Switch to relying on the nginx-ingress controller rather than our dumb proxy

There can be one ingress controller (ish) per clusters, but dumping an ingress resource in each namespace with a specific path seems to do the right thing as far as routing everything under codevalet.io
2017-11-29 16:52:01 -08:00 · 2017-11-29 16:52:01 -08:00 · f833106f82
parent 8cacff969c
commit f833106f82
4 changed files with 203 additions and 63 deletions
--- a/k8s/canary.yaml
+++ b/k8s/canary.yaml
@ -13,15 +13,12 @@ items:
      name: 'canary'
      namespace: 'canary'
    spec:
-      type: 'LoadBalancer'
-      selector:
-        name: 'canary'
      ports:
-        -
-          name: 'http'
-          port: 80
+        - port: 80
          targetPort: 9292
-          protocol: 'TCP'
+          protocol: TCP
+      selector:
+        app: 'canary'

  - apiVersion: extensions/v1beta1
    kind: Deployment
@ -74,4 +71,27 @@ items:
                  port: 9292
                initialDelaySeconds: 60
                timeoutSeconds: 10
+
+  - apiVersion: extensions/v1beta1
+    kind: Ingress
+    metadata:
+      name: 'http-ingress'
+      namespace: 'canary'
+      annotations:
+        kubernetes.io/tls-acme: "true"
+        kubernetes.io/ingress.class: "nginx"
+        ingress.kubernetes.io/rewrite-target: /
+    spec:
+      tls:
+      - hosts:
+        - codevalet.io
+        secretName: ingress-tls
+      rules:
+      - host: codevalet.io
+        http:
+          paths:
+          - path: /canary/
+            backend:
+              serviceName: canary
+              servicePort: 80
 # vim: ft=yaml
--- a/k8s/http-ingress.yaml
+++ b/k8s/http-ingress.yaml
@ -0,0 +1,77 @@
+---
+apiVersion: v1
+kind: List
+items:
+  - apiVersion: v1
+    kind: Namespace
+    metadata:
+      name: 'nginx-ingress'
+
+  - apiVersion: v1
+    kind: Service
+    metadata:
+      name: 'nginx'
+      namespace: 'nginx-ingress'
+    spec:
+      type: LoadBalancer
+      ports:
+      - port: 80
+        name: http
+      - port: 443
+        name: https
+      sessionAffinity: 'ClientIP'
+      selector:
+        app: 'nginx'
+
+  - apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      namespace: 'nginx-ingress'
+      name: 'nginx'
+    data:
+      proxy-connect-timeout: "15"
+      proxy-read-timeout: "600"
+      proxy-send-timeout: "600"
+      hsts-include-subdomains: "false"
+      body-size: "64m"
+      server-name-hash-bucket-size: "256"
+
+  - apiVersion: extensions/v1beta1
+    kind: Deployment
+    metadata:
+      name: 'nginx'
+      namespace: 'nginx-ingress'
+    spec:
+      replicas: 1
+      template:
+        metadata:
+          labels:
+            app: 'nginx'
+        spec:
+          containers:
+          - image: 'gcr.io/google_containers/nginx-ingress-controller:0.8.3'
+            name: 'nginx'
+            imagePullPolicy: Always
+            env:
+              - name: POD_NAME
+                valueFrom:
+                  fieldRef:
+                    fieldPath: metadata.name
+              - name: POD_NAMESPACE
+                valueFrom:
+                  fieldRef:
+                    fieldPath: metadata.namespace
+            livenessProbe:
+              httpGet:
+                path: /healthz
+                port: 10254
+                scheme: HTTP
+              initialDelaySeconds: 30
+              timeoutSeconds: 5
+            ports:
+              - containerPort: 80
+              - containerPort: 443
+            args:
+              - /nginx-ingress-controller
+              - --default-backend-service=webapp/webapp
+              - --nginx-configmap=nginx-ingress/nginx
--- a/k8s/jenkins.yaml.template
+++ b/k8s/jenkins.yaml.template
@ -1,29 +1,20 @@
 ---
 # Based on
-# https://radu-matei.github.io/blog/kubernetes-jenkins-azure/#configuring-jenkins-to-dinamically-spawn-agents-docker-containers-for-builds
+# https://github.com/kubernetes/charts/blob/master/stable/jenkins/templates/jenkins-master-deployment.yaml
 #
-# Thanks Radu!
-apiVersion: "v1"
+apiVersion: v1
 kind: "List"
 items:
-  # jenkins
-  - apiVersion: "v1"
-    kind: "PersistentVolume"
+  - apiVersion: v1
+    kind: Namespace
    metadata:
      name: "jenkins-@@USER@@"
-    spec:
-      accessModes:
-        - ReadWriteOnce
-      capacity:
-        storage: 5Gi
-      gcePersistentDisk:
-        pdName: 'jenkins-@@USER@@'
-        fsType: ext4

-  - apiVersion: "v1"
-    kind: "PersistentVolumeClaim"
+  - apiVersion: v1
+    kind: PersistentVolumeClaim
    metadata:
      name: "jenkins-@@USER@@"
+      namespace: "jenkins-@@USER@@"
    spec:
      accessModes:
        - ReadWriteOnce
@ -31,31 +22,77 @@ items:
        requests:
          storage: 5Gi

-  - apiVersion: "v1"
-    kind: "ReplicationController"
+  - apiVersion: v1
+    kind: Service
+    metadata:
+      name: 'jenkins-@@USER@@'
+      namespace: 'jenkins-@@USER@@'
+    spec:
+      ports:
+        - port: 80
+          targetPort: 8080
+          protocol: TCP
+      selector:
+        app: 'jenkins-@@USER@@'
+
+  - apiVersion: extensions/v1beta1
+    kind: Ingress
+    metadata:
+      name: 'http-ingress'
+      annotations:
+        kubernetes.io/tls-acme: "true"
+        kubernetes.io/ingress.class: "nginx"
+    spec:
+      tls:
+      - hosts:
+        - codevalet.io
+        secretName: ingress-tls
+      rules:
+      - host: codevalet.io
+        http:
+          paths:
+          - path: '/u/@@USER@@'
+            backend:
+              serviceName: 'jenkins-@@USER@@'
+              servicePort: 80
+
+  - apiVersion: extensions/v1beta1
+    kind: Deployment
    metadata:
      name: "jenkins-@@USER@@"
+      namespace: "jenkins-@@USER@@"
      labels:
        name: "jenkins-@@USER@@"
    spec:
      replicas: 1
+      strategy:
+        type: RollingUpdate
+      selector:
      template:
        metadata:
-          name: "jenkins-@@USER@@"
          labels:
-            name: "jenkins-@@USER@@"
+            app: "jenkins-@@USER@@"
+          annotations:
        spec:
+          volumes:
+            - name: "jenkins-@@USER@@"
+              persistentVolumeClaim:
+                claimName: "jenkins-@@USER@@"
          containers:
            - name: "jenkins-@@USER@@"
-              image: 'rtyler/codevalet-master:latest'
+              image: "rtyler/codevalet-master:latest"
              imagePullPolicy: Always
              ports:
                - containerPort: 8080
+                  name: http
              resources:
-                limits:
-                  memory: 1G
                requests:
                  memory: 384M
+                limits:
+                  memory: 1G
+              volumeMounts:
+                - name: "jenkins-@@USER@@"
+                  mountPath: "/var/jenkins_home"
              env:
                - name: CPU_REQUEST
                  valueFrom:
@ -120,35 +157,4 @@ items:
                    secretKeyRef:
                      name: jenkins-masters
                      key: azure_subscription
-              volumeMounts:
-                - name: "jenkins-@@USER@@"
-                  mountPath: "/var/jenkins_home"
-              livenessProbe:
-                httpGet:
-                  path: '/u/@@USER@@/login'
-                  port: 8080
-                initialDelaySeconds: 60
-                timeoutSeconds: 5
-          securityContext:
-            fsGroup: 1000
-          volumes:
-            - name: "jenkins-@@USER@@"
-              persistentVolumeClaim:
-                claimName: "jenkins-@@USER@@"
-
-  - apiVersion: "v1"
-    kind: "Service"
-    metadata:
-      name: "jenkins-@@USER@@"
-    spec:
-      type: 'LoadBalancer'
-      selector:
-        name: "jenkins-@@USER@@"
-      ports:
-        -
-          name: "http"
-          port: 80
-          targetPort: 8080
-          protocol: "TCP"
-
 # vim: ft=yaml
--- a/k8s/webapp.yaml
+++ b/k8s/webapp.yaml
@ -7,6 +7,19 @@ items:
    metadata:
      name: 'webapp'

+  - apiVersion: v1
+    kind: Service
+    metadata:
+      name: 'webapp'
+      namespace: 'webapp'
+    spec:
+      ports:
+        - port: 80
+          targetPort: 9292
+          protocol: TCP
+      selector:
+        app: 'webapp'
+
  - apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
@ -15,7 +28,7 @@ items:
      labels:
        name: 'webapp'
    spec:
-      replicas: 3
+      replicas: 1
      strategy:
        type: RollingUpdate
      selector:
@ -27,7 +40,7 @@ items:
        spec:
          containers:
            - name: 'webapp'
-              image: 'rtyler/codevalet-webapp:latest'
+              image: 'rtyler/codevalet-webapp:201711291143'
              imagePullPolicy: Always
              ports:
                - containerPort: 9292
@ -62,4 +75,28 @@ items:
                  port: 9292
                initialDelaySeconds: 60
                timeoutSeconds: 10
+
+  - apiVersion: extensions/v1beta1
+    kind: Ingress
+    metadata:
+      name: 'http-ingress'
+      namespace: 'webapp'
+      annotations:
+        kubernetes.io/tls-acme: "true"
+        kubernetes.io/ingress.class: "nginx"
+        nginx.ingress.kubernetes.io/affinity: 'cookie'
+    spec:
+      tls:
+      - hosts:
+        - codevalet.io
+        secretName: ingress-tls
+      rules:
+      - host: codevalet.io
+        http:
+          paths:
+          - path: /
+            backend:
+              serviceName: webapp
+              servicePort: 80
+
 # vim: ft=yaml