Skip to content
This repository was archived by the owner on Feb 22, 2022. It is now read-only.

[stable/kong] introduce Kong ingress controller #9020

Merged
k8s-ci-robot merged 14 commits into from
Nov 16, 2018
Merged

[stable/kong] introduce Kong ingress controller #9020

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
715b6b1
[stable/kong] implement Kong as Ingress Controller
merqurio Nov 7, 2018
f4a2c6f
rename values file
hbagdi Nov 9, 2018
d19a3c1
set component to controller
hbagdi Nov 13, 2018
7b07437
add hooks to crds
hbagdi Nov 13, 2018
d9a11d4
skip hook now that CI must be clean
hbagdi Nov 13, 2018
34908a5
rbac and service account create options
hbagdi Nov 14, 2018
48e43c3
name rbac resources
hbagdi Nov 14, 2018
57915d6
correct reference to service account
hbagdi Nov 14, 2018
b98ff3f
remove .tgz
hbagdi Nov 14, 2018
12f2a71
:faceplam: remove the post-delete hook on CRD
hbagdi Nov 14, 2018
2ab41b0
crd-install not needed
hbagdi Nov 14, 2018
a1b81cd
remove annotations from crds
hbagdi Nov 14, 2018
69933cf
rename test values
hbagdi Nov 14, 2018
5a883c8
remove namespace from controller deployment
hbagdi Nov 15, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion stable/kong/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,5 +12,5 @@ maintainers:
name: kong
sources:
- https://github.com/Kong/kong
version: 0.5.8
version: 0.6.0
appVersion: 0.14.1
125 changes: 84 additions & 41 deletions stable/kong/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,46 +48,46 @@ chart and deletes the release.
The following table lists the configurable parameters of the Kong chart
and their default values.

| Parameter | Description | Default |
| ------------------------------ | -------------------------------------------------------------------- | ------------------- |
| image.repository | Kong image | `kong` |
| image.tag | Kong image version | `0.14.1` |
| image.pullPolicy | Image pull policy | `IfNotPresent` |
| image.pullSecrets | Image pull secrets | `null` |
| replicaCount | Kong instance count | `1` |
| admin.useTLS | Secure Admin traffic | `true` |
| admin.servicePort | TCP port on which the Kong admin service is exposed | `8444` |
| admin.containerPort | TCP port on which Kong app listens for admin traffic | `8444` |
| admin.nodePort | Node port when service type is `NodePort` | |
| admin.type | k8s service type, Options: NodePort, ClusterIP, LoadBalancer | `NodePort` |
| admin.loadBalancerIP | Will reuse an existing ingress static IP for the admin service | `null` |
| admin.loadBalancerSourceRanges | Limit admin access to CIDRs if set and service type is `LoadBalancer` | `[]` |
| admin.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` |
| admin.ingress.tls | Name of secret resource, containing TLS secret | |
| admin.ingress.hosts | List of ingress hosts. | `[]` |
| admin.ingress.path | Ingress path. | `/` |
| admin.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` |
| proxy.useTLS | Secure Proxy traffic | `true` |
| proxy.servicePort | TCP port on which the Kong Proxy Service is exposed | `8443` |
| proxy.containerPort | TCP port on which the Kong app listens for Proxy traffic | `8443` |
| proxy.nodePort | Node port when service type is `NodePort` | |
| proxy.type | k8s service type. Options: NodePort, ClusterIP, LoadBalancer | `NodePort` |
| proxy.loadBalancerIP | To reuse an existing ingress static IP for the admin service | |
| proxy.loadBalancerSourceRanges | Limit proxy access to CIDRs if set and service type is `LoadBalancer` | `[]` |
| proxy.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` |
| proxy.ingress.tls | Name of secret resource, containing TLS secret | |
| proxy.ingress.hosts | List of ingress hosts. | `[]` |
| proxy.ingress.path | Ingress path. | `/` |
| proxy.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` |
| env | Additional [Kong configurations](https://getkong.org/docs/latest/configuration/) |
| runMigrations | Run Kong migrations job | `true` |
| readinessProbe | Kong readiness probe | |
| livenessProbe | Kong liveness probe | |
| affinity | Node/pod affinities | |
| nodeSelector | Node labels for pod assignment | `{}` |
| podAnnotations | Annotations to add to each pod | `{}` |
| resources | Pod resource requests & limits | `{}` |
| tolerations | List of node taints to tolerate | `[]` |
| Parameter | Description | Default |
| ------------------------------ | -------------------------------------------------------------------------------- | ------------------- |
| image.repository | Kong image | `kong` |
| image.tag | Kong image version | `0.14.1` |
| image.pullPolicy | Image pull policy | `IfNotPresent` |
| image.pullSecrets | Image pull secrets | `null` |
| replicaCount | Kong instance count | `1` |
| admin.useTLS | Secure Admin traffic | `true` |
| admin.servicePort | TCP port on which the Kong admin service is exposed | `8444` |
| admin.containerPort | TCP port on which Kong app listens for admin traffic | `8444` |
| admin.nodePort | Node port when service type is `NodePort` | |
| admin.type | k8s service type, Options: NodePort, ClusterIP, LoadBalancer | `NodePort` |
| admin.loadBalancerIP | Will reuse an existing ingress static IP for the admin service | `null` |
| admin.loadBalancerSourceRanges | Limit admin access to CIDRs if set and service type is `LoadBalancer` | `[]` |
| admin.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` |
| admin.ingress.tls | Name of secret resource, containing TLS secret | |
| admin.ingress.hosts | List of ingress hosts. | `[]` |
| admin.ingress.path | Ingress path. | `/` |
| admin.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` |
| proxy.useTLS | Secure Proxy traffic | `true` |
| proxy.servicePort | TCP port on which the Kong Proxy Service is exposed | `8443` |
| proxy.containerPort | TCP port on which the Kong app listens for Proxy traffic | `8443` |
| proxy.nodePort | Node port when service type is `NodePort` | |
| proxy.type | k8s service type. Options: NodePort, ClusterIP, LoadBalancer | `NodePort` |
| proxy.loadBalancerSourceRanges | Limit proxy access to CIDRs if set and service type is `LoadBalancer` | `[]` |
| proxy.loadBalancerIP | To reuse an existing ingress static IP for the admin service | |
| proxy.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` |
| proxy.ingress.tls | Name of secret resource, containing TLS secret | |
| proxy.ingress.hosts | List of ingress hosts. | `[]` |
| proxy.ingress.path | Ingress path. | `/` |
| proxy.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` |
| env | Additional [Kong configurations](https://getkong.org/docs/latest/configuration/) | |
| runMigrations | Run Kong migrations job | `true` |
| readinessProbe | Kong readiness probe | |
| livenessProbe | Kong liveness probe | |
| affinity | Node/pod affinities | |
| nodeSelector | Node labels for pod assignment | `{}` |
| podAnnotations | Annotations to add to each pod | `{}` |
| resources | Pod resource requests & limits | `{}` |
| tolerations | List of node taints to tolerate | `[]` |

### Kong-specific parameters

Expand Down Expand Up @@ -127,10 +127,53 @@ $ helm install stable/kong --name my-release \
--set=image.tag=0.11.2,env.database=cassandra,cassandra.enabled=true
```

Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
Alternatively, a YAML file that specifies the values for the above parameters
can be provided while installing the chart. For example,

```console
$ helm install stable/kong --name my-release -f values.yaml
```

> **Tip**: You can use the default [values.yaml](values.yaml)

### Kong Ingress Controller

Kong Ingress Controller's primary purpose is to satisfy Ingress resources
created in your Kubernetes cluster.
It uses CRDs for more fine grained control over routing and
for Kong specific configuration.
To deploy the ingress controller together with
kong run the following command:

```bash
helm install stable/kong \
--set ingressController.enabled=true \
--set admin.useTLS=false \
--set readinessProbe.httpGet.scheme=HTTP \
--set livenessProbe.httpGet.scheme=HTTP
```

**Note**: Kong Ingress controller doesn't support custom SSL certificates
on Admin port. We will be removing this limitation in the future.

Kong ingress controller relies on several Custom Resource Definition objects to
declare the the Kong configurations and synchronize the configuration with the
Kong admin API. Each of this new objects declared in Kubernetes have a
one-to-one relation with a Kong resource.
The custom resources are:
- KongConsumer
- KongCredential
- kongPlugin
- KongIngress

You can can learn about kong ingress custom resource definitions here:
https://github.com/Kong/kubernetes-ingress-controller/blob/master/docs/custom-types.md

| Parameter | Description | Default |
| --------------- | ----------------------------------------- | ---------------------------------------------------------------------------- |
| enabled | Deploy the ingress controller, rbac and crd | false |
| replicaCount | Number of desired ingress controllers | 1 |
| image.repository | Docker image with the ingress controller | kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller |
| image.tag | Version of the ingress controller | 0.2.0 |
| readinessProbe | Kong ingress controllers readiness probe | |
| livenessProbe | Kong ingress controllers liveness probe | |
14 changes: 14 additions & 0 deletions stable/kong/ci/ingressController-values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# CI test for Ingress controller basic installation

admin:
useTLS: false

readinessProbe:
httpGet:
scheme: HTTP
livenessProbe:
httpGet:
scheme: HTTP

ingressController:
enabled: true
Binary file removed stable/kong/kong-0.5.7.tgz
View file
Open in desktop
Binary file not shown.
11 changes: 11 additions & 0 deletions stable/kong/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,14 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- $name := default "cassandra" .Values.cassandra.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Create the name of the service account to use
*/}}
{{- define "kong.serviceAccountName" -}}
{{- if .Values.ingressController.serviceAccount.create -}}
{{ default (include "kong.fullname" .) .Values.ingressController.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
68 changes: 68 additions & 0 deletions stable/kong/templates/controller-cluster-role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
{{- if and .Values.ingressController.rbac.create .Values.ingressController.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
app: {{ template "kong.name" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
name: {{ template "kong.fullname" . }}
rules:
- apiGroups:
- ""
resources:
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- "configuration.konghq.com"
resources:
- kongplugins
- kongcredentials
- kongconsumers
- kongingresses
verbs:
- get
- list
- watch
{{- end -}}
Loading