Merge pull request #2 from veertuinc/0.4.0

0.4.0: nginx ingress support and other minor fixes

charts/anka-build-cloud/Chart.yaml

@@ -1,5 +1,5 @@
 type: application
-version: 0.3.0
+version: 0.4.0
 apiVersion: v2
 name: anka-build-cloud
 appVersion: "1.33.0"

charts/anka-build-cloud/README.md

@@ -37,11 +37,15 @@
         # Automatically create an AWS ALB requires Kubernetes cluster with AWS Load Balancer Controller: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/
         # Comment out ingressALBHostname if you don't wish to set up the AWS ALB (you will need to deploy your own services)
         ingressALBHostname: controller.k8s.myDomain.com
-        # ===========================================
         # SG (ID or Name) must be inside of the VPC that's being used by the cluster
         # Comment out if you want to automatically create an SG for this ALB
         ingressALBSecurityGroup: default
         # ===========================================
+        # Set up ingress using nginx
+        # ingressNginxHostname: controller.k8s.myDomain.com
+        # ingressNginxAuthTLSSecretName: anka-build-cloud/anka-build-cloud-ca-secret
+        # ingressNginxTLSSecretName: anka-build-cloud-cert
+        # ===========================================
         env: |-
           # Find the complete list at https://docs.veertu.com/anka/anka-build-cloud/configuration-reference/#configuration-envs
           - name: ANKA_ANKA_REGISTRY # REQUIRED / Change this to a URL your nodes have access to
@@ -56,7 +60,11 @@
         # ===========================================
         # volumeMounts: |
         #   - name: anka-build-cloud-tls
-        #     mountPath: /opt/anka_tls
+        #     mountPath: /mnt/anka-tls
+        # volumes: |-
+        #   - name: anka-tls
+        #     secret:
+        #       secretName: anka-build-cloud-cert
 
       registry:
         enabled: true
@@ -78,11 +86,15 @@
         # Automatically create an AWS ALB requires Kubernetes cluster with AWS Load Balancer Controller: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/
         # Comment out ingressALBHostname if you don't wish to set up the AWS ALB (you will need to deploy your own services)
         ingressALBHostname: registry.k8s.myDomain.com
-        # ===========================================
         # SG (ID or Name) must be inside of the VPC that's being used by the cluster
         # Comment out if you want to automatically create an SG for this ALB
         ingressALBSecurityGroup: default
         # ===========================================
+        # Set up ingress using nginx
+        # ingressNginxHostname: controller.k8s.myDomain.com
+        # ingressNginxAuthTLSSecretName: anka-build-cloud/anka-build-cloud-ca-secret
+        # ingressNginxTLSSecretName: anka-build-cloud-cert
+        # ===========================================
         # env: |
           # Find the complete list at https://docs.veertu.com/anka/anka-build-cloud/configuration-reference/#configuration-envs
 
@@ -136,9 +148,9 @@
 
         helm delete veertu-helm-charts/anka-build-cloud
 
-4. Change your `controller.k8s.myDomain.com` and `controller.k8s.myDomain.com` to point to the ALB that was set up for each (AWS > EC2 > Target Groups).
+4. Change your `controller.k8s.myDomain.com` and `controller.k8s.myDomain.com` to point to the ingress endpoints that are set up for each (if using nginx, there will be one).
 
-5. Get pod health with `kubectl get pods --namespace anka-build-cloud`
+5. Get health with `kubectl --namespace anka-build-cloud get pod,ingress,svc`
 
 ### Using EFS
 

charts/anka-build-cloud/templates/deployments.yaml

@@ -33,11 +33,17 @@ spec:
           {{- end }}
           {{- if .Values.controller.volumeMounts }}
           volumeMounts:
-          {{- range (splitList "\n" .Values.registry.volumeMounts) }}
+          {{- range (splitList "\n" .Values.controller.volumeMounts) }}
             {{ . }}
           {{- end }}
           {{- end }}
       restartPolicy: Always
+      {{- if .Values.controller.volumes }}
+      volumes:
+      {{- range (splitList "\n" .Values.controller.volumes) }}
+        {{ . }}
+      {{- end }}
+      {{- end }}
 {{ end }}
 ---
 {{ if .Values.registry.enabled }}
@@ -85,6 +91,11 @@ spec:
         - name: registry-data
           persistentVolumeClaim:
             claimName: {{ required ".registry.volumeClaimName value is required!" .Values.registry.volumeClaimName }}
+      {{- if .Values.registry.volumes }}
+      {{- range (splitList "\n" .Values.registry.volumes) }}
+        {{ . }}
+      {{- end }}
+      {{- end }}
 {{ end }}
 ---
 {{ if .Values.etcd.enabled }}
@@ -122,7 +133,7 @@ spec:
           volumeMounts:
             - mountPath: /etcd-data
               name: etcd-data
-          {{- if .Values.registry.volumeMounts }}
+          {{- if .Values.etcd.volumeMounts }}
           {{- range (splitList "\n" .Values.etcd.volumeMounts) }}
             {{ . }}
           {{- end }}
@@ -143,4 +154,9 @@ spec:
         - name: etcd-data
           persistentVolumeClaim:
             claimName: {{ required ".etcd.volumeClaimName value is required!" .Values.etcd.volumeClaimName }}
+      {{- if .Values.etcd.volumes }}
+      {{- range (splitList "\n" .Values.etcd.volumes) }}
+        {{ . }}
+      {{- end }}
+      {{- end }}
 {{ end }}

charts/anka-build-cloud/templates/service.yaml

@@ -1,4 +1,4 @@
-{{ if .Values.controller.ingressALBHostname }}
+{{ if .Values.controller.enabled }}
 ---
 apiVersion: v1
 kind: Service
@@ -10,7 +10,25 @@ spec:
       port: 80
   selector:
     app: controller
-  type: NodePort
+  # type: NodePort ALB need this?
+{{ end }}
+
+{{ if .Values.registry.enabled }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: registry
+spec:
+  ports:
+    - name: registry
+      port: 8089
+  selector:
+    app: registry
+  # type: NodePort
+{{ end }}
+
+{{ if .Values.controller.ingressALBHostname }}
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
@@ -41,18 +59,6 @@ spec:
 ---
 {{ if .Values.registry.ingressALBHostname }}
 ---
-apiVersion: v1
-kind: Service
-metadata:
-  name: registry
-spec:
-  ports:
-    - name: registry
-      port: 8089
-  selector:
-    app: registry
-  type: NodePort
----
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -94,4 +100,82 @@ spec:
     - protocol: TCP
       port: 2379
       targetPort: 2379
-{{ end }}
+{{ end }}
+
+{{ if .Values.controller.ingressNginxHostname }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: controller
+  annotations:
+    {{- if .Values.registry.ingressNginxAuthTLSSecretName }}
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+    nginx.ingress.kubernetes.io/auth-tls-secret: "{{ .Values.controller.ingressNginxAuthTLSSecretName }}"
+    nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"
+    nginx.ingress.kubernetes.io/auth-tls-verify-client: "optional"
+    {{- end }}
+    nginx.ingress.kubernetes.io/client-max-body-size: "0"
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    nginx.ingress.kubernetes.io/proxy-max-temp-file-size: "0"
+    nginx.ingress.kubernetes.io/proxy-buffering: "off"
+    external-dns.alpha.kubernetes.io/hostname: {{ .Values.controller.ingressNginxHostname }}
+spec:
+  ingressClassName: {{ .Values.controller.ingressNginxClassName }}
+  {{- if .Values.controller.ingressNginxTLSSecretName }}
+  tls:
+    - secretName: {{ .Values.controller.ingressNginxTLSSecretName }}
+      hosts:
+        - {{ .Values.controller.ingressNginxHostname }}
+  {{- end }}
+  rules:
+  - host: {{ .Values.controller.ingressNginxHostname }}
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: controller
+            port:
+              number: 80
+{{ end }}
+
+{{ if .Values.registry.ingressNginxHostname }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: registry
+  annotations:
+    {{- if .Values.registry.ingressNginxAuthTLSSecretName }}
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+    nginx.ingress.kubernetes.io/auth-tls-secret: "{{ .Values.registry.ingressNginxAuthTLSSecretName }}"
+    nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"
+    nginx.ingress.kubernetes.io/auth-tls-verify-client: "optional"
+    {{- end }}
+    nginx.ingress.kubernetes.io/client-max-body-size: "0"
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    nginx.ingress.kubernetes.io/proxy-max-temp-file-size: "0"
+    nginx.ingress.kubernetes.io/proxy-buffering: "off"
+    external-dns.alpha.kubernetes.io/hostname: {{ .Values.registry.ingressNginxHostname }}
+spec:
+  ingressClassName: {{ .Values.registry.ingressNginxClassName }}
+  {{- if .Values.registry.ingressNginxTLSSecretName }}
+  tls:
+    - secretName: {{ .Values.registry.ingressNginxTLSSecretName }}
+      hosts:
+        - {{ .Values.registry.ingressNginxHostname }}
+  {{- end }}
+  rules:
+  - host: {{ .Values.registry.ingressNginxHostname }}
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: registry
+            port:
+              number: 8089
+{{ end }}

charts/anka-build-cloud/values.yaml

@@ -8,6 +8,10 @@ controller:
   image: 'veertu/anka-build-cloud-controller'
   replicaCount: 2
   ingressALBHostname: false
+  ingressNginxHostname: false
+  ingressNginxClassName: nginx
+  ingressNginxTLSSecretName: false
+  ingressNginxAuthTLSSecretName: false
 
 registry:
   enabled: true
@@ -20,6 +24,10 @@ registry:
   volumeClaimName: 'registry-data'
   volumeClaimCapacityStorageSize: 200Gi
   ingressALBHostname: false
+  ingressNginxHostname: false
+  ingressNginxClassName: nginx
+  ingressNginxTLSSecretName: false
+  ingressNginxAuthTLSSecretName: false
 
 etcd:
   enabled: true