Rearrange deployment files into kustomizations

2019-04-30 09:45:58 -07:00 · 2019-04-30 09:45:58 -07:00 · 51ad0bc54b
commit 51ad0bc54b
parent 1bd3fd2429
56 changed files with 532 additions and 1094 deletions
--- a/deploy/aws/l4/kustomization.yaml
+++ b/deploy/aws/l4/kustomization.yaml
@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+- ../../cloud-generic
+patchesStrategicMerge:
+- service-l4.yaml
+configMapGenerator:
+- name: nginx-configuration
+  behavior: merge
+  literals:
+  - use-proxy-protocol=true
--- a/deploy/aws/l4/service-l4.yaml
+++ b/deploy/aws/l4/service-l4.yaml
@ -0,0 +1,13 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: ingress-nginx
+  annotations:
+    # Enable PROXY protocol
+    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
+    # Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default,
+    # NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
+    # increased to '3600' to avoid any potential issues.
+    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
+spec:
+  externalTrafficPolicy: Cluster
--- a/deploy/aws/l7/kustomization.yaml
+++ b/deploy/aws/l7/kustomization.yaml
@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+- ../../cloud-generic
+patchesStrategicMerge:
+- service-l7.yaml
+configMapGenerator:
+- name: nginx-configuration
+  behavior: merge
+  literals:
+  - use-proxy-protocol=false
+  - use-forwarded-headers=true
+  - proxy-real-ip-cidr=0.0.0.0/0 # restrict this to the IP addresses of ELB
--- a/deploy/aws/l7/service-l7.yaml
+++ b/deploy/aws/l7/service-l7.yaml
@ -0,0 +1,17 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: ingress-nginx
+  annotations:
+    # replace with the correct value of the generated certificate in the AWS console
+    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"
+    # the backend instances are HTTP
+    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
+    # Map port 443
+    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
+    # Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default,
+    # NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
+    # increased to '3600' to avoid any potential issues.
+    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
+spec:
+  externalTrafficPolicy: Cluster
--- a/deploy/aws/nlb/kustomization.yaml
+++ b/deploy/aws/nlb/kustomization.yaml
@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+- ../../cloud-generic
+patchesStrategicMerge:
+- service-nlb.yaml
--- a/deploy/aws/nlb/service-nlb.yaml
+++ b/deploy/aws/nlb/service-nlb.yaml
@ -0,0 +1,7 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: ingress-nginx
+  annotations:
+    # by default the type is elb (classic load balancer).
+    service.beta.kubernetes.io/aws-load-balancer-type: nlb