Skip to content

Commit

Permalink
chore: Add external ingress-nginx controller (#58)
Browse files Browse the repository at this point in the history 
Jira: EPMDEDP-13452
Related: #58

Change-Id: I0690faa2bb3b911f6e9a9b63e8d4c64fdb6e1621
  • Loading branch information
@Artem-Zahumonnyi
Artem-Zahumonnyi committed Mar 13, 2024
1 parent 35d0965 commit db4b406
Show file tree
Hide file tree
Showing 8 changed files with 271 additions and 0 deletions.
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,7 @@ make update-readme
| harbor-ha | 1.13.0 | 2.9.0 | False | False |
| harbor-ha-okd | 1.13.0 | 2.9.0 | False | False |
| ingress-nginx | 4.7.3 | 1.8.4 | False | False |
| ingress-nginx-external | 4.7.3 | 1.8.4 | False | False |
| jaeger-operator | 1.45.0 | 1.45.0 | False | False |
| keycloak | 2.3.0 | 22.0.4 | False | False |
| keycloak-postgresql | 0.1.1 | 1.0 | False | False |
Expand Down
20 changes: 20 additions & 0 deletions add-ons/ingress-nginx-external/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
apiVersion: v2
name: ingress-nginx
description: A Helm chart for Nginx Ingress Controller

# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
type: application

# The chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
version: 4.7.3

# Version number of the application being deployed. This version number should be
# incremented each time you make changes to the application.
appVersion: "1.8.4"

dependencies:
- name: ingress-nginx
version: 4.7.3
repository: https://kubernetes.github.io/ingress-nginx
95 changes: 95 additions & 0 deletions add-ons/ingress-nginx-external/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
# ingress-nginx

![Version: 4.7.3](https://img.shields.io/badge/Version-4.7.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.8.4](https://img.shields.io/badge/AppVersion-1.8.4-informational?style=flat-square)

A Helm chart for Nginx Ingress Controller

# Internal and External Ingress Controllers

The **Internal Ingress Controller** is used for internal traffic, while the **External Ingress Controller** is used for external traffic.

┌────────────────────────────────┐
│ Kubernetes Cluster │
├──────────┐ │
│ NodePort │ │
┌────► ◄──┐ │
│ │ 32443 │ │ ┌───────────┐ │
┌───────────────────────┐ │ ├──────────┘ │ │ Internal │ │
│ Internal LoadBalancer ├────────┤ │ ├─┤ Ingress │ │
└───────────────────────┘ │ ├──────────┐ │ │ Controller│ │
│ │ NodePort │ │ └───────────┘ │
└────► ◄──┘ │
│ 32080 │ │
├──────────┘ │
│ │
│ │
├──────────┐ │
│ NodePort │ │
┌────► ◄──┐ │
│ │ 31443 │ │ ┌───────────┐ │
┌───────────────────────┐ │ ├──────────┘ │ │ External │ │
│ External LoadBalancer ├────────┤ │ ├─┤ Ingress │ │
└───────────────────────┘ │ ├──────────┐ │ │ Controller│ │
│ │ NodePort │ │ └───────────┘ │
└────► ◄──┘ │
│ 31080 │ │
├──────────┘ │
│ │
└────────────────────────────────┘

To deploy and use the **Internal Ingress Controller** and **External Ingress Controller** in the cluster, follow the steps below:

1. Enable the `Internal Ingress Controller` add-on by setting the `ingress-nginx.enable: true` and `ingress-nginx.createNamespace: true` parameters in the `charts/values.yaml` file.<br>
This will create the `ingress-nginx` namespace and deploy the **Internal Ingress Controller** in the cluster.<br>
Internal Ingress Controller listens to the following node ports: 32080 and 32443.<br>
The `watchIngressWithoutClass` parameter is set to `true`, so the Internal Ingress Controller will watch for all Ingress resources withing the cluster.

> **NOTE:** Internal Ingress Controller is watching for all Ingress resources within a cluster.<br>
You should set the `ingressClassName` parameter in the Ingress resource to `nginx` or leave it empty.

2. Enable the `External Ingress Controller` add-on by setting the `ingress-nginx-external.enable: true` and `ingress-nginx-external.createNamespace: true` parameters in the `charts/values.yaml` file.<br>
This will create the `ingress-nginx-external` namespace and deploy the **External Ingress Controller** in the cluster.<br>
Internal Ingress Controller listens to the following node ports: 31080 and 31443.<br>

> **NOTE:** External Ingress Controller is not watching for all Ingress resources within a cluster.<br>
To use the External Ingress Controller, you need to set the `ingressClassName` parameter in the Ingress resource to `nginx-external`.

## Requirements

| Repository | Name | Version |
|------------|------|---------|
| https://kubernetes.github.io/ingress-nginx | ingress-nginx | 4.7.3 |

## Values

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| ingress-nginx.controller.addHeaders.Strict-Transport-Security | string | `"max-age=63072000; includeSubDomains"` | |
| ingress-nginx.controller.addHeaders.X-Content-Type-Options | string | `"nosniff"` | |
| ingress-nginx.controller.addHeaders.X-Frame-Options | string | `"SAMEORIGIN"` | |
| ingress-nginx.controller.config.client-header-buffer-size | string | `"64k"` | |
| ingress-nginx.controller.config.http2-max-field-size | string | `"64k"` | |
| ingress-nginx.controller.config.http2-max-header-size | string | `"64k"` | |
| ingress-nginx.controller.config.keep-alive | string | `"10"` | |
| ingress-nginx.controller.config.large-client-header-buffers | string | `"4 64k"` | |
| ingress-nginx.controller.config.proxy-buffer-size | string | `"8k"` | |
| ingress-nginx.controller.config.proxy-real-ip-cidr | string | `"192.168.0.0/20"` | |
| ingress-nginx.controller.config.ssl-redirect | string | `"true"` | |
| ingress-nginx.controller.config.upstream-keepalive-timeout | string | `"120"` | |
| ingress-nginx.controller.config.use-forwarded-headers | string | `"true"` | |
| ingress-nginx.controller.ingressClassResource.controllerValue | string | `"k8s.io/external-ingress-nginx"` | |
| ingress-nginx.controller.ingressClassResource.name | string | `"external-nginx"` | |
| ingress-nginx.controller.podAnnotations."fluentbit.io/parser" | string | `"k8s-nginx-ingress"` | |
| ingress-nginx.controller.resources.limits.memory | string | `"256Mi"` | |
| ingress-nginx.controller.resources.requests.cpu | string | `"50m"` | |
| ingress-nginx.controller.resources.requests.memory | string | `"128M"` | |
| ingress-nginx.controller.service.nodePorts.http | int | `31080` | |
| ingress-nginx.controller.service.nodePorts.https | int | `31443` | |
| ingress-nginx.controller.service.type | string | `"NodePort"` | |
| ingress-nginx.controller.watchIngressWithoutClass | bool | `false` | |
| ingress-nginx.defaultBackend.enabled | bool | `true` | |
| ingress-nginx.metrics.enabled | bool | `true` | |
| ingress-nginx.serviceAccount.create | bool | `true` | |
| ingress-nginx.serviceAccount.name | string | `"nginx-ingress-service-account"` | |
| ingress-nginx.updateStrategy.rollingUpdate.maxUnavailable | int | `1` | |
| ingress-nginx.updateStrategy.type | string | `"RollingUpdate"` | |
66 changes: 66 additions & 0 deletions add-ons/ingress-nginx-external/README.md.gotmpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}

{{ template "chart.badgesSection" . }}

{{ template "chart.description" . }}

{{ template "chart.homepageLine" . }}

# Internal and External Ingress Controllers

The **Internal Ingress Controller** is used for internal traffic, while the **External Ingress Controller** is used for external traffic.

┌────────────────────────────────┐
│ Kubernetes Cluster │
├──────────┐ │
│ NodePort │ │
┌────► ◄──┐ │
│ │ 32443 │ │ ┌───────────┐ │
┌───────────────────────┐ │ ├──────────┘ │ │ Internal │ │
│ Internal LoadBalancer ├────────┤ │ ├─┤ Ingress │ │
└───────────────────────┘ │ ├──────────┐ │ │ Controller│ │
│ │ NodePort │ │ └───────────┘ │
└────► ◄──┘ │
│ 32080 │ │
├──────────┘ │
│ │
│ │
├──────────┐ │
│ NodePort │ │
┌────► ◄──┐ │
│ │ 31443 │ │ ┌───────────┐ │
┌───────────────────────┐ │ ├──────────┘ │ │ External │ │
│ External LoadBalancer ├────────┤ │ ├─┤ Ingress │ │
└───────────────────────┘ │ ├──────────┐ │ │ Controller│ │
│ │ NodePort │ │ └───────────┘ │
└────► ◄──┘ │
│ 31080 │ │
├──────────┘ │
│ │
└────────────────────────────────┘

To deploy and use the **Internal Ingress Controller** and **External Ingress Controller** in the cluster, follow the steps below:

1. Enable the `Internal Ingress Controller` add-on by setting the `ingress-nginx.enable: true` and `ingress-nginx.createNamespace: true` parameters in the `charts/values.yaml` file.<br>
This will create the `ingress-nginx` namespace and deploy the **Internal Ingress Controller** in the cluster.<br>
Internal Ingress Controller listens to the following node ports: 32080 and 32443.<br>
The `watchIngressWithoutClass` parameter is set to `true`, so the Internal Ingress Controller will watch for all Ingress resources withing the cluster.

> **NOTE:** Internal Ingress Controller is watching for all Ingress resources within a cluster.<br>
You should set the `ingressClassName` parameter in the Ingress resource to `nginx` or leave it empty.

2. Enable the `External Ingress Controller` add-on by setting the `ingress-nginx-external.enable: true` and `ingress-nginx-external.createNamespace: true` parameters in the `charts/values.yaml` file.<br>
This will create the `ingress-nginx-external` namespace and deploy the **External Ingress Controller** in the cluster.<br>
Internal Ingress Controller listens to the following node ports: 31080 and 31443.<br>

> **NOTE:** External Ingress Controller is not watching for all Ingress resources within a cluster.<br>
To use the External Ingress Controller, you need to set the `ingressClassName` parameter in the Ingress resource to `nginx-external`.

{{ template "chart.maintainersSection" . }}

{{ template "chart.sourcesSection" . }}

{{ template "chart.requirementsSection" . }}

{{ template "chart.valuesSection" . }}
50 changes: 50 additions & 0 deletions add-ons/ingress-nginx-external/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
ingress-nginx:
controller:
podAnnotations:
fluentbit.io/parser: k8s-nginx-ingress
addHeaders:
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains
resources:
limits:
memory: "256Mi"
requests:
cpu: "50m"
memory: "128M"
config:
ssl-redirect: 'true'
client-header-buffer-size: '64k'
http2-max-field-size: '64k'
http2-max-header-size: '64k'
large-client-header-buffers: '4 64k'
upstream-keepalive-timeout: '120'
keep-alive: '10'
use-forwarded-headers: 'true'
proxy-real-ip-cidr: '192.168.0.0/20'
proxy-buffer-size: '8k'

# This Ingress Class should be used when requested by the user in his Ingress resources.
watchIngressWithoutClass: false

ingressClassResource:
# To expose endpoints via this Ingress Controller, you should use the following Ingress Class in your Ingress resources.
name: "external-nginx"
controllerValue: "k8s.io/external-ingress-nginx"

service:
type: NodePort
nodePorts:
http: 31080
https: 31443
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
metrics:
enabled: true
defaultBackend:
enabled: true
serviceAccount:
create: true
name: nginx-ingress-service-account
2 changes: 2 additions & 0 deletions chart/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ EDP Cluster Addons that extend the Kubernetes Cluster Functionality
| harbor-ha.enable | bool | `false` | |
| harbor.createNamespace | bool | `false` | |
| harbor.enable | bool | `false` | |
| ingress-nginx-external.createNamespace | bool | `false` | |
| ingress-nginx-external.enable | bool | `false` | |
| ingress-nginx.createNamespace | bool | `false` | |
| ingress-nginx.enable | bool | `false` | |
| jaeger-operator.createNamespace | bool | `false` | |
Expand Down
33 changes: 33 additions & 0 deletions chart/templates/ingress-nginx-external.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
{{- if and (index .Values "ingress-nginx-external") (index .Values "ingress-nginx-external" "enable") -}}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: ingress-nginx-external
namespace: {{ .Values.argoNamespace | default "argocd" }}
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: {{ .Values.argoProject | default "default" }}
source:
repoURL: {{ .Values.repoUrl }}
path: add-ons/ingress-nginx-external
targetRevision: {{ .Values.targetRevision }}
helm:
values: |
ingress-nginx:
{{- toYaml (index .Values "ingress-nginx-external") | nindent 10 }}
destination:
name: {{ .Values.destinationServer | default "in-cluster" }}
namespace: ingress-nginx-external
syncPolicy:
automated:
prune: true
syncOptions:
- CreateNamespace={{ (index .Values "ingress-nginx-external" "createNamespace") }}
retry:
limit: 1
backoff:
duration: 5s
factor: 2
maxDuration: 1m
{{- end -}}
4 changes: 4 additions & 0 deletions chart/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,10 @@ ingress-nginx:
createNamespace: false
enable: false

ingress-nginx-external:
createNamespace: false
enable: false

jaeger-operator:
enable: false
createNamespace: false
Expand Down

0 comments on commit db4b406

Please sign in to comment.