From 16b6b1c0b2d934a1d487471d9be91d0fd4e1e521 Mon Sep 17 00:00:00 2001 From: Filipe Forattini Date: Mon, 4 Jul 2022 09:18:03 -0300 Subject: [PATCH] feat: added traefik ingress support --- deploy/as-k8s/service.schema.yml | 13 +- deploy/as-k8s/service.yml | 122 +++++++++---------- makefile | 2 +- test/concerns/k8s-values-ingress-alb.yml | 12 +- test/concerns/k8s-values-ingress-nginx.yml | 10 +- test/concerns/k8s-values-ingress-traefik.yml | 18 +++ test/concerns/k8s-values.yml | 9 +- test/generate-kubefile-ingress.sh | 7 +- 8 files changed, 112 insertions(+), 81 deletions(-) create mode 100644 test/concerns/k8s-values-ingress-traefik.yml diff --git a/deploy/as-k8s/service.schema.yml b/deploy/as-k8s/service.schema.yml index 13bec64a..c4292b49 100644 --- a/deploy/as-k8s/service.schema.yml +++ b/deploy/as-k8s/service.schema.yml @@ -28,19 +28,26 @@ #@ def defaultIngress(): enable: false name: svc - type: nginx + type: traefik - domain: + tls: enable: true - name: acme.io + domain: acme.io email: security@acme.io removeEnvironmentPrefix: false + + letsencrypt: + enable: false + type: cluster-issuer #! types specifics alb: certificateArn: secret nginx: certmanager: true + traefik: + x: true + #@ end #@data/values-schema diff --git a/deploy/as-k8s/service.yml b/deploy/as-k8s/service.yml index 35841692..8176dd7a 100644 --- a/deploy/as-k8s/service.yml +++ b/deploy/as-k8s/service.yml @@ -184,78 +184,57 @@ spec: ports: #@ servicePorts #@ end -#@ if data.values.ingress.type == "nginx": -#@ if data.values.ingress.nginx.certmanager: ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: letsencrypt - namespace: #@ namespace -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: #@ data.values.ingress.domain.email - privateKeySecretRef: - name: letsencrypt - solvers: - - http01: - ingress: - class: nginx -#@ end -#@ end - #@ if data.values.ingress.enable: --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: #@ data.values.ingress.name + name: #@ data.values.service.name namespace: #@ namespace - annotations: - #@ if data.values.ingress.type == "nginx": - #@ if data.values.ingress.nginx.certmanager: - cert-manager.io/issuer: "letsencrypt" - #@ end - #@ end - #@ if data.values.ingress.type == "alb": - kubernetes.io/ingress.class: alb - alb.ingress.kubernetes.io/target-type: instance - alb.ingress.kubernetes.io/scheme: internet-facing - alb.ingress.kubernetes.io/success-codes: 200-399 - alb.ingress.kubernetes.io/ssl-redirect: "443" - alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-2016-08 - alb.ingress.kubernetes.io/group.name: #@ data.values.ecosystem - alb.ingress.kubernetes.io/load-balancer-name: #@ data.values.ecosystem - alb.ingress.kubernetes.io/certificate-arn: #@ data.values.ingress.alb.certificateArn - alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=1200 - alb.ingress.kubernetes.io/healthcheck-interval-seconds: '300' - alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]' - #@ end + #@ ingressAnnotations = {} + #@ ingressAnnotations.update(globalAnnotations) + #@ if data.values.ingress.tls.enable: + #@ ingressAnnotations.update({ + #@ "kubernetes.io/ingress.class": data.values.ingress.type, + #@ }) + #@ + #@ if data.values.ingress.tls.letsencrypt.enable: + #@ ingressAnnotations.update({ "cert-manager.io/" + data.values.ingress.tls.letsencrypt.type: "letsencrypt-" + data.values.environment }) + #@ end + #@ + #@ if data.values.ingress.type == "alb": + #@ ingressAnnotations.update({ + #@ "alb.ingress.kubernetes.io/target-type": "instance", + #@ "alb.ingress.kubernetes.io/scheme": "internet-facing", + #@ "alb.ingress.kubernetes.io/success-codes": "200-399", + #@ "alb.ingress.kubernetes.io/ssl-redirect": "443", + #@ "alb.ingress.kubernetes.io/ssl-policy": "ELBSecurityPolicy-2016-08", + #@ "alb.ingress.kubernetes.io/group.name": data.values.ecosystem, + #@ "alb.ingress.kubernetes.io/load-balancer-name": data.values.ecosystem, + #@ "alb.ingress.kubernetes.io/certificate-arn": data.values.ingress.alb.certificateArn, + #@ "alb.ingress.kubernetes.io/load-balancer-attributes": "idle_timeout.timeout_seconds=1200", + #@ "alb.ingress.kubernetes.io/healthcheck-interval-seconds": "300", + #@ "alb.ingress.kubernetes.io/listen-ports": '[{"HTTPS": 443}]', + #@ }) + #@ end + #@ end + annotations: #@ ingressAnnotations spec: - #@ if data.values.ingress.type == "nginx": - ingressClassName: nginx - #@ if data.values.ingress.domain.enable: + + #@ if data.values.ingress.tls.enable: tls: - secretName: #@ "cert-" + data.values.repository - #@ if data.values.ingress.domain.removeEnvironmentPrefix: + #@ if data.values.ingress.tls.removeEnvironmentPrefix: hosts: - - #@ "{}.{}".format(data.values.repository, data.values.ingress.domain.name) + - #@ "{}.{}".format(data.values.repository, data.values.ingress.tls.domain) #@ else: hosts: - - #@ "{}.{}.{}".format(data.values.repository, data.values.environment, data.values.ingress.domain.name) + - #@ "{}.{}.{}".format(data.values.repository, data.values.environment, data.values.ingress.tls.domain) #@ end #@ end - #@ end - defaultBackend: - service: - name: #@ data.values.deployment.name - port: - number: #@ data.values.port - rules: - http: paths: @@ -266,11 +245,30 @@ spec: name: #@ data.values.deployment.name port: number: #@ data.values.port - #@ if data.values.ingress.domain.enable: - #@ if data.values.ingress.domain.removeEnvironmentPrefix: - host: #@ "{}.{}".format(data.values.repository, data.values.ingress.domain.name) - #@ else: - host: #@ "{}.{}.{}".format(data.values.repository, data.values.environment, data.values.ingress.domain.name) - #@ end - #@ end + #@ if data.values.ingress.tls.enable: + #@ if data.values.ingress.tls.removeEnvironmentPrefix: + host: #@ "{}.{}".format(data.values.repository, data.values.ingress.tls.domain) + #@ else: + host: #@ "{}.{}.{}".format(data.values.repository, data.values.environment, data.values.ingress.tls.domain) + #@ end + #@ end #@ end + + +#@ if data.values.ingress.type == "traefik": +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: #@ data.values.service.name + namespace: #@ namespace +spec: + entryPoints: + - web + routes: + - match: #@ "Host(`{}.{}.{}`)".format(data.values.repository, data.values.environment, data.values.ingress.tls.domain) + kind: Rule + services: + - name: #@ data.values.service.name + port: #@ data.values.port +#@ end \ No newline at end of file diff --git a/makefile b/makefile index 3faad29c..0028b738 100644 --- a/makefile +++ b/makefile @@ -19,7 +19,7 @@ test: sh generate-kubefile-ingress.sh; K8S_NAMESPACE ?= ff-svc-moleculerjs-dev -K8S_LABELS ?= "--kubeconfig $(HOME)/.kube/ff-mini.yml" +K8S_LABELS ?= "" DEPENDENCY_FILE ?= "$(PWD)/test/tmp/k8s-dependencies-full.yml" DEPENDENCY_FILE_EMPTY ?= "$(PWD)/test/tmp/k8s-dependencies-empty.yml" diff --git a/test/concerns/k8s-values-ingress-alb.yml b/test/concerns/k8s-values-ingress-alb.yml index eb5eb8ed..e5ac9b48 100644 --- a/test/concerns/k8s-values-ingress-alb.yml +++ b/test/concerns/k8s-values-ingress-alb.yml @@ -2,9 +2,6 @@ --- port: 1234 -features: - enableLinkerd: true - env: - name: TZ value: America/Sao_Paulo @@ -12,7 +9,10 @@ env: ingress: enable: true type: alb - domain: + + tls: enable: true - name: forattini.app - removeEnvironmentPrefix: true \ No newline at end of file + domain: forattini.app + removeEnvironmentPrefix: true + letsencrypt: + enable: true diff --git a/test/concerns/k8s-values-ingress-nginx.yml b/test/concerns/k8s-values-ingress-nginx.yml index 0ea94ff7..c111e8de 100644 --- a/test/concerns/k8s-values-ingress-nginx.yml +++ b/test/concerns/k8s-values-ingress-nginx.yml @@ -2,9 +2,6 @@ --- port: 1234 -features: - enableLinkerd: true - env: - name: TZ value: America/Sao_Paulo @@ -12,7 +9,10 @@ env: ingress: enable: true type: nginx - domain: + + tls: enable: true - name: forattini.app + domain: forattini.app removeEnvironmentPrefix: true + letsencrypt: + enable: true diff --git a/test/concerns/k8s-values-ingress-traefik.yml b/test/concerns/k8s-values-ingress-traefik.yml new file mode 100644 index 00000000..d5abf836 --- /dev/null +++ b/test/concerns/k8s-values-ingress-traefik.yml @@ -0,0 +1,18 @@ +#@data/values +--- +port: 1234 + +env: + - name: TZ + value: America/Sao_Paulo + +ingress: + enable: true + type: traefik + + tls: + enable: true + domain: forattini.app + removeEnvironmentPrefix: true + letsencrypt: + enable: true diff --git a/test/concerns/k8s-values.yml b/test/concerns/k8s-values.yml index 905d9997..3bc90d98 100644 --- a/test/concerns/k8s-values.yml +++ b/test/concerns/k8s-values.yml @@ -11,7 +11,10 @@ env: ingress: enable: true - type: nginx - domain: + type: traefik + + tls: enable: true - name: forattini.app + domain: forattini.app + letsencrypt: + enable: true diff --git a/test/generate-kubefile-ingress.sh b/test/generate-kubefile-ingress.sh index 318cf60c..f8104cfc 100644 --- a/test/generate-kubefile-ingress.sh +++ b/test/generate-kubefile-ingress.sh @@ -6,10 +6,15 @@ ytt \ -f ./concerns/k8s-values-ingress-nginx.yml \ > ./tmp/k8s-to-apply-ingress-nginx.yml - ytt \ -f ../deploy/as-k8s/service.schema.yml \ -f ../deploy/as-k8s/service.yml \ -f ./concerns/k8s-values-ingress-alb.yml \ > ./tmp/k8s-to-apply-ingress-alb.yml +ytt \ + -f ../deploy/as-k8s/service.schema.yml \ + -f ../deploy/as-k8s/service.yml \ + -f ./concerns/k8s-values-ingress-traefik.yml \ + > ./tmp/k8s-to-apply-ingress-traefik.yml +