- end -}} diff --git a/manifests/nginx-ingress/templates/clusterrolebinding.yaml b/manifests/nginx-ingress/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..5a48ca212 --- /dev/null +++ b/manifests/nginx-ingress/templates/clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/manifests/nginx-ingress/templates/controller-configmap.yaml b/manifests/nginx-ingress/templates/controller-configmap.yaml new file mode 100755 index 000000000..85d5e721b --- /dev/null +++ b/manifests/nginx-ingress/templates/controller-configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.controller.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "controller.fullname" . }} +data: + enable-vts-status: "{{ .Values.controller.stats.enabled }}" +{{- if .Values.controller.config }} +{{ toYaml .Values.controller.config | indent 2 }} +{{- end }} diff --git a/manifests/nginx-ingress/templates/controller-daemonset.yaml b/manifests/nginx-ingress/templates/controller-daemonset.yaml new file mode 100755 index 000000000..36d11053f --- /dev/null +++ b/manifests/nginx-ingress/templates/controller-daemonset.yaml @@ -0,0 +1,138 @@ +{{- if eq .Values.controller.kind "DaemonSet" }} +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.controller.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "controller.fullname" . }} +spec: + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/controller-configmap.yaml") . | sha256sum }} + {{- if .Values.controller.podAnnotations }} +{{ toYaml .Values.controller.podAnnotations | indent 8}} + {{- end }} + labels: + app: {{ template "name" . }} + component: "{{ .Values.controller.name }}" + release: {{ .Release.Name }} + spec: + containers: + - name: {{ template "name" . }}-{{ .Values.controller.name }} + image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}" + imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}" + args: + - /nginx-ingress-controller + - --default-backend-service={{ if .Values.defaultBackend.enabled }}{{ .Release.Namespace }}/{{ template "defaultBackend.fullname" . }}{{ else }}{{ .Values.controller.defaultBackendService }}{{ end }} + {{- if and (contains "0.9" .Values.controller.image.tag) .Values.controller.publishService.enabled }} + - --publish-service={{ template "controller.publishServicePath" . }} + {{- end }} + {{- if (contains "0.9" .Values.controller.image.tag) }} + - --election-id={{ .Values.controller.electionID }} + {{- end }} + {{- if (contains "0.9" .Values.controller.image.tag) }} + - --ingress-class={{ .Values.controller.ingressClass }} + {{- end }} + {{- if (contains "0.9" .Values.controller.image.tag) }} + - --configmap={{ .Release.Namespace }}/{{ template "controller.fullname" . }} + {{- else }} + - --nginx-configmap={{ .Release.Namespace }}/{{ template "controller.fullname" . }} + {{- end }} + {{- if .Values.tcp }} + - --tcp-services-configmap={{ .Release.Namespace }}/{{ template "fullname" . }}-tcp + {{- end }} + {{- if .Values.udp }} + - --udp-services-configmap={{ .Release.Namespace }}/{{ template "fullname" . }}-udp + {{- end }} + {{- if .Values.controller.scope.enabled }} + - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }} + {{- end }} + {{- range $key, $value := .Values.controller.extraArgs }} + {{- if $value }} + - --{{ $key }}={{ $value }} + {{- else }} + - --{{ $key }} + {{- end }} + {{- end }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + livenessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + timeoutSeconds: 1 + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + {{- if .Values.controller.stats.enabled }} + - name: stats + containerPort: 18080 + protocol: TCP + {{- end }} + {{- range $key, $value := .Values.tcp }} + - name: "{{ $key }}-tcp" + containerPort: {{ $key }} + protocol: TCP + {{- end }} + {{- range $key, $value := .Values.udp }} + - name: "{{ $key }}-udp" + containerPort: {{ $key }} + protocol: UDP + {{- end }} + readinessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + resources: +{{ toYaml .Values.controller.resources | indent 12 }} + {{- if .Values.controller.stats.enabled }} + - name: {{ template "name" . }}-{{ .Values.statsExporter.name }} + image: "{{ .Values.statsExporter.image.repository }}:{{ .Values.statsExporter.image.tag }}" + imagePullPolicy: "{{ .Values.statsExporter.image.pullPolicy }}" + env: + - name: METRICS_ADDR + value: ":9913" + - name: METRICS_ENDPOINT + value: "{{ .Values.statsExporter.endpoint }}" + - name: METRICS_NS + value: "{{ .Values.statsExporter.metricsNamespace }}" + - name: NGINX_STATUS + value: "{{ .Values.statsExporter.statusPage }}" + ports: + - name: metrics + containerPort: 9913 + protocol: TCP + resources: +{{ toYaml .Values.statsExporter.resources | indent 12 }} + {{- end }} + hostNetwork: {{ .Values.controller.hostNetwork }} + {{- if .Values.controller.nodeSelector }} + nodeSelector: +{{ toYaml .Values.controller.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.controller.tolerations }} + tolerations: +{{ toYaml .Values.controller.tolerations | indent 8 }} + {{- end }} + serviceAccountName: {{ if .Values.rbac.create }}{{ template "fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} + terminationGracePeriodSeconds: 60 +{{- end }} diff --git a/manifests/nginx-ingress/templates/controller-deployment.yaml b/manifests/nginx-ingress/templates/controller-deployment.yaml new file mode 100755 index 000000000..c081edd12 --- /dev/null +++ b/manifests/nginx-ingress/templates/controller-deployment.yaml @@ -0,0 +1,142 @@ +{{- if eq .Values.controller.kind "Deployment" }} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.controller.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "controller.fullname" . }} +spec: + replicas: {{ .Values.controller.replicaCount }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/controller-configmap.yaml") . | sha256sum }} + {{- if .Values.controller.podAnnotations }} +{{ toYaml .Values.controller.podAnnotations | indent 8}} + {{- end }} + labels: + app: {{ template "name" . }} + component: "{{ .Values.controller.name }}" + release: {{ .Release.Name }} + {{- if .Values.controller.podLabels }} +{{ toYaml .Values.controller.podLabels | indent 8 }} + {{- end }} + spec: + containers: + - name: {{ template "name" . }}-{{ .Values.controller.name }} + image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}" + imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}" + args: + - /nginx-ingress-controller + - --default-backend-service={{ if .Values.defaultBackend.enabled }}{{ .Release.Namespace }}/{{ template "defaultBackend.fullname" . }}{{ else }}{{ .Values.controller.defaultBackendService }}{{ end }} + {{- if and (contains "0.9" .Values.controller.image.tag) .Values.controller.publishService.enabled }} + - --publish-service={{ template "controller.publishServicePath" . }} + {{- end }} + {{- if (contains "0.9" .Values.controller.image.tag) }} + - --election-id={{ .Values.controller.electionID }} + {{- end }} + {{- if (contains "0.9" .Values.controller.image.tag) }} + - --ingress-class={{ .Values.controller.ingressClass }} + {{- end }} + {{- if (contains "0.9" .Values.controller.image.tag) }} + - --configmap={{ .Release.Namespace }}/{{ template "controller.fullname" . }} + {{- else }} + - --nginx-configmap={{ .Release.Namespace }}/{{ template "controller.fullname" . }} + {{- end }} + {{- if .Values.tcp }} + - --tcp-services-configmap={{ .Release.Namespace }}/{{ template "fullname" . }}-tcp + {{- end }} + {{- if .Values.udp }} + - --udp-services-configmap={{ .Release.Namespace }}/{{ template "fullname" . }}-udp + {{- end }} + {{- if .Values.controller.scope.enabled }} + - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }} + {{- end }} + {{- range $key, $value := .Values.controller.extraArgs }} + {{- if $value }} + - --{{ $key }}={{ $value }} + {{- else }} + - --{{ $key }} + {{- end }} + {{- end }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + livenessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + timeoutSeconds: 1 + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + {{- if .Values.controller.stats.enabled }} + - name: stats + containerPort: 18080 + protocol: TCP + {{- end }} + {{- range $key, $value := .Values.tcp }} + - name: "{{ $key }}-tcp" + containerPort: {{ $key }} + protocol: TCP + {{- end }} + {{- range $key, $value := .Values.udp }} + - name: "{{ $key }}-udp" + containerPort: {{ $key }} + protocol: UDP + {{- end }} + readinessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + resources: +{{ toYaml .Values.controller.resources | indent 12 }} + {{- if .Values.controller.stats.enabled }} + - name: {{ template "name" . }}-{{ .Values.statsExporter.name }} + image: "{{ .Values.statsExporter.image.repository }}:{{ .Values.statsExporter.image.tag }}" + imagePullPolicy: "{{ .Values.statsExporter.image.pullPolicy }}" + env: + - name: METRICS_ADDR + value: ":9913" + - name: METRICS_ENDPOINT + value: "{{ .Values.statsExporter.endpoint }}" + - name: METRICS_NS + value: "{{ .Values.statsExporter.metricsNamespace }}" + - name: NGINX_STATUS + value: "{{ .Values.statsExporter.statusPage }}" + ports: + - name: metrics + containerPort: 9913 + protocol: TCP + resources: +{{ toYaml .Values.statsExporter.resources | indent 12 }} + {{- end }} + hostNetwork: {{ .Values.controller.hostNetwork }} + {{- if .Values.controller.nodeSelector }} + nodeSelector: +{{ toYaml .Values.controller.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.controller.tolerations }} + tolerations: +{{ toYaml .Values.controller.tolerations | indent 8 }} + {{- end }} + serviceAccountName: {{ if .Values.rbac.create }}{{ template "fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} + terminationGracePeriodSeconds: 60 +{{- end }} diff --git a/manifests/nginx-ingress/templates/controller-metrics-service.yaml b/manifests/nginx-ingress/templates/controller-metrics-service.yaml new file mode 100755 index 000000000..ca4df47cc --- /dev/null +++ b/manifests/nginx-ingress/templates/controller-metrics-service.yaml @@ -0,0 +1,38 @@ +{{- if .Values.controller.stats.enabled }} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.statsExporter.service.annotations }} + annotations: +{{ toYaml .Values.statsExporter.service.annotations | indent 4 }} +{{- end }} + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.controller.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "controller.fullname" . }}-metrics +spec: + clusterIP: "{{ .Values.statsExporter.service.clusterIP }}" +{{- if .Values.statsExporter.service.externalIPs }} + externalIPs: +{{ toYaml .Values.statsExporter.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.statsExporter.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.statsExporter.service.loadBalancerIP }}" +{{- end }} +{{- if .Values.statsExporter.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.statsExporter.service.loadBalancerSourceRanges | indent 4 }} +{{- end }} + ports: + - name: metrics + port: {{ .Values.statsExporter.service.servicePort }} + targetPort: 9913 + selector: + app: {{ template "name" . }} + component: "{{ .Values.controller.name }}" + release: {{ .Release.Name }} + type: "{{ .Values.statsExporter.service.type }}" +{{- end }} diff --git a/manifests/nginx-ingress/templates/controller-service.yaml b/manifests/nginx-ingress/templates/controller-service.yaml new file mode 100755 index 000000000..e7131ea4b --- /dev/null +++ b/manifests/nginx-ingress/templates/controller-service.yaml @@ -0,0 +1,65 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.controller.service.annotations }} + annotations: +{{ toYaml .Values.controller.service.annotations | indent 4 }} +{{- end }} + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.controller.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "controller.fullname" . }} +spec: + clusterIP: "{{ .Values.controller.service.clusterIP }}" +{{- if .Values.controller.service.externalIPs }} + externalIPs: +{{ toYaml .Values.controller.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.controller.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.controller.service.loadBalancerIP }}" +{{- end }} +{{- if .Values.controller.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }} +{{- end }} +{{- if and (ge .Capabilities.KubeVersion.Minor "7") (.Values.controller.service.externalTrafficPolicy) }} + externalTrafficPolicy: "{{ .Values.controller.service.externalTrafficPolicy }}" +{{- end }} +{{- if and (ge .Capabilities.KubeVersion.Minor "7") (.Values.controller.service.healthCheckNodePort) }} + healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }} +{{- end }} + ports: + - name: http + port: 80 + protocol: TCP + targetPort: {{ .Values.controller.service.targetPorts.http }} + {{- if (and (eq .Values.controller.service.type "NodePort") (not (empty .Values.controller.service.nodePorts.http))) }} + nodePort: {{ .Values.controller.service.nodePorts.http }} + {{- end }} + - name: https + port: 443 + protocol: TCP + targetPort: {{ .Values.controller.service.targetPorts.https }} + {{- if (and (eq .Values.controller.service.type "NodePort") (not (empty .Values.controller.service.nodePorts.https))) }} + nodePort: {{ .Values.controller.service.nodePorts.https }} + {{- end }} + {{- range $key, $value := .Values.tcp }} + - name: "{{ $key }}-tcp" + port: {{ $key }} + protocol: TCP + targetPort: {{ $key }} + {{- end }} + {{- range $key, $value := .Values.udp }} + - name: "{{ $key }}-udp" + port: {{ $key }} + protocol: UDP + targetPort: {{ $key }} + {{- end }} + selector: + app: {{ template "name" . }} + component: "{{ .Values.controller.name }}" + release: {{ .Release.Name }} + type: "{{ .Values.controller.service.type }}" diff --git a/manifests/nginx-ingress/templates/controller-stats-service.yaml b/manifests/nginx-ingress/templates/controller-stats-service.yaml new file mode 100755 index 000000000..4ee1b68b7 --- /dev/null +++ b/manifests/nginx-ingress/templates/controller-stats-service.yaml @@ -0,0 +1,38 @@ +{{- if .Values.controller.stats.enabled }} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.controller.stats.service.annotations }} + annotations: +{{ toYaml .Values.controller.stats.service.annotations | indent 4 }} +{{- end }} + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.controller.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "controller.fullname" . }}-stats +spec: + clusterIP: "{{ .Values.controller.stats.service.clusterIP }}" +{{- if .Values.controller.stats.service.externalIPs }} + externalIPs: +{{ toYaml .Values.controller.stats.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.controller.stats.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.controller.stats.service.loadBalancerIP }}" +{{- end }} +{{- if .Values.controller.stats.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.controller.stats.service.loadBalancerSourceRanges | indent 4 }} +{{- end }} + ports: + - name: stats + port: {{ .Values.controller.stats.service.servicePort }} + targetPort: 18080 + selector: + app: {{ template "name" . }} + component: "{{ .Values.controller.name }}" + release: {{ .Release.Name }} + type: "{{ .Values.controller.stats.service.type }}" +{{- end }} diff --git a/manifests/nginx-ingress/templates/default-backend-deployment.yaml b/manifests/nginx-ingress/templates/default-backend-deployment.yaml new file mode 100755 index 000000000..b071b1efc --- /dev/null +++ b/manifests/nginx-ingress/templates/default-backend-deployment.yaml @@ -0,0 +1,61 @@ +{{- if .Values.defaultBackend.enabled }} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.defaultBackend.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "defaultBackend.fullname" . }} +spec: + replicas: {{ .Values.defaultBackend.replicaCount }} + template: + metadata: + {{- if .Values.defaultBackend.podAnnotations }} + annotations: +{{ toYaml .Values.defaultBackend.podAnnotations | indent 8 }} + {{- end }} + labels: + app: {{ template "name" . }} + component: "{{ .Values.defaultBackend.name }}" + release: {{ .Release.Name }} + {{- if .Values.defaultBackend.podLabels }} +{{ toYaml .Values.defaultBackend.podLabels | indent 8 }} + {{- end }} + spec: + containers: + - name: {{ template "name" . }}-{{ .Values.defaultBackend.name }} + image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}" + imagePullPolicy: "{{ .Values.defaultBackend.image.pullPolicy }}" + args: + {{- range $key, $value := .Values.defaultBackend.extraArgs }} + {{- if $value }} + - --{{ $key }}={{ $value }} + {{- else }} + - --{{ $key }} + {{- end }} + {{- end }} + livenessProbe: + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 5 + ports: + - containerPort: 8080 + protocol: TCP + resources: +{{ toYaml .Values.defaultBackend.resources | indent 12 }} + {{- if .Values.defaultBackend.nodeSelector }} + nodeSelector: +{{ toYaml .Values.defaultBackend.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.defaultBackend.tolerations }} + tolerations: +{{ toYaml .Values.defaultBackend.tolerations | indent 8 }} + {{- end }} + terminationGracePeriodSeconds: 60 +{{- end }} diff --git a/manifests/nginx-ingress/templates/default-backend-service.yaml b/manifests/nginx-ingress/templates/default-backend-service.yaml new file mode 100755 index 000000000..7ac61f842 --- /dev/null +++ b/manifests/nginx-ingress/templates/default-backend-service.yaml @@ -0,0 +1,37 @@ +{{- if .Values.defaultBackend.enabled }} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.defaultBackend.service.annotations }} + annotations: +{{ toYaml .Values.defaultBackend.service.annotations | indent 4 }} +{{- end }} + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.defaultBackend.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "defaultBackend.fullname" . }} +spec: + clusterIP: "{{ .Values.defaultBackend.service.clusterIP }}" +{{- if .Values.defaultBackend.service.externalIPs }} + externalIPs: +{{ toYaml .Values.defaultBackend.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.defaultBackend.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.defaultBackend.service.loadBalancerIP }}" +{{- end }} +{{- if .Values.defaultBackend.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.defaultBackend.service.loadBalancerSourceRanges | indent 4 }} +{{- end }} + ports: + - port: {{ .Values.defaultBackend.service.servicePort }} + targetPort: 8080 + selector: + app: {{ template "name" . }} + component: "{{ .Values.defaultBackend.name }}" + release: {{ .Release.Name }} + type: "{{ .Values.defaultBackend.service.type }}" +{{- end }} diff --git a/manifests/nginx-ingress/templates/role.yaml b/manifests/nginx-ingress/templates/role.yaml new file mode 100755 index 000000000..ad3a80ffc --- /dev/null +++ b/manifests/nginx-ingress/templates/role.yaml @@ -0,0 +1,44 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "fullname" . }} +rules: + - apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + resourceNames: + - {{ .Values.controller.electionID }}-{{ .Values.controller.ingressClass }} + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - update +{{- end -}} diff --git a/manifests/nginx-ingress/templates/rolebinding.yaml b/manifests/nginx-ingress/templates/rolebinding.yaml new file mode 100755 index 000000000..7ba52c339 --- /dev/null +++ b/manifests/nginx-ingress/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/manifests/nginx-ingress/templates/serviceaccount.yaml b/manifests/nginx-ingress/templates/serviceaccount.yaml new file mode 100755 index 000000000..8967eb1a7 --- /dev/null +++ b/manifests/nginx-ingress/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.rbac.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "fullname" . }} +{{- end -}} diff --git a/manifests/nginx-ingress/templates/tcp-configmap.yaml b/manifests/nginx-ingress/templates/tcp-configmap.yaml new file mode 100755 index 000000000..02dbc6323 --- /dev/null +++ b/manifests/nginx-ingress/templates/tcp-configmap.yaml @@ -0,0 +1,14 @@ +{{- if .Values.tcp }} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.controller.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "fullname" . }}-tcp +data: +{{ toYaml .Values.tcp | indent 2 }} +{{- end }} diff --git a/manifests/nginx-ingress/templates/udp-configmap.yaml b/manifests/nginx-ingress/templates/udp-configmap.yaml new file mode 100755 index 000000000..1ef315cf9 --- /dev/null +++ b/manifests/nginx-ingress/templates/udp-configmap.yaml @@ -0,0 +1,14 @@ +{{- if .Values.udp }} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.controller.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "fullname" . }}-udp +data: +{{ toYaml .Values.udp | indent 2 }} +{{- end }} diff --git a/manifests/nginx-ingress/values.yaml b/manifests/nginx-ingress/values.yaml new file mode 100755 index 000000000..6d12303ab --- /dev/null +++ b/manifests/nginx-ingress/values.yaml @@ -0,0 +1,253 @@ +## nginx configuration +## Ref: https://github.com/kubernetes/ingress/blob/master/controllers/nginx/configuration.md +## +controller: + name: controller + image: + repository: sz-pg-oam-docker-hub-001.tendcloud.com/library/nginx-ingress-controller + tag: "0.9.0-beta.15" + pullPolicy: IfNotPresent + + config: {} + + # Required for use with CNI based kubernetes installations (such as ones set up by kubeadm), + # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 + # is merged + hostNetwork: false + + ## Required only if defaultBackend.enabled = false + ## Must be / + ## + defaultBackendService: "" + + ## Optionally specify the secret name for default SSL certificate + ## Must be / + ## + defaultSSLCertificate: "" + + ## Election ID to use for status update + ## + electionID: ingress-controller-leader + + ## Name of the ingress class to route through this controller + ## + ingressClass: nginx + + # labels to add to the pod container metadata + podLabels: {} + # key: value + + ## Allows customization of the external service + ## the ingress will be bound to via DNS + publishService: + enabled: false + ## Allows overriding of the publish service to bind to + ## Must be / + ## + pathOverride: "" + + ## Limit the scope of the controller + ## + scope: + enabled: false + namespace: "" # defaults to .Release.Namespace + + extraArgs: {} + + ## DaemonSet or Deployment + ## + kind: Deployment + + ## Node tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + ## Node labels for controller pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Annotations to be added to controller pods + ## + podAnnotations: {} + + replicaCount: 1 + + resources: {} + # limits: + # cpu: 100m + # memory: 64Mi + # requests: + # cpu: 100m + # memory: 64Mi + + service: + annotations: {} + clusterIP: "" + + ## List of IP addresses at which the controller services are available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + loadBalancerIP: "" + loadBalancerSourceRanges: [] + + ## Set external traffic policy to: "Local" to preserve source IP on + ## providers supporting it + ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer + externalTrafficPolicy: "" + + healthCheckNodePort: 0 + + targetPorts: + http: 80 + https: 443 + + # type: LoadBalancer + + type: NodePort + nodePorts: + http: 32080 + https: 32443 + nodePorts: + http: "" + https: "" + + stats: + enabled: false + + service: + annotations: {} + clusterIP: "" + + ## List of IP addresses at which the stats service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 18080 + type: ClusterIP + +## Default 404 backend +## +defaultBackend: + + ## If false, controller.defaultBackendService must be provided + ## + enabled: true + + name: default-backend + image: + repository: sz-pg-oam-docker-hub-001.tendcloud.com/library/defaultbackend + tag: "1.3" + pullPolicy: IfNotPresent + + extraArgs: {} + + ## Node tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + # labels to add to the pod container metadata + podLabels: {} + # key: value + + ## Node labels for default backend pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Annotations to be added to default backend pods + ## + podAnnotations: {} + + replicaCount: 1 + + resources: {} + # limits: + # cpu: 10m + # memory: 20Mi + # requests: + # cpu: 10m + # memory: 20Mi + + service: + annotations: {} + clusterIP: "" + + ## List of IP addresses at which the default backend service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 80 + type: ClusterIP + +## Enable RBAC as per https://github.com/kubernetes/ingress/tree/master/examples/rbac/nginx and https://github.com/kubernetes/ingress/issues/266 +rbac: + create: true + serviceAccountName: default + +## If controller.stats.enabled = true, Prometheus metrics will be exported +## Ref: https://github.com/hnlq715/nginx-vts-exporter +## +statsExporter: + name: stats-exporter + image: + repository: sz-pg-oam-docker-hub-001.tendcloud.com/library/nginx-vts-exporter + tag: v0.6 + pullPolicy: IfNotPresent + + endpoint: /metrics + extraArgs: {} + metricsNamespace: nginx + statusPage: http://localhost:18080/nginx_status/format/json + + resources: {} + # limits: + # cpu: 10m + # memory: 20Mi + # requests: + # cpu: 10m + # memory: 20Mi + + service: + annotations: {} + clusterIP: "" + + ## List of IP addresses at which the stats-exporter service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 9913 + type: ClusterIP + +# TCP service key:value pairs +# Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tcp +## +tcp: {} +# 8080: "default/example-tcp-svc:9000" + +# UDP service key:value pairs +# Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/udp +## +udp: {} +# 53: "kube-system/kube-dns:53" diff --git a/practice/helm.md b/practice/helm.md index 00f082b18..fd39b2ca8 100644 --- a/practice/helm.md +++ b/practice/helm.md @@ -2,7 +2,7 @@ 读完本文后您应该可以自己创建chart,并创建自己的私有chart仓库。 -Helm是一个kubernetes应用的包管理工具,用来管理[charts](https://github.com/kubernetes/charts)——预先配置好的安装包资源,有点类似于Ubuntu的APT和CentOS中的yum。 +[Helm](http://helm.sh)是一个kubernetes应用的包管理工具,用来管理[charts](https://github.com/kubernetes/charts)——预先配置好的安装包资源,有点类似于Ubuntu的APT和CentOS中的yum。 Helm chart是用来封装kubernetes原生应用程序的yaml文件,可以在你部署应用的时候自定义应用程序的一些metadata,便与应用程序的分发。 diff --git a/practice/nginx-ingress-installation.md b/practice/nginx-ingress-installation.md new file mode 100644 index 000000000..f1f952f8e --- /dev/null +++ b/practice/nginx-ingress-installation.md @@ -0,0 +1,174 @@ +# 使用Helm安装Nginx ingress + +[Nginx ingress](https://github.com/kubernetes/ingress-nginx) 使用ConfigMap来管理Nginx配置,nginx是大家熟知的代理和负载均衡软件,比起[Traefik](https://traefik.io)来说功能更加强大,我们使用[helm](http://helm.sh)来部署,[chart](https://github.com/kubernetes/charts)保存在私有的仓库中,helm安装使用见[使用Helm管理kubernetes应用](../practice/helm.md)。 + +安装时需要用到的镜像有: + +- sophos/nginx-vts-exporter:v0.6 +- gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.15 +- gcr.io/google_containers/defaultbackend:1.3 + +gcr.io中的那个两个镜像我复制了一份到时速云,可供大家下载: + +- index.tenxcloud.com/jimmy/defaultbackend:1.3 +- index.tenxcloud.com/jimmy/nginx-ingress-controller:0.9.0-beta.15 + +Docker hub上的那个镜像可以直接下载,所有的安装时需要的配置保存在[../manifests/nginx-ingress](https://github.com/rootsongjc/kubernetes-handbook/blob/master/manifests/nginx-ingress)目录下。 + +**安装nginx-ingress chart到本地repo中** + +修改`values.yaml`配置,启用RBAC支持,相关配置见[nginx-ingress chart](https://github.com/kubernetes/charts/tree/master/stable/nginx-ingress#configuration)。 + +```bash +helm package . +``` + +**查看niginx-ingress** + +```bash +$ helm search nginx-ingress +NAME VERSION DESCRIPTION +local/nginx-ingress 0.8.9 An nginx Ingress controller that uses ConfigMap... +stable/nginx-ingress 0.8.9 An nginx Ingress controller that uses ConfigMap... +stable/nginx-lego 0.3.0 Chart for nginx-ingress-controller and kube-lego +``` + +**使用helm部署nginx-ingress** + +```bash +$ helm install --name nginx-ingress local/nginx-ingress +NAME: nginx-ingress +LAST DEPLOYED: Fri Oct 27 18:26:58 2017 +NAMESPACE: default +STATUS: DEPLOYED + +RESOURCES: +==> rbac.authorization.k8s.io/v1beta1/Role +NAME KIND +nginx-ingress-nginx-ingress Role.v1beta1.rbac.authorization.k8s.io + +==> rbac.authorization.k8s.io/v1beta1/RoleBinding +nginx-ingress-nginx-ingress RoleBinding.v1beta1.rbac.authorization.k8s.io + +==> v1/Service +NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE +nginx-ingress-nginx-ingress-controller 10.254.100.108 80:30484/TCP,443:31053/TCP 1s +nginx-ingress-nginx-ingress-default-backend 10.254.58.156 80/TCP 1s + +==> extensions/v1beta1/Deployment +NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE +nginx-ingress-nginx-ingress-default-backend 1 1 1 0 1s +nginx-ingress-nginx-ingress-controller 1 1 1 0 1s + +==> v1/ConfigMap +NAME DATA AGE +nginx-ingress-nginx-ingress-controller 1 1s + +==> v1/ServiceAccount +NAME SECRETS AGE +nginx-ingress-nginx-ingress 1 1s + +==> rbac.authorization.k8s.io/v1beta1/ClusterRole +NAME KIND +nginx-ingress-nginx-ingress ClusterRole.v1beta1.rbac.authorization.k8s.io + +==> rbac.authorization.k8s.io/v1beta1/ClusterRoleBinding +nginx-ingress-nginx-ingress ClusterRoleBinding.v1beta1.rbac.authorization.k8s.io + + +NOTES: +The nginx-ingress controller has been installed. +Get the application URL by running these commands: + export HTTP_NODE_PORT=$(kubectl --namespace default get services -o jsonpath="{.spec.ports[0].nodePort}" nginx-ingress-nginx-ingress-controller) + export HTTPS_NODE_PORT=$(kubectl --namespace default get services -o jsonpath="{.spec.ports[1].nodePort}" nginx-ingress-nginx-ingress-controller) + export NODE_IP=$(kubectl --namespace default get nodes -o jsonpath="{.items[0].status.addresses[1].address}") + + echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP." + echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS." + +An example Ingress that makes use of the controller: + + apiVersion: extensions/v1beta1 + kind: Ingress + metadata: + annotations: + kubernetes.io/ingress.class: nginx + name: example + namespace: foo + spec: + rules: + - host: www.example.com + http: + paths: + - backend: + serviceName: exampleService + servicePort: 80 + path: / + # This section is only required if TLS is to be enabled for the Ingress + tls: + - hosts: + - www.example.com + secretName: example-tls + +If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided: + + apiVersion: v1 + kind: Secret + metadata: + name: example-tls + namespace: foo + data: + tls.crt: + tls.key: + type: kubernetes.io/tls +``` + +**访问Nginx** + +首先获取Nginx的地址,从我们使用helm安装nginx-ingress命令的输出中那个可以看到提示,根据提示执行可以看到nginx的http和https地址: + +```bash + export HTTP_NODE_PORT=$(kubectl --namespace default get services -o jsonpath="{.spec.ports[0].nodePort}" nginx-ingress-nginx-ingress-controller) + export HTTPS_NODE_PORT=$(kubectl --namespace default get services -o jsonpath="{.spec.ports[1].nodePort}" nginx-ingress-nginx-ingress-controller) + export NODE_IP=$(kubectl --namespace default get nodes -o jsonpath="{.items[0].status.addresses[1].address}") + + echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP." + echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS." + Visit http://172.20.0.113:30484 to access your application via HTTP. + Visit https://172.20.0.113:31053 to access your application via HTTPS. +``` + +- http地址:http://172.20.0.113:30484 +- https地址:https://172.20.0.113:31053 + +我们分别在http和https地址上测试一下: + +- `/healthz`返回200 +- `/`返回404错误 + +```bash +curl -v http://172.20.0.113:30484/healthz +# 返回200 +curl -v http://172.20.0.113:30484/ +# 返回404 +curl -v --insecure http://172.20.0.113:30484/healthz +# 返回200 +curl -v --insecure http://172.20.0.113:30484/ +# 返回404 +``` + +**删除nginx-ingress** + +```bash +helm delete --purge nginx-ingress +``` + +使用`--purge`参数可以彻底删除release不留下记录,否则下一次部署的时候不能使用重名的release。 + +## 参考 + +[Ingress-nginx github](https://github.com/kubernetes/ingress-nginx) + +[Nginx chart configuration](https://github.com/kubernetes/charts/tree/master/stable/nginx-ingress) + +[使用Helm管理kubernetes应用](practice/helm.md) \ No newline at end of file diff --git a/usecases/edge-computing.md b/usecases/edge-computing.md new file mode 100644 index 000000000..7285d4dbb --- /dev/null +++ b/usecases/edge-computing.md @@ -0,0 +1,7 @@ +# 边缘计算 + +## 参考 + +[The Birth of an Edge Orchestrator – Cloudify Meets Edge Computing](http://cloudify.co/2017/07/26/birth-of-edge-orchestrator-cloudify.html) + +[K8s(Kubernetes) and SDN for Multi-access Edge Computing deployment ](http://events.linuxfoundation.org/sites/events/files/slides/HS-OSSjapan-final.pdf) \ No newline at end of file