Opening apiserver Via Ingress
- Adding ingress charts to the kubernetes apiserver. - Works with using Airship in a Bottle: curl -H 'Host: kubernetes-apiserver.kube-system.svc.cluster.local' http://HOST_IP/healthz -v - Defaulting the apiserver ingress to off (false). Change-Id: I9341c4c281ae993991bfcda09026ab477fdff8fe
This commit is contained in:
parent
12b3c4627e
commit
4059b11a42
|
@ -0,0 +1,21 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if and .Values.manifests.ingress_api .Values.network.kubernetes_apiserver.ingress.public }}
|
||||||
|
{{- $ingressOpts := dict "envAll" . "backendService" "kubernetes_apiserver" "backendServiceType" "kubernetes_apiserver" "backendPort" "https" -}}
|
||||||
|
{{- $ingressOpts | include "helm-toolkit.manifests.ingress" -}}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,19 @@
|
||||||
|
{{/*
|
||||||
|
Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.secret_ingress_tls }}
|
||||||
|
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendService" "kubernetes_apiserver" "backendServiceType" "kubernetes_apiserver" ) }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,33 @@
|
||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.service_ingress }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- if .Values.network.kubernetes_apiserver.ingress.public }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: kubernetes-apiserver-ingress
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: https
|
||||||
|
port: {{ .Values.network.kubernetes_apiserver.port }}
|
||||||
|
selector:
|
||||||
|
app: ingress-apiserver
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -65,9 +65,21 @@ apiserver:
|
||||||
|
|
||||||
network:
|
network:
|
||||||
kubernetes_apiserver:
|
kubernetes_apiserver:
|
||||||
|
ingress:
|
||||||
|
public: true
|
||||||
|
classes:
|
||||||
|
namespace: "nginx-cluster"
|
||||||
|
cluster: "nginx-cluster"
|
||||||
|
annotations:
|
||||||
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||||
|
nginx.ingress.kubernetes.io/proxy-read-timeout: "120"
|
||||||
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||||
|
nginx.ingress.kubernetes.io/secure-backends: "true"
|
||||||
name: kubernetes-apiserver
|
name: kubernetes-apiserver
|
||||||
port: 6443
|
port: 6443
|
||||||
enable_node_port: false
|
node_port:
|
||||||
|
enabled: false
|
||||||
|
port: 31943
|
||||||
|
|
||||||
service:
|
service:
|
||||||
name: kubernetes-apiserver
|
name: kubernetes-apiserver
|
||||||
|
@ -95,8 +107,24 @@ endpoints:
|
||||||
name: kubernetes-apiserver
|
name: kubernetes-apiserver
|
||||||
hosts:
|
hosts:
|
||||||
default: kubernetes-apiserver
|
default: kubernetes-apiserver
|
||||||
|
port:
|
||||||
|
https:
|
||||||
|
default: 6443
|
||||||
|
public: 443
|
||||||
|
path:
|
||||||
|
default: /
|
||||||
|
scheme:
|
||||||
|
default: https
|
||||||
|
public: https
|
||||||
host_fqdn_override:
|
host_fqdn_override:
|
||||||
default: null
|
default: null
|
||||||
|
# NOTE: this chart supports TLS for fqdn over-ridden public
|
||||||
|
# endpoints using the following format:
|
||||||
|
# public:
|
||||||
|
# host: null
|
||||||
|
# tls:
|
||||||
|
# crt: null
|
||||||
|
# key: null
|
||||||
|
|
||||||
pod:
|
pod:
|
||||||
mounts:
|
mounts:
|
||||||
|
@ -137,6 +165,9 @@ manifests:
|
||||||
configmap_bin: true
|
configmap_bin: true
|
||||||
configmap_certs: true
|
configmap_certs: true
|
||||||
configmap_etc: true
|
configmap_etc: true
|
||||||
|
ingress_api: false
|
||||||
kubernetes_apiserver: true
|
kubernetes_apiserver: true
|
||||||
secret: true
|
secret: true
|
||||||
|
secret_ingress_tls: false
|
||||||
service: true
|
service: true
|
||||||
|
service_ingress: false
|
||||||
|
|
|
@ -542,6 +542,7 @@ metadata:
|
||||||
layeringDefinition:
|
layeringDefinition:
|
||||||
abstract: false
|
abstract: false
|
||||||
layer: site
|
layer: site
|
||||||
|
storagePolicy: cleartext
|
||||||
data:
|
data:
|
||||||
chart_name: haproxy
|
chart_name: haproxy
|
||||||
release: haproxy
|
release: haproxy
|
||||||
|
|
Loading…
Reference in New Issue