Merge "Opening apiserver Via Ingress"

charts/apiserver/templates/ingress-api.yaml

@@ -0,0 +1,21 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.ingress_api .Values.network.kubernetes_apiserver.ingress.public }}
+{{- $ingressOpts := dict "envAll" . "backendService" "kubernetes_apiserver" "backendServiceType" "kubernetes_apiserver" "backendPort" "https" -}}
+{{- $ingressOpts | include "helm-toolkit.manifests.ingress" -}}
+{{- end }}

charts/apiserver/templates/secret-ingress-tls.yaml

@@ -0,0 +1,19 @@
+{{/*
+Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.secret_ingress_tls }}
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendService" "kubernetes_apiserver" "backendServiceType" "kubernetes_apiserver" ) }}
+{{- end }}

charts/apiserver/templates/service-apiserver-ingress.yaml

@@ -0,0 +1,33 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.service_ingress }}
+{{- $envAll := . }}
+{{- if .Values.network.kubernetes_apiserver.ingress.public }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kubernetes-apiserver-ingress
+spec:
+  ports:
+  - name: https
+    port: {{ .Values.network.kubernetes_apiserver.port }}
+  selector:
+    app: ingress-apiserver
+{{- end }}
+{{- end }}

charts/apiserver/values.yaml

@@ -65,9 +65,21 @@ apiserver:
 
 network:
   kubernetes_apiserver:
+    ingress:
+      public: true
+      classes:
+        namespace: "nginx-cluster"
+        cluster: "nginx-cluster"
+      annotations:
+        nginx.ingress.kubernetes.io/rewrite-target: /
+        nginx.ingress.kubernetes.io/proxy-read-timeout: "120"
+        nginx.ingress.kubernetes.io/ssl-redirect: "true"
+        nginx.ingress.kubernetes.io/secure-backends: "true"
     name: kubernetes-apiserver
     port: 6443
-    enable_node_port: false
+    node_port:
+      enabled: false
+      port: 31943
 
 service:
   name: kubernetes-apiserver
@@ -95,8 +107,24 @@ endpoints:
     name: kubernetes-apiserver
     hosts:
       default: kubernetes-apiserver
+    port:
+      https:
+        default: 6443
+        public: 443
+    path:
+      default: /
+    scheme:
+      default: https
+      public: https
     host_fqdn_override:
       default: null
+      # NOTE: this chart supports TLS for fqdn over-ridden public
+      # endpoints using the following format:
+      # public:
+      #   host: null
+      #   tls:
+      #     crt: null
+      #     key: null
 
 pod:
   mounts:
@@ -137,6 +165,9 @@ manifests:
   configmap_bin: true
   configmap_certs: true
   configmap_etc: true
+  ingress_api: false
   kubernetes_apiserver: true
   secret: true
+  secret_ingress_tls: false
   service: true
+  service_ingress: false