From 8d2e839526ee424fc9bc48d94fe6f72717dff171 Mon Sep 17 00:00:00 2001 From: Michael Laccetti Date: Wed, 20 Jun 2018 11:41:25 -0400 Subject: [PATCH] Put some fixes in place for k8s Will require a 0.1.2 release --- Dockerfile | 2 + Makefile | 4 ++ helm-chart/values.yaml | 41 ----------------- internal/util/config.go | 2 +- {helm-chart => ipd2}/.helmignore | 0 {helm-chart => ipd2}/Chart.yaml | 2 +- ipd2/README.md | 9 ++++ ipd2/certificate.yaml | 41 +++++++++++++++++ {helm-chart => ipd2}/templates/NOTES.txt | 10 ++--- {helm-chart => ipd2}/templates/_helpers.tpl | 0 .../templates/deployment.yaml | 25 +++++++++++ ipd2/templates/ingress-http.yaml | 28 ++++++++++++ .../templates/ingress-https.yaml | 16 +++---- .../templates/service-http.yaml | 6 +-- ipd2/templates/service-https.yaml | 21 +++++++++ ipd2/values-tls.yaml | 32 ++++++++++++++ ipd2/values.yaml | 44 +++++++++++++++++++ 17 files changed, 223 insertions(+), 60 deletions(-) delete mode 100644 helm-chart/values.yaml rename {helm-chart => ipd2}/.helmignore (100%) rename {helm-chart => ipd2}/Chart.yaml (80%) create mode 100644 ipd2/README.md create mode 100644 ipd2/certificate.yaml rename {helm-chart => ipd2}/templates/NOTES.txt (76%) rename {helm-chart => ipd2}/templates/_helpers.tpl (100%) rename {helm-chart => ipd2}/templates/deployment.yaml (61%) create mode 100644 ipd2/templates/ingress-http.yaml rename helm-chart/templates/ingress.yaml => ipd2/templates/ingress-https.yaml (67%) rename helm-chart/templates/service.yaml => ipd2/templates/service-http.yaml (73%) create mode 100644 ipd2/templates/service-https.yaml create mode 100644 ipd2/values-tls.yaml create mode 100644 ipd2/values.yaml diff --git a/Dockerfile b/Dockerfile index 9f165cc..ded5471 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,5 +12,7 @@ RUN make FROM scratch as runtime ARG TRAVIS_TAG COPY --from=build /go/src/github.com/mlaccetti/ipd2/build/ipd2-${TRAVIS_TAG}-linux_amd64 /ipd2 +COPY --from=build /go/src/github.com/mlaccetti/ipd2/data/city.mmdb /data/city.mmdb +COPY --from=build /go/src/github.com/mlaccetti/ipd2/data/country.mmdb /data/country.mmdb ENTRYPOINT ["/ipd2"] CMD ["--verbose"] diff --git a/Makefile b/Makefile index 5804287..9b8eda6 100644 --- a/Makefile +++ b/Makefile @@ -85,3 +85,7 @@ release: docker-build docker cp $$CONTAINER_ID:/go/src/github.com/mlaccetti/ipd2/build/ipd2-$$TRAVIS_TAG-darwin_amd64 build/ipd2-$$TRAVIS_TAG-darwin_amd64 ;\ docker cp $$CONTAINER_ID:/go/src/github.com/mlaccetti/ipd2/build/ipd2-$$TRAVIS_TAG-linux_amd64 build/ipd2-$$TRAVIS_TAG-linux_amd64 ;\ docker cp $$CONTAINER_ID:/go/src/github.com/mlaccetti/ipd2/build/ipd2-$$TRAVIS_TAG-windows_amd64.exe build/ipd2-$$TRAVIS_TAG-windows_amd64.exe + +clean: + @echo "Cleaning up generated folders/files." + rm -fr build certs data diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml deleted file mode 100644 index 380e529..0000000 --- a/helm-chart/values.yaml +++ /dev/null @@ -1,41 +0,0 @@ -replicaCount: 1 - -image: - repository: nginx - tag: stable - pullPolicy: IfNotPresent - -service: - type: ClusterIP - port: 80 - -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - path: / - hosts: - - chart-example.local - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/internal/util/config.go b/internal/util/config.go index 5e3cf4c..bab67be 100644 --- a/internal/util/config.go +++ b/internal/util/config.go @@ -13,7 +13,7 @@ import ( func init() { flags.BoolP("help", "h", false, "Show this help message") - flags.BoolP("verbose", "v", false, "Verbose output (default false") + flags.BoolP("verbose", "v", false, "Verbose output (default false)") flags.StringP("listen", "l", ":8080", "Listening address") flags.StringP("listen-tls", "s", ":8443", "Listening address for TLS") flags.StringP("tls-key", "k", "", "Path to the TLS key to use (ignored if no TLS listen address is specified)") diff --git a/helm-chart/.helmignore b/ipd2/.helmignore similarity index 100% rename from helm-chart/.helmignore rename to ipd2/.helmignore diff --git a/helm-chart/Chart.yaml b/ipd2/Chart.yaml similarity index 80% rename from helm-chart/Chart.yaml rename to ipd2/Chart.yaml index 19e7ce7..0499002 100644 --- a/helm-chart/Chart.yaml +++ b/ipd2/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: "0.1.0" +appVersion: "0.1.2" description: Helm chart to deploy ipd2 name: ipd2 version: 0.1.0 diff --git a/ipd2/README.md b/ipd2/README.md new file mode 100644 index 0000000..6dd3a2d --- /dev/null +++ b/ipd2/README.md @@ -0,0 +1,9 @@ +# ipd2 Helm Chart + +words words words words words + +## Pre-requisites + +For `HTTP/2` mode to work, you'll need to provide the chart a TLS certificate/key, you might want to use [cert-manager](https://github.com/jetstack/cert-manager/) to help with this. + +You will then need to enable both the `https` service *AND* `https` ingress, since the secret is defined at the ingress level. diff --git a/ipd2/certificate.yaml b/ipd2/certificate.yaml new file mode 100644 index 0000000..915e150 --- /dev/null +++ b/ipd2/certificate.yaml @@ -0,0 +1,41 @@ +apiVersion: certmanager.k8s.io/v1alpha1 +kind: Certificate +metadata: + name: websites-tls + namespace: website +spec: + secretName: websites-tls + issuerRef: + name: letsencrypt-prod + kind: ClusterIssuer + commonName: 'laccetti.com' + dnsNames: + - laccetti.ca + - www.laccetti.ca + - laccetti.com + - www.laccetti.com + - jesslaccetti.ca + - jesslaccetti.com + - jesslaccetti.co.uk + - lobita.ca + - www.jesslaccetti.ca + - www.jesslaccetti.com + - www.jesslaccetti.co.uk + - www.lobita.ca + acme: + config: + - dns01: + provider: letsencrypt-prod + domains: + - laccetti.ca + - www.laccetti.ca + - laccetti.com + - www.laccetti.com + - jesslaccetti.ca + - jesslaccetti.com + - jesslaccetti.co.uk + - lobita.ca + - www.jesslaccetti.ca + - www.jesslaccetti.com + - www.jesslaccetti.co.uk + - www.lobita.ca diff --git a/helm-chart/templates/NOTES.txt b/ipd2/templates/NOTES.txt similarity index 76% rename from helm-chart/templates/NOTES.txt rename to ipd2/templates/NOTES.txt index 345383a..72792e3 100644 --- a/helm-chart/templates/NOTES.txt +++ b/ipd2/templates/NOTES.txt @@ -1,18 +1,18 @@ 1. Get the application URL by running these commands: {{- if .Values.ingress.enabled }} {{- range .Values.ingress.hosts }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} + http{{ if $.Values.ingress.https.enabled }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} {{- end }} -{{- else if contains "NodePort" .Values.service.type }} +{{- else if contains "NodePort" .Values.service.http.type }} export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "ipd2.fullname" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} +{{- else if contains "LoadBalancer" .Values.service.http.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get svc -w {{ template "ipd2.fullname" . }}' export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "ipd2.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} + echo http://$SERVICE_IP:{{ .Values.service.http.port }} +{{- else if contains "ClusterIP" .Values.service.http.type }} export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "ipd2.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl port-forward $POD_NAME 8080:80 diff --git a/helm-chart/templates/_helpers.tpl b/ipd2/templates/_helpers.tpl similarity index 100% rename from helm-chart/templates/_helpers.tpl rename to ipd2/templates/_helpers.tpl diff --git a/helm-chart/templates/deployment.yaml b/ipd2/templates/deployment.yaml similarity index 61% rename from helm-chart/templates/deployment.yaml rename to ipd2/templates/deployment.yaml index b2aab8b..c8386f9 100644 --- a/helm-chart/templates/deployment.yaml +++ b/ipd2/templates/deployment.yaml @@ -19,14 +19,39 @@ spec: app: {{ template "ipd2.name" . }} release: {{ .Release.Name }} spec: + {{- if .Values.service.https.enabled }} + volumes: + - name: tls-secret + secret: + secretName: {{ .Values.ingress.https.tls.secretName }} + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - --verbose=true + - --city-db=/data/city.mmdb + - --country-db/data/country.mmdb + - --listen=:{{ .Values.service.http.port }} + {{- if .Values.service.https.enabled }} + - --listen-tls=:{{ .Values.service.https.port }} + - --tls-key=/tls/tls.key + - --tls-cert=/tls/tls.cert + {{- end }} + {{- if .Values.service.https.enabled }} + volumeMounts: + - name: tls-secret + mountPath: "tls" + readOnly: true + {{- end }} ports: - name: http containerPort: 80 protocol: TCP + - name: https + containerPort: 443 + protocol: TCP livenessProbe: httpGet: path: / diff --git a/ipd2/templates/ingress-http.yaml b/ipd2/templates/ingress-http.yaml new file mode 100644 index 0000000..2907775 --- /dev/null +++ b/ipd2/templates/ingress-http.yaml @@ -0,0 +1,28 @@ +{{- if .Values.ingress.http.enabled -}} +{{- $fullName := include "ipd2.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }}-http + labels: + app: {{ template "ipd2.name" . }} + chart: {{ template "ipd2.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.ingress.http.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + rules: + {{- range .Values.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }}-http + servicePort: http + {{- end }} +{{- end }} diff --git a/helm-chart/templates/ingress.yaml b/ipd2/templates/ingress-https.yaml similarity index 67% rename from helm-chart/templates/ingress.yaml rename to ipd2/templates/ingress-https.yaml index 4c45793..faafdad 100644 --- a/helm-chart/templates/ingress.yaml +++ b/ipd2/templates/ingress-https.yaml @@ -1,4 +1,4 @@ -{{- if .Values.ingress.enabled -}} +{{- if .Values.ingress.https.enabled -}} {{- $fullName := include "ipd2.fullname" . -}} {{- $ingressPath := .Values.ingress.path -}} apiVersion: extensions/v1beta1 @@ -10,20 +10,18 @@ metadata: chart: {{ template "ipd2.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{- with .Values.ingress.annotations }} +{{- with .Values.ingress.https.annotations }} annotations: {{ toYaml . | indent 4 }} {{- end }} spec: -{{- if .Values.ingress.tls }} +{{- if .Values.ingress.https.tls }} tls: - {{- range .Values.ingress.tls }} - hosts: - {{- range .hosts }} + {{- range .Values.ingress.hosts }} - {{ . }} {{- end }} - secretName: {{ .secretName }} - {{- end }} + secretName: {{ .Values.ingress.https.tls.secretName }} {{- end }} rules: {{- range .Values.ingress.hosts }} @@ -32,7 +30,7 @@ spec: paths: - path: {{ $ingressPath }} backend: - serviceName: {{ $fullName }} - servicePort: http + serviceName: {{ $fullName }}-https + servicePort: https {{- end }} {{- end }} diff --git a/helm-chart/templates/service.yaml b/ipd2/templates/service-http.yaml similarity index 73% rename from helm-chart/templates/service.yaml rename to ipd2/templates/service-http.yaml index 2b4cf79..516e592 100644 --- a/helm-chart/templates/service.yaml +++ b/ipd2/templates/service-http.yaml @@ -1,16 +1,16 @@ apiVersion: v1 kind: Service metadata: - name: {{ template "ipd2.fullname" . }} + name: {{ template "ipd2.fullname" . }}-http labels: app: {{ template "ipd2.name" . }} chart: {{ template "ipd2.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: - type: {{ .Values.service.type }} + type: {{ .Values.service.http.type }} ports: - - port: {{ .Values.service.port }} + - port: {{ .Values.service.http.port }} targetPort: http protocol: TCP name: http diff --git a/ipd2/templates/service-https.yaml b/ipd2/templates/service-https.yaml new file mode 100644 index 0000000..8482222 --- /dev/null +++ b/ipd2/templates/service-https.yaml @@ -0,0 +1,21 @@ +{{- if .Values.service.https.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "ipd2.fullname" . }}-https + labels: + app: {{ template "ipd2.name" . }} + chart: {{ template "ipd2.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.https.type }} + ports: + - port: {{ .Values.service.https.port }} + targetPort: http + protocol: TCP + name: http + selector: + app: {{ template "ipd2.name" . }} + release: {{ .Release.Name }} +{{- end }} diff --git a/ipd2/values-tls.yaml b/ipd2/values-tls.yaml new file mode 100644 index 0000000..0caf18f --- /dev/null +++ b/ipd2/values-tls.yaml @@ -0,0 +1,32 @@ +service: + https: + enabled: true + +ingress: + hosts: + - ifconfig2.ca + - ifconfig2.co + - ifconfig2.com + path: / + http: + enabled: true + https: + enabled: true + annotations: + kubernetes.io/tls-acme: "true" + tls: + secretName: ifconfig-tls + +resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/ipd2/values.yaml b/ipd2/values.yaml new file mode 100644 index 0000000..2768cb8 --- /dev/null +++ b/ipd2/values.yaml @@ -0,0 +1,44 @@ +replicaCount: 1 + +image: + repository: mlaccetti/ipd2 + tag: 0.1.2 + pullPolicy: IfNotPresent + +service: + http: + type: ClusterIP + port: 80 + https: + enabled: false + type: ClusterIP + port: 443 + +ingress: + hosts: + - chart-example.local + path: / + http: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + https: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + tls: + secretName: chart-example-tls + +resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {}