Feature 11037 Installation of ingress controller in OSM community installer
Change-Id: If704da044dd54aa3ec22253b6f2cb45257ad6362
Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>
diff --git a/installers/helm/osm/templates/NOTES.txt b/installers/helm/osm/templates/NOTES.txt
index 8dd736a..45e1821 100644
--- a/installers/helm/osm/templates/NOTES.txt
+++ b/installers/helm/osm/templates/NOTES.txt
@@ -17,6 +17,7 @@
#######################################################################################
*/}}
1. Get the application URL by running these commands:
+{{- if .Values.nbi.service }}
{{- if contains "NodePort" .Values.nbi.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services nbi)
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
@@ -27,5 +28,11 @@
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} nbi --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.nbi.service.port }}
{{- end }}
+{{- else }}
+ export OSM_GUI_URL=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.rules[0].host}" ingress ngui-ingress)
+ echo "OSM UI: $OSM_GUI_URL"
+ export OSM_HOSTNAME=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.rules[0].host}" ingress nbi-ingress)
+ echo "OSM_HOSTNAME (for osm client): $OSM_HOSTNAME"
+{{- end }}
2. Get Grafana credentials for admin user using below command.
kubectl -n {{ .Release.Namespace }} get secret grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo
diff --git a/installers/helm/osm/templates/alertmanager/alertmanager-ingress.yaml b/installers/helm/osm/templates/alertmanager/alertmanager-ingress.yaml
new file mode 100644
index 0000000..d8028e8
--- /dev/null
+++ b/installers/helm/osm/templates/alertmanager/alertmanager-ingress.yaml
@@ -0,0 +1,43 @@
+{{- if not .Values.global.oldServiceAssurance -}}
+{{- if .Values.alertmanager.enabled -}}
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: alertmanager-ingress
+ labels:
+ {{- include "osm.labels" . | nindent 4 }}
+spec:
+ ingressClassName: nginx
+ rules:
+{{- if .Values.alertmanager.ingress.host }}
+ - host: {{ .Values.alertmanager.ingress.host }}
+{{- else }}
+ - host: "alertmanager.{{ .Values.global.hostname }}"
+{{- end }}
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: alertmanager
+ port:
+ number: 9093
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/installers/helm/osm/templates/nbi/nbi-certificate.yaml b/installers/helm/osm/templates/nbi/nbi-certificate.yaml
new file mode 100644
index 0000000..afb5da5
--- /dev/null
+++ b/installers/helm/osm/templates/nbi/nbi-certificate.yaml
@@ -0,0 +1,45 @@
+{{- if .Values.nbi.enabled -}}
+{{- if .Values.certauth.enabled -}}
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: nbi
+ namespace: {{ .Release.Namespace }}
+spec:
+ secretName: nbi-cert
+ privateKey:
+ rotationPolicy: Always
+ algorithm: ECDSA
+ size: 256
+ duration: "8760h"
+ renewBefore: "2208h"
+ dnsNames:
+ {{- if .Values.nbi.ingress.host }}
+ - {{ .Values.nbi.ingress.host }}
+ {{- else }}
+ - "nbi.{{ .Values.global.hostname }}"
+ {{- end }}
+ usages:
+ - "client auth"
+ issuerRef:
+ name: ca-issuer
+ kind: ClusterIssuer
+ group: cert-manager.io
+{{- end }}
+{{- end }}
diff --git a/installers/helm/osm/templates/nbi/nbi-ingress.yaml b/installers/helm/osm/templates/nbi/nbi-ingress.yaml
new file mode 100644
index 0000000..ba0d13e
--- /dev/null
+++ b/installers/helm/osm/templates/nbi/nbi-ingress.yaml
@@ -0,0 +1,52 @@
+{{- if .Values.nbi.enabled -}}
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: nbi-ingress
+ labels:
+ {{- include "osm.labels" . | nindent 4 }}
+ annotations:
+ nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+ nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+spec:
+ ingressClassName: nginx
+ rules:
+{{- if .Values.nbi.ingress.host }}
+ - host: {{ .Values.nbi.ingress.host }}
+{{- else }}
+ - host: "nbi.{{ .Values.global.hostname }}"
+{{- end }}
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: nbi
+ port:
+ number: 9999
+ tls:
+ - hosts:
+ {{- if .Values.nbi.ingress.host }}
+ - {{ .Values.nbi.ingress.host }}
+ {{- else }}
+ - "nbi.{{ .Values.global.hostname }}"
+ {{- end }}
+ secretName: nbi-cert
+{{- end }}
\ No newline at end of file
diff --git a/installers/helm/osm/templates/nbi/nbi-service.yaml b/installers/helm/osm/templates/nbi/nbi-service.yaml
index 0ea6433..bb42f42 100644
--- a/installers/helm/osm/templates/nbi/nbi-service.yaml
+++ b/installers/helm/osm/templates/nbi/nbi-service.yaml
@@ -22,10 +22,12 @@
labels:
{{- include "osm.labels" . | nindent 4 }}
spec:
- type: {{ .Values.nbi.service.type }}
+ type: {{ default "ClusterIP" .Values.nbi.service.type }}
ports:
- - nodePort: {{ .Values.nbi.service.nodePort }}
- port: {{ .Values.nbi.service.port }}
+ - port: {{ default 9999 .Values.nbi.service.port }}
+ {{- if .Values.nbi.service.nodePort }}
+ nodePort: {{ .Values.nbi.service.nodePort }}
+ {{- end }}
targetPort: 9999
protocol: TCP
selector:
diff --git a/installers/helm/osm/templates/ng_ui/ngui-certificate.yaml b/installers/helm/osm/templates/ng_ui/ngui-certificate.yaml
new file mode 100644
index 0000000..8e03fbf
--- /dev/null
+++ b/installers/helm/osm/templates/ng_ui/ngui-certificate.yaml
@@ -0,0 +1,45 @@
+{{- if .Values.ngui.enabled -}}
+{{- if .Values.certauth.enabled -}}
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: ngui
+ namespace: {{ .Release.Namespace }}
+spec:
+ secretName: ngui-cert
+ privateKey:
+ rotationPolicy: Always
+ algorithm: ECDSA
+ size: 256
+ duration: "8760h"
+ renewBefore: "2208h"
+ dnsNames:
+ {{- if .Values.ngui.ingress.host }}
+ - {{ .Values.ngui.ingress.host }}
+ {{- else }}
+ - {{ .Values.global.hostname }}
+ {{- end }}
+ usages:
+ - "client auth"
+ issuerRef:
+ name: ca-issuer
+ kind: ClusterIssuer
+ group: cert-manager.io
+{{- end }}
+{{- end }}
diff --git a/installers/helm/osm/templates/ng_ui/ngui-ingress.yaml b/installers/helm/osm/templates/ng_ui/ngui-ingress.yaml
new file mode 100644
index 0000000..99d689f
--- /dev/null
+++ b/installers/helm/osm/templates/ng_ui/ngui-ingress.yaml
@@ -0,0 +1,51 @@
+{{- if .Values.ngui.enabled -}}
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: ngui-ingress
+ labels:
+ {{- include "osm.labels" . | nindent 4 }}
+ annotations:
+ nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+spec:
+ ingressClassName: nginx
+ rules:
+{{- if .Values.ngui.ingress.host }}
+ - host: {{ .Values.ngui.ingress.host }}
+{{- else }}
+ - host: "{{ .Values.global.hostname }}"
+{{- end }}
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: ng-ui
+ port:
+ number: 80
+ tls:
+ - hosts:
+ {{- if .Values.ngui.ingress.host }}
+ - {{ .Values.ngui.ingress.host }}
+ {{- else }}
+ - "nbi.{{ .Values.global.hostname }}"
+ {{- end }}
+ secretName: ngui-cert
+{{- end }}
\ No newline at end of file
diff --git a/installers/helm/osm/templates/ng_ui/ngui-service.yaml b/installers/helm/osm/templates/ng_ui/ngui-service.yaml
index d2eb22c..212d259 100644
--- a/installers/helm/osm/templates/ng_ui/ngui-service.yaml
+++ b/installers/helm/osm/templates/ng_ui/ngui-service.yaml
@@ -22,10 +22,12 @@
labels:
{{- include "osm.labels" . | nindent 4 }}
spec:
- type: {{ .Values.ngui.service.type }}
+ type: {{ default "ClusterIP" .Values.ngui.service.type }}
ports:
- - nodePort: {{ .Values.ngui.service.nodePort }}
- port: {{ .Values.ngui.service.port }}
+ - port: {{ default 80 .Values.ngui.service.port }}
+ {{- if .Values.ngui.service.nodePort }}
+ nodePort: {{ .Values.ngui.service.nodePort }}
+ {{- end }}
targetPort: 80
protocol: TCP
selector:
diff --git a/installers/helm/osm/templates/webhook_translator/webhook-translator-ingress.yaml b/installers/helm/osm/templates/webhook_translator/webhook-translator-ingress.yaml
new file mode 100644
index 0000000..f4e8b64
--- /dev/null
+++ b/installers/helm/osm/templates/webhook_translator/webhook-translator-ingress.yaml
@@ -0,0 +1,43 @@
+{{- if not .Values.global.oldServiceAssurance -}}
+{{- if .Values.webhookTranslator.enabled -}}
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: webhook-ingress
+ labels:
+ {{- include "osm.labels" . | nindent 4 }}
+spec:
+ ingressClassName: nginx
+ rules:
+{{- if .Values.webhookTranslator.ingress.host }}
+ - host: {{ .Values.webhookTranslator.ingress.host }}
+{{- else }}
+ - host: "webhook.{{ .Values.global.hostname }}"
+{{- end }}
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: webhook-translator
+ port:
+ number: 9998
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/installers/helm/osm/templates/webhook_translator/webhook-translator-service.yaml b/installers/helm/osm/templates/webhook_translator/webhook-translator-service.yaml
index 0fb1d8e..11d2508 100644
--- a/installers/helm/osm/templates/webhook_translator/webhook-translator-service.yaml
+++ b/installers/helm/osm/templates/webhook_translator/webhook-translator-service.yaml
@@ -23,10 +23,12 @@
labels:
{{- include "osm.labels" . | nindent 4 }}
spec:
- type: {{ .Values.webhookTranslator.service.type }}
+ type: {{ default "ClusterIP" .Values.webhookTranslator.service.type }}
ports:
- - nodePort: {{ .Values.webhookTranslator.service.nodePort }}
- port: {{ .Values.webhookTranslator.service.port }}
+ - port: {{ default 9998 .Values.webhookTranslator.service.port }}
+ {{- if .Values.webhookTranslator.service.nodePort }}
+ nodePort: {{ .Values.webhookTranslator.service.nodePort }}
+ {{- end }}
targetPort: 9998
protocol: TCP
selector:
diff --git a/installers/helm/osm/values.yaml b/installers/helm/osm/values.yaml
index 5bfc94e..1575136 100644
--- a/installers/helm/osm/values.yaml
+++ b/installers/helm/osm/values.yaml
@@ -21,7 +21,8 @@
global:
replicaCount: 1
logLevel: INFO
-
+ # hostname to be used for the ingress objects
+ hostname: ~
image:
repositoryBase: docker.io/opensourcemano
pullPolicy: IfNotPresent
@@ -68,16 +69,26 @@
airflow:
enabled: true
+alertmanager:
+ enabled: true
+ ingress: {}
+ # host: alertmanager.<IP_ADDRESS>.nip.io
+
certauth:
enabled: true
grafana:
enabled: true
fullnameOverride: "grafana"
- service:
- type: NodePort
- nodePort: 3000
- port: 3000
+ # service:
+ # type: NodePort
+ # nodePort: 3000
+ # port: 3000
+ ingress:
+ enabled: true
+ ingressClassName: nginx
+ # hosts:
+ # - grafana.<IP_ADDRESS>.nip.io
extraVolumes:
- emptyDir: {}
name: sc-dashboard-volume-k8s
@@ -218,11 +229,13 @@
nbi:
enabled: true
+ ingress: {}
+ # host: nbi.<IP_ADDRESS>.nip.io
logLevel: DEBUG
- service:
- type: NodePort
- port: 9999
- nodePort: 9999
+ service: {}
+ # type: NodePort
+ # port: 9999
+ # nodePort: 9999
image: {}
# repository: opensourcemano/nbi
# tag: "testing-daily"
@@ -232,10 +245,12 @@
ngui:
enabled: true
- service:
- type: NodePort
- port: 80
- nodePort: 80
+ service: {}
+ # type: NodePort
+ # port: 80
+ # nodePort: 80
+ ingress: {}
+ # host: <IP_ADDRESS>.nip.io
image: {}
# repository: opensourcemano/ng-ui
# tag: "testing-daily"
@@ -279,8 +294,13 @@
fullnameOverride: "prometheus"
service:
servicePort: 9090
- type: NodePort
- nodePort: 9091
+ # type: NodePort
+ # nodePort: 9091
+ ingress:
+ enabled: true
+ ingressClassName: nginx
+ # hosts:
+ # - prometheus.<IP_ADDRESS>.nip.io
sidecarContainers:
prometheus-config-sidecar:
securityContext:
@@ -427,13 +447,23 @@
static_configs:
- targets: ['prometheus-node-exporter:9100']
alertmanager:
+ enabled: true
fullnameOverride: "alertmanager"
extraArgs:
log.level: debug
- service:
- type: NodePort
- nodePort: 9093
- port: 9093
+ # service:
+ # type: NodePort
+ # nodePort: 9093
+ # port: 9093
+ # ingress:
+ # enabled: True
+ # className: nginx
+ # hosts:
+ # - host: localhost
+ # paths:
+ # - path: /
+ # pathType: ImplementationSpecific
+ # tls: []
config:
receivers:
- name: default-receiver
@@ -494,11 +524,14 @@
webhookTranslator:
enabled: true
- service:
- type: NodePort
- nodePort: 9998
- port: 9998
+ # replicaCount: 1
image: {}
# repository: opensourcemano/webhook
# tag: "testing-daily"
+ ingress: {}
+ # host: webhook.<IP_ADDRESS>.nip.io
# replicaCount: 1
+ service: {}
+ # type: NodePort
+ # nodePort: 9998
+ # port: 9998
diff --git a/installers/helm/values/airflow-values.yaml b/installers/helm/values/airflow-values.yaml
index b574ff4..bcfe583 100644
--- a/installers/helm/values/airflow-values.yaml
+++ b/installers/helm/values/airflow-values.yaml
@@ -14,10 +14,16 @@
---
defaultAirflowRepository: opensourcemano/airflow
defaultAirflowTag: "testing-daily"
+ingress:
+ web:
+ enabled: True
+ hosts:
+ - name: "localhost"
+ ingressClassName: nginx
webserverSecretKeySecretName: airflow-webserver-secret
webserver:
service:
- type: NodePort
+ type: ClusterIP
ports:
- name: airflow-ui
port: "{{ .Values.ports.airflowUI }}"