[kong] consolidate Ingress and Service templates (#251)

* [kong] consolidate Ingress and Service templates Add helper functions to handle the bulk of Ingress and Service generation, and rework Ingress and Service templates to use them. Individual service templates now mostly handle enabling/disabling resources and legacy behavior (for admin and proxy). This avoids issues where features (e.g. externalTrafficPolicy and LoadBalancer NodePort overrides) were available on some templates but not others, and eliminates the need to copy-paste template functionality across templates when adding new features in the future. Additionally: - Deprecate support for multi-host proxy Ingresses. As the proxy Ingress now uses the same template as all other services, it only supports a single hostname and TLS Secret. - Remove externalIPs from the default values configurations and do not render it if it is not present. externalIPs should be uncommon (it is designed for bare metal clusters that cannot update Service status automatically) and is easy to confuse with other functionality. - Add a loadBalancerIP comment to the proxy values. This is the setting actually used to request a specific IP from a cloud provider. Note: the reworked service templates run a number of boilerplate templates (e.g. kong.fullname) and store their result alongside the configuration context before invoking kong.ingress and kong.service. Although Helm documentation indicates that the "$" variable always points to the chart root, this isn't actually true for named template invocations: helm/helm#7915 Because of this, templates that require things like .Release.Name cannot access it, and we must render them in advance. * pr: fix indentation * pr: fix incorrect key check * pr: remove legacy config from CI
giantswarm · Jan 18, 2021 · 1510618 · 1510618
1 parent 853be0f
commit 1510618
Show file tree

Hide file tree

Showing 19 changed files with 281 additions and 622 deletions.
diff --git a/ci/test1-values.yaml b/ci/test1-values.yaml
@@ -31,14 +31,14 @@ admin:
  type: NodePort
  ingress:
  enabled: true
- hosts: ["test.com", "test2.com"]
+ hostname: admin.kong.example
  annotations: {}
  path: /
 proxy:
  type: NodePort
  ingress:
  enabled: true
- hosts: ["test.com", "test2.com"]
+ hostname: proxy.kong.example
  annotations: {}
  path: /
 env:

diff --git a/ci/test2-values.yaml b/ci/test2-values.yaml
@@ -25,10 +25,9 @@ proxy:
  type: NodePort
  ingress:
  enabled: true
- hosts: []
+ hostname: proxy.kong.example
  annotations: {}
  path: /
- useTLS: true
 # - add stream listens
  stream:
  - containerPort: 9000

diff --git a/ci/test4-values.yaml b/ci/test4-values.yaml
@@ -12,6 +12,9 @@ admin:
  useTLS: true
  servicePort: 8444
  containerPort: 8444
+ ingress:
+ enabled: true
+ hostname: admin.kong.example
 
 # - disable DB for kong
 env:
@@ -47,3 +50,8 @@ proxy:
  servicePort: 9001
  parameters:
  - ssl
+ ingress:
+ enabled: true
+ hosts:
+ - foo.kong.example
+ - bar.kong.example
diff --git a/example-values/full-k4k8s-with-kong-enterprise.yaml b/example-values/full-k4k8s-with-kong-enterprise.yaml
@@ -69,7 +69,6 @@ proxy:
 
  ingress:
  enabled: false
- hosts: []
  annotations: {}
  path: /
 

diff --git a/templates/NOTES.txt b/templates/NOTES.txt
@@ -25,6 +25,12 @@ Kong: https://bit.ly/k4k8s-get-started
 
 {{- if .Values.runMigrations -}}
 {{/* Legacy migration toggle */}}
-{{- $warnings = append $warnings "You are currently using the legacy runMigrations setting in values.yaml. Support for this will be removed in a future release. Please see the upgrade guide for instructions to update your configuration: https:/Kong/charts/blob/main/charts/kong/UPGRADE.md#changes-to-migration job-configuration" -}}
+{{- $warnings = append $warnings "You are currently using the legacy runMigrations setting in values.yaml. Support for this will be removed in a future release. Please see the upgrade guide for instructions to update your configuration: https:/Kong/charts/blob/main/charts/kong/UPGRADE.md#changes-to-migration-job-configuration" -}}
 {{- end -}}
+
+{{ if (hasKey .Values "proxy.ingress.hosts") -}}
+{{/* Legacy proxy ingress */}}
+{{- $warnings = append $warnings "You are currently using legacy proxy Ingress configuration in values.yaml. Support for this will be removed in a future release. Please see the upgrade guide for instructions to update your configuration: https:/Kong/charts/blob/main/charts/kong/UPGRADE.md#removal-of-multi-host-proxy-ingress" -}}
+{{- end -}}
+
 {{- include "kong.deprecation-warnings" $warnings -}}
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
@@ -56,6 +56,122 @@ Create the name of the service account to use
 {{- end -}}
 {{- end -}}
 
+{{/*
+Create Ingress resource for a Kong service
+*/}}
+{{- define "kong.ingress" -}}
+{{- $servicePort := include "kong.ingress.servicePort" . }}
+{{- $path := .ingress.path -}}
+{{- $hostname := .ingress.hostname -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: {{ .fullName }}-{{ .serviceName }}
+ namespace: {{ .namespace }}
+ labels:
+ {{- .metaLabels | nindent 4 }}
+ {{- if .ingress.annotations }}
+ annotations:
+ {{- range $key, $value := .ingress.annotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+spec:
+ rules:
+ - host: {{ $hostname }}
+ http:
+ paths:
+ - path: {{ $path }}
+ backend:
+ serviceName: {{ .fullName }}-{{ .serviceName }}
+ servicePort: {{ $servicePort }}
+ {{- if (hasKey .ingress "tls") }}
+ tls:
+ - hosts:
+ - {{ $hostname }}
+ secretName: {{ .ingress.tls }}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Create Service resource for a Kong service
+*/}}
+{{- define "kong.service" -}}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .fullName }}-{{ .serviceName }}
+ namespace: {{ .namespace }}
+ {{- if .annotations }}
+ annotations:
+ {{- range $key, $value := .annotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ labels:
+ {{- .metaLabels | nindent 4 }}
+spec:
+ type: {{ .type }}
+ {{- if eq .type "LoadBalancer" }}
+ {{- if .loadBalancerIP }}
+ loadBalancerIP: {{ .loadBalancerIP }}
+ {{- end }}
+ {{- if .loadBalancerSourceRanges }}
+ loadBalancerSourceRanges:
+ {{- range $cidr := .loadBalancerSourceRanges }}
+ - {{ $cidr }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- if .externalIPs }}
+ externalIPs:
+ {{- range $ip := .externalIPs }}
+ - {{ $ip }}
+ {{- end -}}
+ {{- end }}
+ ports:
+ {{- if .http }}
+ {{- if .http.enabled }}
+ - name: kong-{{ .serviceName }}
+ port: {{ .http.servicePort }}
+ targetPort: {{ .http.containerPort }}
+ {{- if (and (or (eq .type "LoadBalancer") (eq .type "NodePort")) (not (empty .http.nodePort))) }}
+ nodePort: {{ .http.nodePort }}
+ {{- end }}
+ protocol: TCP
+ {{- end }}
+ {{- end }}
+ {{- if .tls.enabled }}
+ - name: kong-{{ .serviceName }}-tls
+ port: {{ .tls.servicePort }}
+ targetPort: {{ .tls.overrideServiceTargetPort | default .tls.containerPort }}
+ {{- if (and (or (eq .type "LoadBalancer") (eq .type "NodePort")) (not (empty .tls.nodePort))) }}
+ nodePort: {{ .tls.nodePort }}
+ {{- end }}
+ protocol: TCP
+ {{- end }}
+ {{- if (hasKey . "stream") }}
+ {{- range .stream }}
+ - name: stream-{{ .containerPort }}
+ port: {{ .servicePort }}
+ targetPort: {{ .containerPort }}
+ {{- if (and (or (eq $.type "LoadBalancer") (eq $.type "NodePort")) (not (empty .nodePort))) }}
+ nodePort: {{ .nodePort }}
+ {{- end }}
+ protocol: TCP
+ {{- end }}
+ {{- end }}
+ {{- if .externalTrafficPolicy }}
+ externalTrafficPolicy: {{ .externalTrafficPolicy }}
+ {{- end }}
+ {{- if .clusterIP }}
+ clusterIP: {{ .clusterIP }}
+ {{- end }}
+ selector:
+ {{- .selectorLabels | nindent 4 }}
+{{- end -}}
+
+
 {{/*
 Create KONG_SERVICE_LISTEN strings
 Generic tool for creating KONG_PROXY_LISTEN, KONG_ADMIN_LISTEN, etc.

diff --git a/templates/ingress-admin.yaml b/templates/ingress-admin.yaml
diff --git a/templates/ingress-manager.yaml b/templates/ingress-manager.yaml
diff --git a/templates/ingress-portal-api.yaml b/templates/ingress-portal-api.yaml
diff --git a/templates/ingress-portal.yaml b/templates/ingress-portal.yaml