Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ingress fix #4024

Merged
merged 4 commits into from
Nov 28, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,13 @@

[Full Changelog](https://github.com/cloudfoundry/stratos/compare/2.6.0...2.6.1)

This release contains two fixes:
This release contains a few fixes:

**Fixes:**

- Helm Chart does not work with Kubernetes 1.16 [\#4022](https://github.com/cloudfoundry/stratos/issues/4022)
- Generated Ingress certificates during Kubernetes deployment are empty [\#4006](https://github.com/cloudfoundry/stratos/issues/4006)
- Kubernetes Ingress certificate is incorrectly set [\#4005](https://github.com/cloudfoundry/stratos/issues/4005)
- Update metric used for cells [\#4009](https://github.com/cloudfoundry/stratos/pull/4009)
- Fix incorrect SSO behaviour following 2.4.0 --> 2.6.0 upgrade [\#4015](https://github.com/cloudfoundry/stratos/pull/4015)

Expand Down
32 changes: 19 additions & 13 deletions deploy/kubernetes/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,9 @@ ADD_OFFICIAL_TAG="false"
TAG_LATEST="false"
NO_PUSH="true"
DOCKER_REG_DEFAULTS="true"
CHART_ONLY="false"

while getopts ":ho:r:t:Tclb:On" opt; do
while getopts ":ho:r:t:Tclb:Op" opt; do
case $opt in
h)
echo
Expand Down Expand Up @@ -64,6 +65,9 @@ while getopts ":ho:r:t:Tclb:On" opt; do
p)
NO_PUSH="false"
;;
c)
CHART_ONLY="true"
;;
\?)
echo "Invalid option: -${OPTARG}" >&2
exit 1
Expand Down Expand Up @@ -175,22 +179,24 @@ cleanup

updateTagForRelease

# Build all of the components that make up the Console
if [ "${CHART_ONLY}" == "false" ]; then
# Build all of the components that make up the Console

log "-- Build & publish the runtime container image for Jetstream (backend)"
patchAndPushImage stratos-jetstream deploy/Dockerfile.bk "${STRATOS_PATH}" prod-build
log "-- Build & publish the runtime container image for Jetstream (backend)"
patchAndPushImage stratos-jetstream deploy/Dockerfile.bk "${STRATOS_PATH}" prod-build

# Build the postflight container
log "-- Build & publish the runtime container image for the postflight job"
patchAndPushImage stratos-postflight-job deploy/Dockerfile.bk "${STRATOS_PATH}" postflight-job
# Build the postflight container
log "-- Build & publish the runtime container image for the postflight job"
patchAndPushImage stratos-postflight-job deploy/Dockerfile.bk "${STRATOS_PATH}" postflight-job

# Build and push an image based on the mariab db container
log "-- Building/publishing MariaDB"
patchAndPushImage stratos-mariadb Dockerfile.mariadb "${STRATOS_PATH}/deploy/db"
# Build and push an image based on the mariab db container
log "-- Building/publishing MariaDB"
patchAndPushImage stratos-mariadb Dockerfile.mariadb "${STRATOS_PATH}/deploy/db"

# Build and push an image based on the nginx container (Front-end)
log "-- Building/publishing the runtime container image for the Console web server (frontend)"
patchAndPushImage stratos-console deploy/Dockerfile.ui "${STRATOS_PATH}" prod-build
# Build and push an image based on the nginx container (Front-end)
log "-- Building/publishing the runtime container image for the Console web server (frontend)"
patchAndPushImage stratos-console deploy/Dockerfile.ui "${STRATOS_PATH}" prod-build
fi

log "-- Building Helm Chart"

Expand Down
18 changes: 18 additions & 0 deletions deploy/kubernetes/console/templates/__helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,24 @@ tls.crt: {{ $cert.Cert | b64enc }}
tls.key: {{ $cert.Key | b64enc }}
{{- end -}}

{{/*
Generate self-signed certificate for ingress if needed
*/}}
{{- define "console.generateIngressCertificate" -}}
{{- $altNames := list (printf "%s" .Values.console.service.ingress.host) (printf "%s.%s" (include "console.certName" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "console.certName" .) .Release.Namespace ) -}}
{{- $ca := genCA "stratos-ca" 365 -}}
{{- $cert := genSignedCert ( include "console.certName" . ) nil $altNames 365 $ca -}}
{{- if .Values.console.service.ingress.tls.crt }}
tls.crt: {{ .Values.console.service.ingress.tls.crt | b64enc | quote }}
{{- else }}
tls.crt: {{ $cert.Cert | b64enc | quote }}
{{- end -}}
{{- if .Values.console.service.ingress.tls.key }}
tls.key: {{ .Values.console.service.ingress.tls.key | b64enc | quote }}
{{- else }}
tls.key: {{ $cert.Key | b64enc | quote }}
{{- end -}}
{{- end -}}

{{/*
Ingress Host from .Values.console.service
Expand Down
8 changes: 8 additions & 0 deletions deploy/kubernetes/console/templates/deployment.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
---
{{- if semverCompare ">=1.16" (printf "%s.%s" .Capabilities.KubeVersion.Major .Capabilities.KubeVersion.Minor)}}
apiVersion: apps/v1
{{- else }}
apiVersion: apps/v1beta1
{{- end }}
kind: StatefulSet
metadata:
name: stratos
Expand Down Expand Up @@ -309,7 +313,11 @@ spec:
name: {{ .Values.console.templatesConfigMapName }}
{{- end }}
---
{{- if semverCompare ">=1.16" (printf "%s.%s" .Capabilities.KubeVersion.Major .Capabilities.KubeVersion.Minor)}}
apiVersion: apps/v1
{{- else }}
apiVersion: extensions/v1beta1
{{- end }}
kind: Deployment
metadata:
name: stratos-db
Expand Down
12 changes: 9 additions & 3 deletions deploy/kubernetes/console/templates/ingress.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,20 +21,26 @@ metadata:
app.kubernetes.io/component: "console-ingress-tls"
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
data:
tls.crt: {{ .Values.console.service.ingress.tls.crt | default "" | b64enc | quote }}
tls.key: {{ .Values.console.service.ingress.tls.key | default "" | b64enc | quote }}
{{ template "console.generateIngressCertificate" . }}
{{- end }}

---
# Ingress for the Console UI service
{{- if semverCompare ">=1.16" (printf "%s.%s" .Capabilities.KubeVersion.Major .Capabilities.KubeVersion.Minor) }}
apiVersion: "networking.k8s.io/v1beta1"
{{- else }}
apiVersion: "extensions/v1beta1"
{{- end }}
kind: "Ingress"
metadata:
name: "{{ .Release.Name }}-ingress"
annotations:
{{- if hasKey .Values.console.service.ingress.annotations "kubernetes.io/ingress.class" | not -}}
{{ $_ := set .Values.console.service.ingress.annotations "kubernetes.io/ingress.class" "nginx" }}
{{- end }}
{{- if hasKey .Values.console.service.ingress.annotations "kubernetes.io/ingress.allow-http" | not -}}
{{ $_ := set .Values.console.service.ingress.annotations "kubernetes.io/ingress.allow-http" "false" }}
{{- end }}
{{- if hasKey .Values.console.service.ingress.annotations "nginx.ingress.kubernetes.io/secure-backends" | not -}}
{{ $_ := set .Values.console.service.ingress.annotations "nginx.ingress.kubernetes.io/secure-backends" "true" }}
{{- end }}
Expand All @@ -60,7 +66,7 @@ metadata:
{{- end }}
spec:
tls:
- secretName: {{ default "{{ .Release.Name }}-ingress-tls" .Values.console.service.ingress.secretName | quote }}
- secretName: {{ default (print .Release.Name "-ingress-tls") .Values.console.service.ingress.secretName | quote }}
hosts:
- {{ template "ingress.host" . }}
rules:
Expand Down
8 changes: 5 additions & 3 deletions deploy/kubernetes/console/tests/ingress_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,9 @@ tests:
- equal:
path: kind
value: "Secret"
- equal:
- isNotEmpty:
path: data.tls\.crt
value: ""
- equal:
- isNotEmpty:
path: data.tls\.key
value: ""
- it: should create secret with specified values
Expand Down Expand Up @@ -147,6 +146,7 @@ tests:
- equal:
path: metadata.annotations
value:
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
Expand All @@ -171,6 +171,7 @@ tests:
- equal:
path: metadata.annotations
value:
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
Expand All @@ -196,6 +197,7 @@ tests:
path: metadata.annotations
value:
test-annotation: "test"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
Expand Down
31 changes: 31 additions & 0 deletions deploy/kubernetes/console/tests/kube_version_test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
suite: test stratos deployment with kube versions
templates:
- deployment.yaml
tests:
- it: should use newer API versions when kube >= 1.16
capabilities:
kubeVersion:
major: 1
minor: 16
asserts:
- equal:
path: apiVersion
value: apps/v1
- it: should use newer API versions when kube >= 2
capabilities:
kubeVersion:
major: 2
minor: 1
asserts:
- equal:
path: apiVersion
value: apps/v1
- it: should use older API versions when kube < 1.16
capabilities:
kubeVersion:
major: 1
minor: 14
asserts:
- equal:
path: apiVersion
value: apps/v1beta1