diff options
27 files changed, 455 insertions, 11 deletions
diff --git a/kubernetes/clamp/templates/ingress.yaml b/kubernetes/clamp/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/clamp/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml index 92d4bb7359..d66273dce1 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/clamp/values.yaml @@ -83,6 +83,12 @@ service: ingress: enabled: false + service: + - baseaddr: "clamp" + name: "clamp" + port: 443 + config: + ssl: "redirect" #resources: {} # We usually recommend not to specify default resources and to leave this as a conscious diff --git a/kubernetes/cli/templates/ingress.yaml b/kubernetes/cli/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/cli/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml index 0fbe21dd4c..7278c99a5f 100644 --- a/kubernetes/cli/values.yaml +++ b/kubernetes/cli/values.yaml @@ -63,6 +63,15 @@ service: ingress: enabled: false + service: + - baseaddr: "cli" + name: "cli" + port: 8080 + - baseaddr: "cli2" + name: cli + port: 9090 + config: + ssl: "none" # Configure resource requests and limits # ref: http://kubernetes.io/docs/user-guide/compute-resources/ diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index 49d7eeb415..b4afe6309d 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -1,12 +1,24 @@ {{- define "ingress.config.port" -}} {{- if .Values.ingress -}} -{{- if .Values.ingress.service -}} +{{- if or (not .Values.global.ingress.virtualhost) (not .Values.global.ingress.virtualhost.enabled) -}} + - http: + paths: {{- range .Values.ingress.service }} - - path: {{ .path }} + - path: {{ printf "/%s" (required "baseaddr" .baseaddr) }} backend: serviceName: {{ .name }} servicePort: {{ .port }} {{- end -}} +{{- else if .Values.ingress.service -}} +{{- $burl := (required "baseurl" .Values.global.ingress.virtualhost.baseurl) -}} +{{ range .Values.ingress.service }} + - host: {{ printf "%s.%s" (required "baseaddr" .baseaddr) $burl }} + http: + paths: + - backend: + serviceName: {{ .name }} + servicePort: {{ .port }} +{{- end -}} {{- else -}} - path: {{ printf "/%s" .Chart.Name }} backend: @@ -17,18 +29,37 @@ {{- end -}} +{{- define "ingress.config.annotations.ssl" -}} +{{- if .Values.ingress.config -}} +{{- if .Values.ingress.config.ssl -}} +{{- if eq .Values.ingress.config.ssl "redirect" -}} +kubernetes.io/ingress.class: nginx +nginx.ingress.kubernetes.io/ssl-passthrough: "true" +nginx.ingress.kubernetes.io/ssl-redirect: "true" +{{- else if eq .Values.ingress.config.ssl "native" -}} +nginx.ingress.kubernetes.io/ssl-redirect: "true" +{{- else if eq .Values.ingress.config.ssl "none" -}} +nginx.ingress.kubernetes.io/ssl-redirect: "false" +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + + {{- define "ingress.config.annotations" -}} {{- if .Values.ingress -}} {{- if .Values.ingress.annotations -}} {{ toYaml .Values.ingress.annotations | indent 4 | trim }} {{- end -}} {{- end -}} +{{ include "ingress.config.annotations.ssl" . | indent 4 | trim }} {{- end -}} {{- define "common.ingress" -}} {{- if .Values.ingress -}} -{{- if .Values.ingress.enabled -}} +{{- if .Values.global.ingress -}} +{{- if and .Values.ingress.enabled .Values.global.ingress.enabled -}} apiVersion: extensions/v1beta1 kind: Ingress metadata: @@ -42,9 +73,7 @@ metadata: heritage: {{ .Release.Service }} spec: rules: - - http: - paths: - {{- include "ingress.config.port" . }} + {{ include "ingress.config.port" . | trim }} {{- if .Values.ingress.tls }} tls: {{ toYaml .Values.ingress.tls | indent 4 }} @@ -52,4 +81,4 @@ spec: {{- end -}} {{- end -}} {{- end -}} - +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/consul/templates/ingress.yaml b/kubernetes/consul/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/consul/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/consul/values.yaml b/kubernetes/consul/values.yaml index 93fd6506a1..d55ea4666e 100644 --- a/kubernetes/consul/values.yaml +++ b/kubernetes/consul/values.yaml @@ -60,7 +60,13 @@ service: {} ingress: enabled: false - + service: + - baseaddr: "consul-server" + name: "consul-server" + port: 8800 + config: + ssl: "none" + resources: {} odl: diff --git a/kubernetes/contrib/ingress-nginx-post-inst/nginx_ingress_cluster_config.yaml b/kubernetes/contrib/ingress-nginx-post-inst/nginx_ingress_cluster_config.yaml new file mode 100644 index 0000000000..937828a759 --- /dev/null +++ b/kubernetes/contrib/ingress-nginx-post-inst/nginx_ingress_cluster_config.yaml @@ -0,0 +1,317 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + +--- + +kind: ConfigMap +apiVersion: v1 +metadata: + name: nginx-configuration + namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: tcp-services + namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: udp-services + namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-ingress-serviceaccount + namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: nginx-ingress-clusterrole + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx +rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "extensions" + - "networking.k8s.io" + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "extensions" + - "networking.k8s.io" + resources: + - ingresses/status + verbs: + - update + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: nginx-ingress-role + namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + resourceNames: + # Defaults to "<election-id>-<ingress-class>" + # Here: "<ingress-controller-leader>-<nginx>" + # This has to be adapted if you change either parameter + # when launching the nginx-ingress-controller. + - "ingress-controller-leader-nginx" + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: nginx-ingress-role-nisa-binding + namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: nginx-ingress-role +subjects: + - kind: ServiceAccount + name: nginx-ingress-serviceaccount + namespace: ingress-nginx + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: nginx-ingress-clusterrole-nisa-binding + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-ingress-clusterrole +subjects: + - kind: ServiceAccount + name: nginx-ingress-serviceaccount + namespace: ingress-nginx + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-ingress-controller + namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + template: + metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + annotations: + prometheus.io/port: "10254" + prometheus.io/scrape: "true" + spec: + serviceAccountName: nginx-ingress-serviceaccount + containers: + - name: nginx-ingress-controller + image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.25.1 + args: + - /nginx-ingress-controller + - --configmap=$(POD_NAMESPACE)/nginx-configuration + - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services + - --udp-services-configmap=$(POD_NAMESPACE)/udp-services + - --publish-service=$(POD_NAMESPACE)/ingress-nginx + - --annotations-prefix=nginx.ingress.kubernetes.io + - --enable-ssl-passthrough=true + securityContext: + allowPrivilegeEscalation: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + # www-data -> 33 + runAsUser: 33 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + ports: + - name: http + containerPort: 80 + - name: https + containerPort: 443 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + +--- +kind: Service +apiVersion: v1 +metadata: + name: ingress-nginx + namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx +spec: + externalTrafficPolicy: Local + type: LoadBalancer + selector: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + ports: + - name: http + port: 80 + targetPort: http + - name: https + port: 443 + targetPort: https + +--- + +apiVersion: v1 +kind: Service +metadata: + name: ingress-nginx + namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx +spec: + type: NodePort + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP + - name: https + port: 443 + targetPort: 443 + protocol: TCP + selector: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + +--- + diff --git a/kubernetes/dcaegen2/components/dcae-redis/templates/ingress.yaml b/kubernetes/dcaegen2/components/dcae-redis/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-redis/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/dcaegen2/components/dcae-redis/values.yaml b/kubernetes/dcaegen2/components/dcae-redis/values.yaml index 40812f2144..0b342e81bb 100644 --- a/kubernetes/dcaegen2/components/dcae-redis/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-redis/values.yaml @@ -93,7 +93,15 @@ persistence: ingress: enabled: false - + service: + - baseaddr: "dcaeredis" + name: "dcae-redis" + port: 6379 + - baseaddr: "dcaeredisgossip" + name: "dcae-redis" + port: 16379 + config: + ssl: "none" # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/log/charts/log-elasticsearch/templates/ingress.yaml b/kubernetes/log/charts/log-elasticsearch/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/log/charts/log-elasticsearch/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/log/charts/log-elasticsearch/values.yaml b/kubernetes/log/charts/log-elasticsearch/values.yaml index 11e37272df..d43a66afe1 100644 --- a/kubernetes/log/charts/log-elasticsearch/values.yaml +++ b/kubernetes/log/charts/log-elasticsearch/values.yaml @@ -94,7 +94,12 @@ service: ingress: enabled: false - + service: + - baseaddr: "loges" + name: "log-es" + port: 9200 + config: + ssl: "none" # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/log/charts/log-kibana/templates/ingress.yaml b/kubernetes/log/charts/log-kibana/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/log/charts/log-kibana/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/log/charts/log-kibana/values.yaml b/kubernetes/log/charts/log-kibana/values.yaml index 5132768206..d69ab8ef42 100644 --- a/kubernetes/log/charts/log-kibana/values.yaml +++ b/kubernetes/log/charts/log-kibana/values.yaml @@ -77,8 +77,15 @@ service: externalPort: 5601 internalPort: 5601 nodePort: 53 + ingress: enabled: false + service: + - baseaddr: "logkibana" + name: "log-kibana" + port: 5601 + config: + ssl: "none" # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/log/charts/log-logstash/templates/ingress.yaml b/kubernetes/log/charts/log-logstash/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/log/charts/log-logstash/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/log/charts/log-logstash/values.yaml b/kubernetes/log/charts/log-logstash/values.yaml index 246b812d42..a6e6c966ab 100644 --- a/kubernetes/log/charts/log-logstash/values.yaml +++ b/kubernetes/log/charts/log-logstash/values.yaml @@ -74,6 +74,15 @@ service: internalPort2: 9600 ingress: enabled: false + service: + - baseaddr: "logls" + name: "log-ls" + port: 5044 + - baseaddr: "loglshttp" + name: "log-ls" + port: 9600 + config: + ssl: "none" # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/msb/charts/msb-consul/templates/ingress.yaml b/kubernetes/msb/charts/msb-consul/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/msb/charts/msb-consul/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/msb/charts/msb-consul/values.yaml b/kubernetes/msb/charts/msb-consul/values.yaml index 1693f22600..d11649754f 100644 --- a/kubernetes/msb/charts/msb-consul/values.yaml +++ b/kubernetes/msb/charts/msb-consul/values.yaml @@ -57,6 +57,12 @@ service: ingress: enabled: false + service: + - baseaddr: "msbconsul" + name: "msb-consul" + port: 8500 + config: + ssl: "none" flavor: small diff --git a/kubernetes/msb/charts/msb-discovery/templates/ingress.yaml b/kubernetes/msb/charts/msb-discovery/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/msb/charts/msb-discovery/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/msb/charts/msb-discovery/values.yaml b/kubernetes/msb/charts/msb-discovery/values.yaml index 10315d6b63..abb12775e8 100644 --- a/kubernetes/msb/charts/msb-discovery/values.yaml +++ b/kubernetes/msb/charts/msb-discovery/values.yaml @@ -59,6 +59,12 @@ service: ingress: enabled: false + service: + - baseaddr: "msbdiscovery" + name: "msb-discovery" + port: 10081 + config: + ssl: "none" # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/msb/charts/msb-eag/templates/ingress.yaml b/kubernetes/msb/charts/msb-eag/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/msb/charts/msb-eag/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/msb/charts/msb-eag/values.yaml b/kubernetes/msb/charts/msb-eag/values.yaml index e7bf415c4e..535c135d25 100644 --- a/kubernetes/msb/charts/msb-eag/values.yaml +++ b/kubernetes/msb/charts/msb-eag/values.yaml @@ -62,6 +62,12 @@ service: ingress: enabled: false + service: + - baseaddr: "msbeag" + name: "msb-eag" + port: 443 + config: + ssl: "redirect" # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/msb/charts/msb-iag/templates/ingress.yaml b/kubernetes/msb/charts/msb-iag/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/msb/charts/msb-iag/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/msb/charts/msb-iag/values.yaml b/kubernetes/msb/charts/msb-iag/values.yaml index 4aaeaeadc3..6d1f7ac3e6 100644 --- a/kubernetes/msb/charts/msb-iag/values.yaml +++ b/kubernetes/msb/charts/msb-iag/values.yaml @@ -63,6 +63,12 @@ service: ingress: enabled: false + service: + - baseaddr: "msbiag" + name: "msb-iag" + port: 443 + config: + ssl: "redirect" # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 672ae2ef9e..af8456a9eb 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -57,6 +57,12 @@ global: # flag to enable debugging - application support required debugEnabled: false + #Global ingress configuration + ingress: + enabled: false + virtualhost: + enabled: true + baseurl: "simpledemo.onap.org" ################################################################# # Enable/disable and configure helm charts (ie. applications) # to customize the ONAP deployment. @@ -169,4 +175,4 @@ vid: vnfsdk: enabled: false modeling: - enabled: false + enabled: false
\ No newline at end of file diff --git a/kubernetes/vnfsdk/templates/ingress.yaml b/kubernetes/vnfsdk/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/vnfsdk/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml index 2b6fd99b2e..55f81acc24 100644 --- a/kubernetes/vnfsdk/values.yaml +++ b/kubernetes/vnfsdk/values.yaml @@ -113,3 +113,9 @@ service: ingress: enabled: false + service: + - baseaddr: "refrepo" + name: "refrepo" + port: 97 + config: + ssl: "none" |