[feature-1091]: Expose proxy-server via cluster node IP and use local…

… storage for Redis by default (#353) * expose proxy-server by ip address of master node * fix spacing * use local pv for redis by default * remove period * recycle pv * update authorization.hostname comment
dell · Mar 20, 2024 · b75588e · b75588e
1 parent 5b80fad
commit b75588e
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 7 deletions.
diff --git a/charts/csm-authorization/charts/redis/templates/redis.yaml b/charts/csm-authorization/charts/redis/templates/redis.yaml
@@ -38,6 +38,31 @@ spec:
           persistentVolumeClaim:
             claimName: redis-primary-pv-claim
 ---
+{{- if not (.Values.storageClass) }}
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: csm-authorization-local-storage
+provisioner: kubernetes.io/no-provisioner
+volumeBindingMode: WaitForFirstConsumer
+
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: csm-authorization-redis
+spec:
+  capacity:
+    storage: 8Gi
+  volumeMode: Filesystem
+  accessModes:
+  - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Recycle
+  storageClassName: csm-authorization-local-storage
+  hostPath:
+    path: /csm-authorization/redis
+{{- end}}
+---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -50,6 +75,8 @@ spec:
     - ReadWriteOnce
   {{- if (.Values.storageClass) }}
   storageClassName: {{.Values.storageClass }}
+  {{ else }}
+  storageClassName: csm-authorization-local-storage
   {{- end}}
   resources:
     requests:

diff --git a/charts/csm-authorization/templates/ingress.yaml b/charts/csm-authorization/templates/ingress.yaml
@@ -23,7 +23,7 @@ spec:
     secretName: user-provided-tls
     {{- else }}
     secretName: karavi-selfsigned-tls
-    {{- end}}
+    {{- end }}
   rules:
   - host: {{ .Values.authorization.hostname }}
     http:
@@ -48,4 +48,13 @@ spec:
               port:
                 number: 8080
   {{- end }}
-  {{- end}}
+  {{- end }}
+  - http:
+      paths:
+      - backend:
+          service:
+            name: proxy-server
+            port:
+              number: 8080
+        path: /
+        pathType: Prefix
diff --git a/charts/csm-authorization/values.yaml b/charts/csm-authorization/values.yaml
@@ -18,9 +18,9 @@ authorization:
     opa: openpolicyagent/opa
     opaKubeMgmt: openpolicyagent/kube-mgmt:0.11
 
-  # base hostname for the ingress rules that expose the services
-  # the proxy-server ingress will use this hostname
-  # the role-service ingress will use role.hostname
+  # proxy-server ingress will use this hostname
+  # NOTE: additional hostnames can be configured in authorization.proxyServerIngress.hosts
+  # NOTE: proxy-server ingress is configured to accept IP address connections so hostnames are not required
   hostname: csm-authorization.com
 
   # log level for csm-authorization
@@ -52,5 +52,7 @@ redis:
     redis: redis:6.0.8-alpine
     commander: rediscommander/redis-commander:latest
 
-  # set the storageClass for redis to use. otherwise, the default storage class is used
-  # storageClass: local-storage
+  # by default, csm-authorization will deploy a local (https://kubernetes.io/docs/concepts/storage/storage-classes/#local) volume for redis
+  # to use a different storage class for redis, uncomment the following line and specify the name of the storage class
+  # NOTE: the storage class must NOT be a storage class provisioned by a CSI driver to be configured with this instance of CSM Authorization
+  #storageClass: