Static manifest generation uses kustomize instead of python (#8099)
* regenerate at 4.0.12 * bash for loop and static values files * add .tool-versions * fixup static manifests with kustomize instead of python * remove spec.replicas where set * generate manifests for all supported versions * update docs * remove all versions except default (1.20) for now * update to 1.1.1/4.0.15
This commit is contained in:
Alastair Firth
GitHub
parent
a665a409da
commit
d16e0dec48
32 changed files with 4566 additions and 4722 deletions
|
|
@ -22,194 +22,51 @@ set -o errexit
|
|||
set -o nounset
|
||||
set -o pipefail
|
||||
|
||||
# for backwards compatibility, the default version of 1.20 is copied to the root of the variant
|
||||
# with enough docs updates, this could be removed
|
||||
# see # DEFAULT VERSION HANDLING
|
||||
K8S_DEFAULT_VERSION=1.20
|
||||
# K8S_TARGET_VERSIONS=("1.19" "1.20" "1.21" "1.22") TODO @afirth revert for #8000
|
||||
K8S_TARGET_VERSIONS=("1.20")
|
||||
|
||||
DIR=$(cd $(dirname "${BASH_SOURCE}")/.. && pwd -P)
|
||||
|
||||
RELEASE_NAME=ingress-nginx
|
||||
NAMESPACE=ingress-nginx
|
||||
# clean
|
||||
rm -rf ${DIR}/deploy/static/provider/*
|
||||
|
||||
NAMESPACE_VAR="
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: $NAMESPACE
|
||||
labels:
|
||||
app.kubernetes.io/name: $RELEASE_NAME
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
"
|
||||
TEMPLATE_DIR="${DIR}/hack/manifest-templates"
|
||||
|
||||
# Baremetal
|
||||
OUTPUT_FILE="${DIR}/deploy/static/provider/baremetal/deploy.yaml"
|
||||
cat << EOF | helm template $RELEASE_NAME ${DIR}/charts/ingress-nginx --namespace $NAMESPACE --values - | $DIR/hack/add-namespace.py $NAMESPACE > ${OUTPUT_FILE}
|
||||
controller:
|
||||
service:
|
||||
type: NodePort
|
||||
# each helm values file `values.yaml` under `hack/manifest-templates/provider` will be generated as provider/<provider>[/variant][/kube-version]/deploy.yaml
|
||||
# TARGET is provider/<provider>[/variant]
|
||||
TARGETS=$(dirname $(cd $DIR/hack/manifest-templates/ && find . -type f -name "values.yaml" ) | cut -d'/' -f2-)
|
||||
for K8S_VERSION in "${K8S_TARGET_VERSIONS[@]}"
|
||||
do
|
||||
for TARGET in ${TARGETS}
|
||||
do
|
||||
TARGET_DIR="${TEMPLATE_DIR}/${TARGET}"
|
||||
MANIFEST="${TEMPLATE_DIR}/common/manifest.yaml" # intermediate manifest
|
||||
OUTPUT_DIR="${DIR}/deploy/static/${TARGET}/${K8S_VERSION}"
|
||||
echo $OUTPUT_DIR
|
||||
|
||||
publishService:
|
||||
enabled: false
|
||||
EOF
|
||||
mkdir -p ${OUTPUT_DIR}
|
||||
cd ${TARGET_DIR}
|
||||
helm template ingress-nginx ${DIR}/charts/ingress-nginx \
|
||||
--values values.yaml \
|
||||
--namespace ingress-nginx \
|
||||
--kube-version ${K8S_VERSION} \
|
||||
> $MANIFEST
|
||||
kustomize --load-restrictor=LoadRestrictionsNone build . > ${OUTPUT_DIR}/deploy.yaml
|
||||
rm $MANIFEST
|
||||
cd ~-
|
||||
# automatically generate the (unsupported) kustomization.yaml for each target
|
||||
sed "s_{TARGET}_${TARGET}_" $TEMPLATE_DIR/static-kustomization-template.yaml > ${OUTPUT_DIR}/kustomization.yaml
|
||||
|
||||
echo "${NAMESPACE_VAR}
|
||||
$(cat ${OUTPUT_FILE})" > ${OUTPUT_FILE}
|
||||
|
||||
# Cloud - generic
|
||||
OUTPUT_FILE="${DIR}/deploy/static/provider/cloud/deploy.yaml"
|
||||
cat << EOF | helm template $RELEASE_NAME ${DIR}/charts/ingress-nginx --namespace $NAMESPACE --values - | $DIR/hack/add-namespace.py $NAMESPACE > ${OUTPUT_FILE}
|
||||
controller:
|
||||
service:
|
||||
type: LoadBalancer
|
||||
externalTrafficPolicy: Local
|
||||
EOF
|
||||
|
||||
echo "${NAMESPACE_VAR}
|
||||
$(cat ${OUTPUT_FILE})" > ${OUTPUT_FILE}
|
||||
|
||||
|
||||
# AWS - NLB
|
||||
OUTPUT_FILE="${DIR}/deploy/static/provider/aws/deploy.yaml"
|
||||
cat << EOF | helm template $RELEASE_NAME ${DIR}/charts/ingress-nginx --namespace $NAMESPACE --values - | $DIR/hack/add-namespace.py $NAMESPACE > ${OUTPUT_FILE}
|
||||
controller:
|
||||
service:
|
||||
type: LoadBalancer
|
||||
externalTrafficPolicy: Local
|
||||
annotations:
|
||||
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
|
||||
service.beta.kubernetes.io/aws-load-balancer-type: nlb
|
||||
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
|
||||
EOF
|
||||
|
||||
echo "${NAMESPACE_VAR}
|
||||
$(cat ${OUTPUT_FILE})" > ${OUTPUT_FILE}
|
||||
|
||||
|
||||
OUTPUT_FILE="${DIR}/deploy/static/provider/aws/deploy-tls-termination.yaml"
|
||||
cat << EOF | helm template $RELEASE_NAME ${DIR}/charts/ingress-nginx --namespace $NAMESPACE --values - | $DIR/hack/add-namespace.py $NAMESPACE > ${OUTPUT_FILE}
|
||||
controller:
|
||||
service:
|
||||
type: LoadBalancer
|
||||
externalTrafficPolicy: Local
|
||||
|
||||
annotations:
|
||||
# This example is for legacy in-tree service load balancer controller for AWS NLB,
|
||||
# that has been phased out from Kubernetes mainline.
|
||||
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"
|
||||
service.beta.kubernetes.io/aws-load-balancer-type: nlb
|
||||
# Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default,
|
||||
# NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
|
||||
# increased to '3600' to avoid any potential issues.
|
||||
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
|
||||
|
||||
targetPorts:
|
||||
http: tohttps
|
||||
https: http
|
||||
|
||||
# Configures the ports the nginx-controller listens on
|
||||
containerPort:
|
||||
http: 80
|
||||
https: 80
|
||||
tohttps: 2443
|
||||
|
||||
config:
|
||||
proxy-real-ip-cidr: XXX.XXX.XXX/XX
|
||||
use-forwarded-headers: "true"
|
||||
http-snippet: |
|
||||
server {
|
||||
listen 2443;
|
||||
return 308 https://\$host\$request_uri;
|
||||
}
|
||||
EOF
|
||||
|
||||
echo "${NAMESPACE_VAR}
|
||||
$(cat ${OUTPUT_FILE})" > ${OUTPUT_FILE}
|
||||
|
||||
# Kind - https://kind.sigs.k8s.io/docs/user/ingress/
|
||||
OUTPUT_FILE="${DIR}/deploy/static/provider/kind/deploy.yaml"
|
||||
cat << EOF | helm template $RELEASE_NAME ${DIR}/charts/ingress-nginx --namespace $NAMESPACE --values - | $DIR/hack/add-namespace.py $NAMESPACE > ${OUTPUT_FILE}
|
||||
controller:
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 1
|
||||
hostPort:
|
||||
enabled: true
|
||||
terminationGracePeriodSeconds: 0
|
||||
service:
|
||||
type: NodePort
|
||||
watchIngressWithoutClass: true
|
||||
|
||||
nodeSelector:
|
||||
ingress-ready: "true"
|
||||
tolerations:
|
||||
- key: "node-role.kubernetes.io/master"
|
||||
operator: "Equal"
|
||||
effect: "NoSchedule"
|
||||
|
||||
publishService:
|
||||
enabled: false
|
||||
extraArgs:
|
||||
publish-status-address: localhost
|
||||
EOF
|
||||
|
||||
# Digital Ocean
|
||||
echo "${NAMESPACE_VAR}
|
||||
$(cat ${OUTPUT_FILE})" > ${OUTPUT_FILE}
|
||||
|
||||
OUTPUT_FILE="${DIR}/deploy/static/provider/do/deploy.yaml"
|
||||
cat << EOF | helm template $RELEASE_NAME ${DIR}/charts/ingress-nginx --namespace $NAMESPACE --values - | $DIR/hack/add-namespace.py $NAMESPACE > ${OUTPUT_FILE}
|
||||
controller:
|
||||
service:
|
||||
type: LoadBalancer
|
||||
externalTrafficPolicy: Local
|
||||
annotations:
|
||||
service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"
|
||||
config:
|
||||
use-proxy-protocol: "true"
|
||||
admissionWebhooks:
|
||||
timeoutSeconds: 29
|
||||
|
||||
EOF
|
||||
|
||||
# Scaleway
|
||||
echo "${NAMESPACE_VAR}
|
||||
$(cat ${OUTPUT_FILE})" > ${OUTPUT_FILE}
|
||||
|
||||
OUTPUT_FILE="${DIR}/deploy/static/provider/scw/deploy.yaml"
|
||||
cat << EOF | helm template $RELEASE_NAME ${DIR}/charts/ingress-nginx --namespace $NAMESPACE --values - | $DIR/hack/add-namespace.py $NAMESPACE > ${OUTPUT_FILE}
|
||||
controller:
|
||||
service:
|
||||
type: LoadBalancer
|
||||
externalTrafficPolicy: Local
|
||||
annotations:
|
||||
service.beta.kubernetes.io/scw-loadbalancer-proxy-protocol-v2: "true"
|
||||
config:
|
||||
use-proxy-protocol: "true"
|
||||
|
||||
EOF
|
||||
|
||||
# Exoscale
|
||||
echo "${NAMESPACE_VAR}
|
||||
$(cat ${OUTPUT_FILE})" > ${OUTPUT_FILE}
|
||||
|
||||
OUTPUT_FILE="${DIR}/deploy/static/provider/exoscale/deploy.yaml"
|
||||
cat << EOF | helm template $RELEASE_NAME ${DIR}/charts/ingress-nginx --namespace $NAMESPACE --values - | $DIR/hack/add-namespace.py $NAMESPACE > ${OUTPUT_FILE}
|
||||
controller:
|
||||
kind: DaemonSet
|
||||
service:
|
||||
type: LoadBalancer
|
||||
externalTrafficPolicy: Local
|
||||
annotations:
|
||||
service.beta.kubernetes.io/exoscale-loadbalancer-name: "nginx-ingress-controller"
|
||||
service.beta.kubernetes.io/exoscale-loadbalancer-description: "NGINX Ingress Controller load balancer"
|
||||
service.beta.kubernetes.io/exoscale-loadbalancer-service-strategy: "source-hash"
|
||||
service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-mode: "http"
|
||||
service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-uri: "/"
|
||||
service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-interval: "10s"
|
||||
service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-timeout: "3s"
|
||||
service.beta.kubernetes.io/exoscale-loadbalancer-service-healthcheck-retries: "1"
|
||||
publishService:
|
||||
enabled: true
|
||||
EOF
|
||||
|
||||
echo "${NAMESPACE_VAR}
|
||||
$(cat ${OUTPUT_FILE})" > ${OUTPUT_FILE}
|
||||
# DEFAULT VERSION HANDLING
|
||||
if [[ ${K8S_VERSION} = ${K8S_DEFAULT_VERSION} ]]
|
||||
then
|
||||
cp ${OUTPUT_DIR}/*.yaml ${OUTPUT_DIR}/../
|
||||
sed -i "1s/^/#GENERATED FOR K8S ${K8S_VERSION}\n/" ${OUTPUT_DIR}/../deploy.yaml
|
||||
rm -rf ${OUTPUT_DIR} # TODO @afirth remove for #8000 - this avoids the duplicate files for easier review of the build script changes
|
||||
fi
|
||||
done
|
||||
done
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue