Put some fixes in place for k8s

Will require a 0.1.2 release
mlaccetti · Jun 20, 2018 · 8d2e839 · 8d2e839
1 parent f14c9c7
commit 8d2e839
Show file tree

Hide file tree

Showing 17 changed files with 223 additions and 60 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -12,5 +12,7 @@ RUN make
 FROM scratch as runtime
 ARG TRAVIS_TAG
 COPY --from=build /go/src/github.com/mlaccetti/ipd2/build/ipd2-${TRAVIS_TAG}-linux_amd64 /ipd2
+COPY --from=build /go/src/github.com/mlaccetti/ipd2/data/city.mmdb /data/city.mmdb
+COPY --from=build /go/src/github.com/mlaccetti/ipd2/data/country.mmdb /data/country.mmdb
 ENTRYPOINT ["/ipd2"]
 CMD ["--verbose"]
diff --git a/Makefile b/Makefile
@@ -85,3 +85,7 @@ release: docker-build
 	docker cp $$CONTAINER_ID:/go/src/github.com/mlaccetti/ipd2/build/ipd2-$$TRAVIS_TAG-darwin_amd64 build/ipd2-$$TRAVIS_TAG-darwin_amd64 ;\
 	docker cp $$CONTAINER_ID:/go/src/github.com/mlaccetti/ipd2/build/ipd2-$$TRAVIS_TAG-linux_amd64 build/ipd2-$$TRAVIS_TAG-linux_amd64 ;\
 	docker cp $$CONTAINER_ID:/go/src/github.com/mlaccetti/ipd2/build/ipd2-$$TRAVIS_TAG-windows_amd64.exe build/ipd2-$$TRAVIS_TAG-windows_amd64.exe
+
+clean:
+	@echo "Cleaning up generated folders/files."
+	rm -fr build certs data
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
diff --git a/internal/util/config.go b/internal/util/config.go
@@ -13,7 +13,7 @@ import (
 
 func init() {
 	flags.BoolP("help", "h", false, "Show this help message")
-	flags.BoolP("verbose", "v", false, "Verbose output (default false")
+	flags.BoolP("verbose", "v", false, "Verbose output (default false)")
 	flags.StringP("listen", "l", ":8080", "Listening address")
 	flags.StringP("listen-tls", "s", ":8443", "Listening address for TLS")
 	flags.StringP("tls-key", "k", "", "Path to the TLS key to use (ignored if no TLS listen address is specified)")

diff --git a/helm-chart/.helmignore → ipd2/.helmignore b/helm-chart/.helmignore → ipd2/.helmignore
diff --git a/helm-chart/Chart.yaml → ipd2/Chart.yaml b/helm-chart/Chart.yaml → ipd2/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: "0.1.0"
+appVersion: "0.1.2"
 description: Helm chart to deploy ipd2
 name: ipd2
 version: 0.1.0
diff --git a/ipd2/README.md b/ipd2/README.md
@@ -0,0 +1,9 @@
+# ipd2 Helm Chart
+
+words words words words words
+
+## Pre-requisites
+
+For `HTTP/2` mode to work, you'll need to provide the chart a TLS certificate/key, you might want to use [cert-manager](https://github.com/jetstack/cert-manager/) to help with this.
+
+You will then need to enable both the `https` service *AND* `https` ingress, since the secret is defined at the ingress level.
diff --git a/ipd2/certificate.yaml b/ipd2/certificate.yaml
@@ -0,0 +1,41 @@
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: Certificate
+metadata:
+  name: websites-tls
+  namespace: website
+spec:
+  secretName: websites-tls
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  commonName: 'laccetti.com'
+  dnsNames:
+  - laccetti.ca
+  - www.laccetti.ca
+  - laccetti.com
+  - www.laccetti.com
+  - jesslaccetti.ca
+  - jesslaccetti.com
+  - jesslaccetti.co.uk
+  - lobita.ca
+  - www.jesslaccetti.ca
+  - www.jesslaccetti.com
+  - www.jesslaccetti.co.uk
+  - www.lobita.ca
+  acme:
+    config:
+    - dns01:
+        provider: letsencrypt-prod
+      domains:
+      - laccetti.ca
+      - www.laccetti.ca
+      - laccetti.com
+      - www.laccetti.com
+      - jesslaccetti.ca
+      - jesslaccetti.com
+      - jesslaccetti.co.uk
+      - lobita.ca
+      - www.jesslaccetti.ca
+      - www.jesslaccetti.com
+      - www.jesslaccetti.co.uk
+      - www.lobita.ca
diff --git a/helm-chart/templates/NOTES.txt → ipd2/templates/NOTES.txt b/helm-chart/templates/NOTES.txt → ipd2/templates/NOTES.txt
@@ -1,18 +1,18 @@
 1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
 {{- range .Values.ingress.hosts }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
+  http{{ if $.Values.ingress.https.enabled }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
 {{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
+{{- else if contains "NodePort" .Values.service.http.type }}
   export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "ipd2.fullname" . }})
   export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
   echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
+{{- else if contains "LoadBalancer" .Values.service.http.type }}
      NOTE: It may take a few minutes for the LoadBalancer IP to be available.
            You can watch the status of by running 'kubectl get svc -w {{ template "ipd2.fullname" . }}'
   export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "ipd2.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
+  echo http://$SERVICE_IP:{{ .Values.service.http.port }}
+{{- else if contains "ClusterIP" .Values.service.http.type }}
   export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "ipd2.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
   echo "Visit http://127.0.0.1:8080 to use your application"
   kubectl port-forward $POD_NAME 8080:80

diff --git a/helm-chart/templates/_helpers.tpl → ipd2/templates/_helpers.tpl b/helm-chart/templates/_helpers.tpl → ipd2/templates/_helpers.tpl
diff --git a/helm-chart/templates/deployment.yaml → ipd2/templates/deployment.yaml b/helm-chart/templates/deployment.yaml → ipd2/templates/deployment.yaml
@@ -19,14 +19,39 @@ spec:
         app: {{ template "ipd2.name" . }}
         release: {{ .Release.Name }}
     spec:
+      {{- if .Values.service.https.enabled }}
+      volumes:
+        - name: tls-secret
+          secret:
+            secretName: {{ .Values.ingress.https.tls.secretName }}
+      {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          args:
+            - --verbose=true
+            - --city-db=/data/city.mmdb
+            - --country-db/data/country.mmdb
+            - --listen=:{{ .Values.service.http.port }}
+            {{- if .Values.service.https.enabled }}
+            - --listen-tls=:{{ .Values.service.https.port }}
+            - --tls-key=/tls/tls.key
+            - --tls-cert=/tls/tls.cert
+            {{- end }}
+          {{- if .Values.service.https.enabled }}
+          volumeMounts:
+            - name: tls-secret
+              mountPath: "tls"
+              readOnly: true
+          {{- end }}
           ports:
             - name: http
               containerPort: 80
               protocol: TCP
+            - name: https
+              containerPort: 443
+              protocol: TCP
           livenessProbe:
             httpGet:
               path: /

diff --git a/ipd2/templates/ingress-http.yaml b/ipd2/templates/ingress-http.yaml
@@ -0,0 +1,28 @@
+{{- if .Values.ingress.http.enabled -}}
+{{- $fullName := include "ipd2.fullname" . -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-http
+  labels:
+    app: {{ template "ipd2.name" . }}
+    chart: {{ template "ipd2.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- with .Values.ingress.http.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ . }}
+      http:
+        paths:
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $fullName }}-http
+              servicePort: http
+  {{- end }}
+{{- end }}
diff --git a/helm-chart/templates/ingress.yaml → ipd2/templates/ingress-https.yaml b/helm-chart/templates/ingress.yaml → ipd2/templates/ingress-https.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.ingress.enabled -}}
+{{- if .Values.ingress.https.enabled -}}
 {{- $fullName := include "ipd2.fullname" . -}}
 {{- $ingressPath := .Values.ingress.path -}}
 apiVersion: extensions/v1beta1
@@ -10,20 +10,18 @@ metadata:
     chart: {{ template "ipd2.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
-{{- with .Values.ingress.annotations }}
+{{- with .Values.ingress.https.annotations }}
   annotations:
 {{ toYaml . | indent 4 }}
 {{- end }}
 spec:
-{{- if .Values.ingress.tls }}
+{{- if .Values.ingress.https.tls }}
   tls:
-  {{- range .Values.ingress.tls }}
     - hosts:
-      {{- range .hosts }}
+      {{- range .Values.ingress.hosts }}
         - {{ . }}
       {{- end }}
-      secretName: {{ .secretName }}
-  {{- end }}
+      secretName: {{ .Values.ingress.https.tls.secretName }}
 {{- end }}
   rules:
   {{- range .Values.ingress.hosts }}
@@ -32,7 +30,7 @@ spec:
         paths:
           - path: {{ $ingressPath }}
             backend:
-              serviceName: {{ $fullName }}
-              servicePort: http
+              serviceName: {{ $fullName }}-https
+              servicePort: https
   {{- end }}
 {{- end }}
diff --git a/helm-chart/templates/service.yaml → ipd2/templates/service-http.yaml b/helm-chart/templates/service.yaml → ipd2/templates/service-http.yaml
@@ -1,16 +1,16 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "ipd2.fullname" . }}
+  name: {{ template "ipd2.fullname" . }}-http
   labels:
     app: {{ template "ipd2.name" . }}
     chart: {{ template "ipd2.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 spec:
-  type: {{ .Values.service.type }}
+  type: {{ .Values.service.http.type }}
   ports:
-    - port: {{ .Values.service.port }}
+    - port: {{ .Values.service.http.port }}
       targetPort: http
       protocol: TCP
       name: http

diff --git a/ipd2/templates/service-https.yaml b/ipd2/templates/service-https.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.service.https.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "ipd2.fullname" . }}-https
+  labels:
+    app: {{ template "ipd2.name" . }}
+    chart: {{ template "ipd2.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.https.type }}
+  ports:
+    - port: {{ .Values.service.https.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app: {{ template "ipd2.name" . }}
+    release: {{ .Release.Name }}
+{{- end }}
diff --git a/ipd2/values-tls.yaml b/ipd2/values-tls.yaml
@@ -0,0 +1,32 @@
+service:
+  https:
+    enabled: true
+
+ingress:
+  hosts:
+    - ifconfig2.ca
+    - ifconfig2.co
+    - ifconfig2.com
+  path: /
+  http:
+    enabled: true
+  https:
+    enabled: true
+    annotations:
+      kubernetes.io/tls-acme: "true"
+    tls:
+      secretName: ifconfig-tls
+
+resources:
+  limits:
+    cpu: 100m
+    memory: 128Mi
+  requests:
+    cpu: 100m
+    memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
diff --git a/ipd2/values.yaml b/ipd2/values.yaml
@@ -0,0 +1,44 @@
+replicaCount: 1
+
+image:
+  repository: mlaccetti/ipd2
+  tag: 0.1.2
+  pullPolicy: IfNotPresent
+
+service:
+  http:
+    type: ClusterIP
+    port: 80
+  https:
+    enabled: false
+    type: ClusterIP
+    port: 443
+
+ingress:
+  hosts:
+    - chart-example.local
+  path: /
+  http:
+    enabled: false
+    annotations: {}
+      # kubernetes.io/ingress.class: nginx
+  https:
+    enabled: false
+    annotations: {}
+      # kubernetes.io/ingress.class: nginx
+    tls:
+      secretName: chart-example-tls
+
+resources: {}
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}