diff --git a/CHANGELOG.md b/CHANGELOG.md index 314c1e32f2..466c90f0ea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,10 +4,13 @@ [Full Changelog](https://github.com/cloudfoundry/stratos/compare/2.6.0...2.6.1) -This release contains two fixes: +This release contains a few fixes: **Fixes:** +- Helm Chart does not work with Kubernetes 1.16 [\#4022](https://github.com/cloudfoundry/stratos/issues/4022) +- Generated Ingress certificates during Kubernetes deployment are empty [\#4006](https://github.com/cloudfoundry/stratos/issues/4006) +- Kubernetes Ingress certificate is incorrectly set [\#4005](https://github.com/cloudfoundry/stratos/issues/4005) - Update metric used for cells [\#4009](https://github.com/cloudfoundry/stratos/pull/4009) - Fix incorrect SSO behaviour following 2.4.0 --> 2.6.0 upgrade [\#4015](https://github.com/cloudfoundry/stratos/pull/4015) diff --git a/deploy/kubernetes/build.sh b/deploy/kubernetes/build.sh index 0fcf535154..e7c2c0ad79 100755 --- a/deploy/kubernetes/build.sh +++ b/deploy/kubernetes/build.sh @@ -26,8 +26,9 @@ ADD_OFFICIAL_TAG="false" TAG_LATEST="false" NO_PUSH="true" DOCKER_REG_DEFAULTS="true" +CHART_ONLY="false" -while getopts ":ho:r:t:Tclb:On" opt; do +while getopts ":ho:r:t:Tclb:Op" opt; do case $opt in h) echo @@ -64,6 +65,9 @@ while getopts ":ho:r:t:Tclb:On" opt; do p) NO_PUSH="false" ;; + c) + CHART_ONLY="true" + ;; \?) echo "Invalid option: -${OPTARG}" >&2 exit 1 @@ -175,22 +179,24 @@ cleanup updateTagForRelease -# Build all of the components that make up the Console +if [ "${CHART_ONLY}" == "false" ]; then + # Build all of the components that make up the Console -log "-- Build & publish the runtime container image for Jetstream (backend)" -patchAndPushImage stratos-jetstream deploy/Dockerfile.bk "${STRATOS_PATH}" prod-build + log "-- Build & publish the runtime container image for Jetstream (backend)" + patchAndPushImage stratos-jetstream deploy/Dockerfile.bk "${STRATOS_PATH}" prod-build -# Build the postflight container -log "-- Build & publish the runtime container image for the postflight job" -patchAndPushImage stratos-postflight-job deploy/Dockerfile.bk "${STRATOS_PATH}" postflight-job + # Build the postflight container + log "-- Build & publish the runtime container image for the postflight job" + patchAndPushImage stratos-postflight-job deploy/Dockerfile.bk "${STRATOS_PATH}" postflight-job -# Build and push an image based on the mariab db container -log "-- Building/publishing MariaDB" -patchAndPushImage stratos-mariadb Dockerfile.mariadb "${STRATOS_PATH}/deploy/db" + # Build and push an image based on the mariab db container + log "-- Building/publishing MariaDB" + patchAndPushImage stratos-mariadb Dockerfile.mariadb "${STRATOS_PATH}/deploy/db" -# Build and push an image based on the nginx container (Front-end) -log "-- Building/publishing the runtime container image for the Console web server (frontend)" -patchAndPushImage stratos-console deploy/Dockerfile.ui "${STRATOS_PATH}" prod-build + # Build and push an image based on the nginx container (Front-end) + log "-- Building/publishing the runtime container image for the Console web server (frontend)" + patchAndPushImage stratos-console deploy/Dockerfile.ui "${STRATOS_PATH}" prod-build +fi log "-- Building Helm Chart" diff --git a/deploy/kubernetes/console/templates/__helpers.tpl b/deploy/kubernetes/console/templates/__helpers.tpl index 5511d09bad..c24f888f74 100644 --- a/deploy/kubernetes/console/templates/__helpers.tpl +++ b/deploy/kubernetes/console/templates/__helpers.tpl @@ -106,6 +106,24 @@ tls.crt: {{ $cert.Cert | b64enc }} tls.key: {{ $cert.Key | b64enc }} {{- end -}} +{{/* +Generate self-signed certificate for ingress if needed +*/}} +{{- define "console.generateIngressCertificate" -}} +{{- $altNames := list (printf "%s" .Values.console.service.ingress.host) (printf "%s.%s" (include "console.certName" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "console.certName" .) .Release.Namespace ) -}} +{{- $ca := genCA "stratos-ca" 365 -}} +{{- $cert := genSignedCert ( include "console.certName" . ) nil $altNames 365 $ca -}} +{{- if .Values.console.service.ingress.tls.crt }} + tls.crt: {{ .Values.console.service.ingress.tls.crt | b64enc | quote }} +{{- else }} + tls.crt: {{ $cert.Cert | b64enc | quote }} +{{- end -}} +{{- if .Values.console.service.ingress.tls.key }} + tls.key: {{ .Values.console.service.ingress.tls.key | b64enc | quote }} +{{- else }} + tls.key: {{ $cert.Key | b64enc | quote }} +{{- end -}} +{{- end -}} {{/* Ingress Host from .Values.console.service diff --git a/deploy/kubernetes/console/templates/deployment.yaml b/deploy/kubernetes/console/templates/deployment.yaml index 1f36fc9548..7ed9f7bb50 100644 --- a/deploy/kubernetes/console/templates/deployment.yaml +++ b/deploy/kubernetes/console/templates/deployment.yaml @@ -1,5 +1,9 @@ --- +{{- if semverCompare ">=1.16" (printf "%s.%s" .Capabilities.KubeVersion.Major .Capabilities.KubeVersion.Minor)}} +apiVersion: apps/v1 +{{- else }} apiVersion: apps/v1beta1 +{{- end }} kind: StatefulSet metadata: name: stratos @@ -309,7 +313,11 @@ spec: name: {{ .Values.console.templatesConfigMapName }} {{- end }} --- +{{- if semverCompare ">=1.16" (printf "%s.%s" .Capabilities.KubeVersion.Major .Capabilities.KubeVersion.Minor)}} +apiVersion: apps/v1 +{{- else }} apiVersion: extensions/v1beta1 +{{- end }} kind: Deployment metadata: name: stratos-db diff --git a/deploy/kubernetes/console/templates/ingress.yaml b/deploy/kubernetes/console/templates/ingress.yaml index 2578b52df5..f50266c71b 100644 --- a/deploy/kubernetes/console/templates/ingress.yaml +++ b/deploy/kubernetes/console/templates/ingress.yaml @@ -21,13 +21,16 @@ metadata: app.kubernetes.io/component: "console-ingress-tls" helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" data: - tls.crt: {{ .Values.console.service.ingress.tls.crt | default "" | b64enc | quote }} - tls.key: {{ .Values.console.service.ingress.tls.key | default "" | b64enc | quote }} +{{ template "console.generateIngressCertificate" . }} {{- end }} --- # Ingress for the Console UI service +{{- if semverCompare ">=1.16" (printf "%s.%s" .Capabilities.KubeVersion.Major .Capabilities.KubeVersion.Minor) }} +apiVersion: "networking.k8s.io/v1beta1" +{{- else }} apiVersion: "extensions/v1beta1" +{{- end }} kind: "Ingress" metadata: name: "{{ .Release.Name }}-ingress" @@ -35,6 +38,9 @@ metadata: {{- if hasKey .Values.console.service.ingress.annotations "kubernetes.io/ingress.class" | not -}} {{ $_ := set .Values.console.service.ingress.annotations "kubernetes.io/ingress.class" "nginx" }} {{- end }} + {{- if hasKey .Values.console.service.ingress.annotations "kubernetes.io/ingress.allow-http" | not -}} + {{ $_ := set .Values.console.service.ingress.annotations "kubernetes.io/ingress.allow-http" "false" }} + {{- end }} {{- if hasKey .Values.console.service.ingress.annotations "nginx.ingress.kubernetes.io/secure-backends" | not -}} {{ $_ := set .Values.console.service.ingress.annotations "nginx.ingress.kubernetes.io/secure-backends" "true" }} {{- end }} @@ -60,7 +66,7 @@ metadata: {{- end }} spec: tls: - - secretName: {{ default "{{ .Release.Name }}-ingress-tls" .Values.console.service.ingress.secretName | quote }} + - secretName: {{ default (print .Release.Name "-ingress-tls") .Values.console.service.ingress.secretName | quote }} hosts: - {{ template "ingress.host" . }} rules: diff --git a/deploy/kubernetes/console/tests/ingress_test.yaml b/deploy/kubernetes/console/tests/ingress_test.yaml index d275098c9b..50f214b502 100644 --- a/deploy/kubernetes/console/tests/ingress_test.yaml +++ b/deploy/kubernetes/console/tests/ingress_test.yaml @@ -47,10 +47,9 @@ tests: - equal: path: kind value: "Secret" - - equal: + - isNotEmpty: path: data.tls\.crt - value: "" - - equal: + - isNotEmpty: path: data.tls\.key value: "" - it: should create secret with specified values @@ -147,6 +146,7 @@ tests: - equal: path: metadata.annotations value: + kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/secure-backends: "true" nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" @@ -171,6 +171,7 @@ tests: - equal: path: metadata.annotations value: + kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/secure-backends: "true" nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" @@ -196,6 +197,7 @@ tests: path: metadata.annotations value: test-annotation: "test" + kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/secure-backends: "true" nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" diff --git a/deploy/kubernetes/console/tests/kube_version_test.yaml b/deploy/kubernetes/console/tests/kube_version_test.yaml new file mode 100644 index 0000000000..c803485484 --- /dev/null +++ b/deploy/kubernetes/console/tests/kube_version_test.yaml @@ -0,0 +1,31 @@ +suite: test stratos deployment with kube versions +templates: + - deployment.yaml +tests: + - it: should use newer API versions when kube >= 1.16 + capabilities: + kubeVersion: + major: 1 + minor: 16 + asserts: + - equal: + path: apiVersion + value: apps/v1 + - it: should use newer API versions when kube >= 2 + capabilities: + kubeVersion: + major: 2 + minor: 1 + asserts: + - equal: + path: apiVersion + value: apps/v1 + - it: should use older API versions when kube < 1.16 + capabilities: + kubeVersion: + major: 1 + minor: 14 + asserts: + - equal: + path: apiVersion + value: apps/v1beta1