Rearrange deployment files into kustomizations

kubernetes · May 19, 2019 · 51ad0bc · 51ad0bc
1 parent 1bd3fd2
commit 51ad0bc
Show file tree

Hide file tree

Showing 56 changed files with 529 additions and 1,091 deletions.
diff --git a/build/dev-env.sh b/build/dev-env.sh
@@ -47,16 +47,21 @@ make build container
 
 docker save "${DEV_IMAGE}" | (eval $(minikube docker-env --shell bash) && docker load) || true
 
-echo "[dev-env] installing kubectl"
-kubectl version || brew install kubectl
+for tool in kubectl kustomize; do
+  echo "[dev-env] installing $tool"
+  $tool version || brew install $tool
+done
+
+if ! kubectl get namespace $NAMESPACE; then
+  kubectl create namespace $NAMESPACE
+fi
+
+ROOT=./deploy/minikube
+
+pushd $ROOT
+kustomize edit set namespace $NAMESPACE
+kustomize edit set image quay.io/kubernetes-ingress-controller/nginx-ingress-controller=${DEV_IMAGE}
+popd
 
 echo "[dev-env] deploying NGINX Ingress controller in namespace $NAMESPACE"
-cat ./deploy/mandatory.yaml                            | kubectl apply --namespace=$NAMESPACE -f -
-cat ./deploy/provider/baremetal/service-nodeport.yaml  | kubectl apply --namespace=$NAMESPACE -f -
-
-echo "updating image..."
-kubectl set image \
-    deployments \
-    --namespace ingress-nginx \
-    --selector app.kubernetes.io/name=ingress-nginx \
-    nginx-ingress-controller=${DEV_IMAGE}
+kustomize build $ROOT | kubectl apply -f -
diff --git a/deploy/aws/l4/kustomization.yaml b/deploy/aws/l4/kustomization.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+- ../../cloud-generic
+patchesStrategicMerge:
+- service-l4.yaml
+configMapGenerator:
+- name: nginx-configuration
+  behavior: merge
+  literals:
+  - use-proxy-protocol=true
diff --git a/deploy/provider/aws/service-l4.yaml → deploy/aws/l4/service-l4.yaml b/deploy/provider/aws/service-l4.yaml → deploy/aws/l4/service-l4.yaml
@@ -2,10 +2,6 @@ kind: Service
 apiVersion: v1
 metadata:
   name: ingress-nginx
-  namespace: ingress-nginx
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
   annotations:
     # Enable PROXY protocol
     service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
@@ -14,17 +10,4 @@ metadata:
     # increased to '3600' to avoid any potential issues.
     service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
 spec:
-  type: LoadBalancer
-  selector:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-  ports:
-    - name: http
-      port: 80
-      targetPort: http
-    - name: https
-      port: 443
-      targetPort: https
-
----
-
+  externalTrafficPolicy: Cluster
diff --git a/deploy/aws/l7/kustomization.yaml b/deploy/aws/l7/kustomization.yaml
@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+- ../../cloud-generic
+patchesStrategicMerge:
+- service-l7.yaml
+configMapGenerator:
+- name: nginx-configuration
+  behavior: merge
+  literals:
+  - use-proxy-protocol=false
+  - use-forwarded-headers=true
+  - proxy-real-ip-cidr=0.0.0.0/0 # restrict this to the IP addresses of ELB
diff --git a/deploy/provider/aws/service-l7.yaml → deploy/aws/l7/service-l7.yaml b/deploy/provider/aws/service-l7.yaml → deploy/aws/l7/service-l7.yaml
@@ -2,10 +2,6 @@ kind: Service
 apiVersion: v1
 metadata:
   name: ingress-nginx
-  namespace: ingress-nginx
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
   annotations:
     # replace with the correct value of the generated certificate in the AWS console
     service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"
@@ -18,17 +14,4 @@ metadata:
     # increased to '3600' to avoid any potential issues.
     service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
 spec:
-  type: LoadBalancer
-  selector:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
-  ports:
-    - name: http
-      port: 80
-      targetPort: http
-    - name: https
-      port: 443
-      targetPort: http
-
----
-
+  externalTrafficPolicy: Cluster
diff --git a/deploy/aws/nlb/kustomization.yaml b/deploy/aws/nlb/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+- ../../cloud-generic
+patchesStrategicMerge:
+- service-nlb.yaml
diff --git a/deploy/aws/nlb/service-nlb.yaml b/deploy/aws/nlb/service-nlb.yaml
@@ -0,0 +1,7 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: ingress-nginx
+  annotations:
+    # by default the type is elb (classic load balancer).
+    service.beta.kubernetes.io/aws-load-balancer-type: nlb
diff --git a/deploy/baremetal/kustomization.yaml b/deploy/baremetal/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+- ../cloud-generic
+patchesStrategicMerge:
+- service-nodeport.yaml
diff --git a/test/e2e-image/manifests/service.yaml → deploy/baremetal/service-nodeport.yaml b/test/e2e-image/manifests/service.yaml → deploy/baremetal/service-nodeport.yaml
@@ -3,6 +3,7 @@ kind: Service
 metadata:
   name: ingress-nginx
 spec:
+  type: NodePort
   ports:
     - name: http
       port: 80
@@ -12,6 +13,4 @@ spec:
       port: 443
       targetPort: 443
       protocol: TCP
-  selector:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
+  externalTrafficPolicy: Cluster
diff --git a/deploy/with-rbac.yaml → deploy/cloud-generic/deployment.yaml b/deploy/with-rbac.yaml → deploy/cloud-generic/deployment.yaml
@@ -2,21 +2,10 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: nginx-ingress-controller
-  namespace: ingress-nginx
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
 spec:
   replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: ingress-nginx
-      app.kubernetes.io/part-of: ingress-nginx
   template:
     metadata:
-      labels:
-        app.kubernetes.io/name: ingress-nginx
-        app.kubernetes.io/part-of: ingress-nginx
       annotations:
         prometheus.io/port: "10254"
         prometheus.io/scrape: "true"
@@ -27,10 +16,10 @@ spec:
           image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.24.1
           args:
             - /nginx-ingress-controller
-            - --configmap=$(POD_NAMESPACE)/nginx-configuration
-            - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
-            - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
-            - --publish-service=$(POD_NAMESPACE)/ingress-nginx
+            - --configmap=$(POD_NAMESPACE)/$(NGINX_CONFIGMAP_NAME)
+            - --tcp-services-configmap=$(POD_NAMESPACE)/$(TCP_CONFIGMAP_NAME)
+            - --udp-services-configmap=$(POD_NAMESPACE)/$(UDP_CONFIGMAP_NAME)
+            - --publish-service=$(POD_NAMESPACE)/$(SERVICE_NAME)
             - --annotations-prefix=nginx.ingress.kubernetes.io
           securityContext:
             allowPrivilegeEscalation: true
@@ -74,6 +63,3 @@ spec:
             periodSeconds: 10
             successThreshold: 1
             timeoutSeconds: 10
-
----
-
diff --git a/deploy/cloud-generic/kustomization.yaml b/deploy/cloud-generic/kustomization.yaml
@@ -0,0 +1,50 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: ingress-nginx
+commonLabels:
+  app.kubernetes.io/name: ingress-nginx
+  app.kubernetes.io/part-of: ingress-nginx
+resources:
+- deployment.yaml
+- role-binding.yaml
+- role.yaml
+- service-account.yaml
+- service.yaml
+images:
+- name: quay.io/kubernetes-ingress-controller/nginx-ingress-controller
+  newTag: 0.24.1
+vars:
+- fieldref:
+    fieldPath: metadata.name
+  name: NGINX_CONFIGMAP_NAME
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: nginx-configuration
+- fieldref:
+    fieldPath: metadata.name
+  name: TCP_CONFIGMAP_NAME
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: tcp-services
+- fieldref:
+    fieldPath: metadata.name
+  name: UDP_CONFIGMAP_NAME
+  objref:
+    apiVersion: v1
+    kind: ConfigMap
+    name: udp-services
+- fieldref:
+    fieldPath: metadata.name
+  name: SERVICE_NAME
+  objref:
+    apiVersion: v1
+    kind: Service
+    name: ingress-nginx
+configMapGenerator:
+- name: nginx-configuration
+- name: tcp-services
+- name: udp-services
+generatorOptions:
+  disableNameSuffixHash: true
diff --git a/deploy/cloud-generic/role-binding.yaml b/deploy/cloud-generic/role-binding.yaml
@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: nginx-ingress-role-nisa-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: nginx-ingress-role
+subjects:
+  - kind: ServiceAccount
+    name: nginx-ingress-serviceaccount
diff --git a/deploy/cloud-generic/role.yaml b/deploy/cloud-generic/role.yaml
@@ -0,0 +1,39 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+  name: nginx-ingress-role
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - pods
+      - secrets
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    resourceNames:
+      # Defaults to "<election-id>-<ingress-class>"
+      # Here: "<ingress-controller-leader>-<nginx>"
+      # This has to be adapted if you change either parameter
+      # when launching the nginx-ingress-controller.
+      - "ingress-controller-leader-nginx"
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+    resources:
+      - endpoints
+    verbs:
+      - get
diff --git a/deploy/cloud-generic/service-account.yaml b/deploy/cloud-generic/service-account.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: nginx-ingress-serviceaccount
diff --git a/deploy/provider/cloud-generic.yaml → deploy/cloud-generic/service.yaml b/deploy/provider/cloud-generic.yaml → deploy/cloud-generic/service.yaml
@@ -2,23 +2,13 @@ kind: Service
 apiVersion: v1
 metadata:
   name: ingress-nginx
-  namespace: ingress-nginx
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
 spec:
   externalTrafficPolicy: Local
   type: LoadBalancer
-  selector:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
   ports:
     - name: http
       port: 80
       targetPort: http
     - name: https
       port: 443
       targetPort: https
-
----
-
diff --git a/deploy/cluster-wide/cluster-role-binding.yaml b/deploy/cluster-wide/cluster-role-binding.yaml
@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: nginx-ingress-clusterrole-nisa-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: nginx-ingress-clusterrole
+subjects:
+  - kind: ServiceAccount
+    name: nginx-ingress-serviceaccount
diff --git a/test/e2e-image/manifests/rbac.yaml → deploy/cluster-wide/cluster-role.yaml b/test/e2e-image/manifests/rbac.yaml → deploy/cluster-wide/cluster-role.yaml
@@ -2,9 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRole
 metadata:
   name: nginx-ingress-clusterrole
-  labels:
-    app.kubernetes.io/name: ingress-nginx
-    app.kubernetes.io/part-of: ingress-nginx
 rules:
   - apiGroups:
       - ""

diff --git a/deploy/cluster-wide/kustomization.yaml b/deploy/cluster-wide/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+commonLabels:
+  app.kubernetes.io/name: ingress-nginx
+  app.kubernetes.io/part-of: ingress-nginx
+resources:
+- cluster-role.yaml
+- cluster-role-binding.yaml
diff --git a/deploy/configmap.yaml b/deploy/configmap.yaml