From b1bb4cc32516d0abe4f42145f9c48a18502d93c5 Mon Sep 17 00:00:00 2001 From: rfuelsh Date: Mon, 14 Mar 2022 00:25:14 -0400 Subject: [PATCH 01/10] Adding nginx ingress and cert manager deployment --- .../charts/templates/fuel-core-deploy.yaml | 20 +- deployment/charts/values.yaml | 5 +- .../ingress/eks/ingress-controller.yaml | 652 ++++++++++++++++++ deployment/ingress/eks/ingress.yaml | 26 + deployment/ingress/eks/prod-issuer.yaml | 15 + deployment/scripts/.env | 9 +- deployment/scripts/fuel-core-delete.sh | 2 +- deployment/scripts/fuel-core-deploy.sh | 2 +- deployment/scripts/ingress-deploy.sh | 21 + 9 files changed, 735 insertions(+), 17 deletions(-) create mode 100644 deployment/ingress/eks/ingress-controller.yaml create mode 100644 deployment/ingress/eks/ingress.yaml create mode 100644 deployment/ingress/eks/prod-issuer.yaml create mode 100755 deployment/scripts/ingress-deploy.sh diff --git a/deployment/charts/templates/fuel-core-deploy.yaml b/deployment/charts/templates/fuel-core-deploy.yaml index e714c893a1f..dd8827bb82a 100644 --- a/deployment/charts/templates/fuel-core-deploy.yaml +++ b/deployment/charts/templates/fuel-core-deploy.yaml @@ -13,28 +13,24 @@ spec: storage: {{ .Values.app.volume.storagerequests }} storageClassName: {{ .Values.app.volume.storageclass }} --- -apiVersion: v1 kind: Service +apiVersion: v1 metadata: labels: app: {{ template "fuel-core.name" . }} chart: {{ template "fuel-core.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} - name: {{ template "fuel-core.name" . }}-k8s-lb + name: {{ template "fuel-core.name" . }}-service spec: + type: NodePort + selector: + app: {{ template "fuel-core.name" . }} ports: - - port: {{ .Values.app.httpport }} - targetPort: {{ .Values.app.targetport }} + - name: http + port: {{ .Values.app.httpport }} protocol: TCP - name: http - - port: {{ .Values.app.httpsport }} targetPort: {{ .Values.app.targetport }} - protocol: TCP - name: https - selector: - app: {{ template "fuel-core.name" . }} - type: LoadBalancer --- apiVersion: apps/v1 kind: Deployment @@ -79,4 +75,4 @@ spec: volumes: - name: {{ .Values.app.volume.pvname }} persistentVolumeClaim: - claimName: {{ .Values.app.volume.claimname }} + claimName: {{ .Values.app.volume.claimname }} \ No newline at end of file diff --git a/deployment/charts/values.yaml b/deployment/charts/values.yaml index 2f8100f6a0b..e37b3ebefd8 100644 --- a/deployment/charts/values.yaml +++ b/deployment/charts/values.yaml @@ -16,6 +16,7 @@ app: pvname: db-volume mountPath: /mnt/db/ claimname: db-volume-pv-claim - storageclass: gp2 - storagerequests: 3Gi + storageclass: ${pvc_storage_class} + storagerequests: ${pvc_storage_requests} accessmodes: ReadWriteOnce + diff --git a/deployment/ingress/eks/ingress-controller.yaml b/deployment/ingress/eks/ingress-controller.yaml new file mode 100644 index 00000000000..319b52c2bc3 --- /dev/null +++ b/deployment/ingress/eks/ingress-controller.yaml @@ -0,0 +1,652 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + +--- +# Source: ingress-nginx/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + helm.sh/chart: ingress-nginx-2.0.3 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.32.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: ingress-nginx + namespace: ingress-nginx +--- +# Source: ingress-nginx/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + helm.sh/chart: ingress-nginx-2.0.3 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.32.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: ingress-nginx-controller + namespace: ingress-nginx +data: +--- +# Source: ingress-nginx/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + helm.sh/chart: ingress-nginx-2.0.3 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.32.0 + app.kubernetes.io/managed-by: Helm + name: ingress-nginx + namespace: ingress-nginx +rules: + - apiGroups: + - '' + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + verbs: + - list + - watch + - apiGroups: + - '' + resources: + - nodes + verbs: + - get + - apiGroups: + - '' + resources: + - services + verbs: + - get + - list + - update + - watch + - apiGroups: + - extensions + - networking.k8s.io # k8s 1.14+ + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - events + verbs: + - create + - patch + - apiGroups: + - extensions + - networking.k8s.io # k8s 1.14+ + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io # k8s 1.14+ + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +# Source: ingress-nginx/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + helm.sh/chart: ingress-nginx-2.0.3 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.32.0 + app.kubernetes.io/managed-by: Helm + name: ingress-nginx + namespace: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ingress-nginx +subjects: + - kind: ServiceAccount + name: ingress-nginx + namespace: ingress-nginx +--- +# Source: ingress-nginx/templates/controller-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + helm.sh/chart: ingress-nginx-2.0.3 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.32.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: ingress-nginx + namespace: ingress-nginx +rules: + - apiGroups: + - '' + resources: + - namespaces + verbs: + - get + - apiGroups: + - '' + resources: + - configmaps + - pods + - secrets + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - services + verbs: + - get + - list + - update + - watch + - apiGroups: + - extensions + - networking.k8s.io # k8s 1.14+ + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io # k8s 1.14+ + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io # k8s 1.14+ + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - configmaps + resourceNames: + - ingress-controller-leader-nginx + verbs: + - get + - update + - apiGroups: + - '' + resources: + - configmaps + verbs: + - create + - apiGroups: + - '' + resources: + - endpoints + verbs: + - create + - get + - update + - apiGroups: + - '' + resources: + - events + verbs: + - create + - patch +--- +# Source: ingress-nginx/templates/controller-rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + helm.sh/chart: ingress-nginx-2.0.3 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.32.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: ingress-nginx + namespace: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ingress-nginx +subjects: + - kind: ServiceAccount + name: ingress-nginx + namespace: ingress-nginx +--- +# Source: ingress-nginx/templates/controller-service-webhook.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + helm.sh/chart: ingress-nginx-2.0.3 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.32.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: ingress-nginx-controller-admission + namespace: ingress-nginx +spec: + type: ClusterIP + ports: + - name: https-webhook + port: 443 + targetPort: webhook + selector: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller +--- +# Source: ingress-nginx/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + annotations: + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '60' + service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' + service.beta.kubernetes.io/aws-load-balancer-type: nlb + labels: + helm.sh/chart: ingress-nginx-2.0.3 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.32.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: ingress-nginx-controller + namespace: ingress-nginx +spec: + type: LoadBalancer + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller +--- +# Source: ingress-nginx/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + helm.sh/chart: ingress-nginx-2.0.3 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.32.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: ingress-nginx-controller + namespace: ingress-nginx +spec: + selector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + revisionHistoryLimit: 10 + minReadySeconds: 0 + template: + metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + spec: + dnsPolicy: ClusterFirst + containers: + - name: controller + image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.32.0 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + args: + - /nginx-ingress-controller + - --publish-service=ingress-nginx/ingress-nginx-controller + - --election-id=ingress-controller-leader + - --ingress-class=nginx + - --configmap=ingress-nginx/ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + securityContext: + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + runAsUser: 101 + allowPrivilegeEscalation: true + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + livenessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: webhook + containerPort: 8443 + protocol: TCP + volumeMounts: + - name: webhook-cert + mountPath: /usr/local/certificates/ + readOnly: true + resources: + requests: + cpu: 100m + memory: 90Mi + serviceAccountName: ingress-nginx + terminationGracePeriodSeconds: 300 + volumes: + - name: webhook-cert + secret: + secretName: ingress-nginx-admission +--- +# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + helm.sh/chart: ingress-nginx-2.0.3 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.32.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + name: ingress-nginx-admission + namespace: ingress-nginx +webhooks: + - name: validate.nginx.ingress.kubernetes.io + rules: + - apiGroups: + - extensions + - networking.k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + failurePolicy: Fail + clientConfig: + service: + namespace: ingress-nginx + name: ingress-nginx-controller-admission + path: /extensions/v1beta1/ingresses +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ingress-nginx-admission + annotations: + helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-2.0.3 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.32.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + namespace: ingress-nginx +rules: + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ingress-nginx-admission + annotations: + helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-2.0.3 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.32.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + namespace: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ingress-nginx-admission +subjects: + - kind: ServiceAccount + name: ingress-nginx-admission + namespace: ingress-nginx +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: ingress-nginx-admission-create + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-2.0.3 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.32.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + namespace: ingress-nginx +spec: + template: + metadata: + name: ingress-nginx-admission-create + labels: + helm.sh/chart: ingress-nginx-2.0.3 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.32.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + spec: + containers: + - name: create + image: jettech/kube-webhook-certgen:v1.2.0 + imagePullPolicy: IfNotPresent + args: + - create + - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.ingress-nginx.svc + - --namespace=ingress-nginx + - --secret-name=ingress-nginx-admission + restartPolicy: OnFailure + serviceAccountName: ingress-nginx-admission + securityContext: + runAsNonRoot: true + runAsUser: 2000 +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: ingress-nginx-admission-patch + annotations: + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-2.0.3 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.32.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + namespace: ingress-nginx +spec: + template: + metadata: + name: ingress-nginx-admission-patch + labels: + helm.sh/chart: ingress-nginx-2.0.3 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.32.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + spec: + containers: + - name: patch + image: jettech/kube-webhook-certgen:v1.2.0 + imagePullPolicy: + args: + - patch + - --webhook-name=ingress-nginx-admission + - --namespace=ingress-nginx + - --patch-mutating=false + - --secret-name=ingress-nginx-admission + - --patch-failure-policy=Fail + restartPolicy: OnFailure + serviceAccountName: ingress-nginx-admission + securityContext: + runAsNonRoot: true + runAsUser: 2000 +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ingress-nginx-admission + annotations: + helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-2.0.3 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.32.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + namespace: ingress-nginx +rules: + - apiGroups: + - '' + resources: + - secrets + verbs: + - get + - create +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ingress-nginx-admission + annotations: + helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-2.0.3 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.32.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + namespace: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ingress-nginx-admission +subjects: + - kind: ServiceAccount + name: ingress-nginx-admission + namespace: ingress-nginx +--- +# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ingress-nginx-admission + annotations: + helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + labels: + helm.sh/chart: ingress-nginx-2.0.3 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.32.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: admission-webhook + namespace: ingress-nginx \ No newline at end of file diff --git a/deployment/ingress/eks/ingress.yaml b/deployment/ingress/eks/ingress.yaml new file mode 100644 index 00000000000..5f17a464b8c --- /dev/null +++ b/deployment/ingress/eks/ingress.yaml @@ -0,0 +1,26 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ${k8s_namespace}-ingress + namespace: ${k8s_namespace} + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/force-ssl-redirect: "false" + nginx.ingress.kubernetes.io/rewrite-target: / + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + rules: + - host: ${ingress_dns} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: ${k8s_namespace}-service + port: + number: ${ingress_http_port} + tls: + - hosts: + - ${ingress_dns} + secretName: letsencrypt-prod \ No newline at end of file diff --git a/deployment/ingress/eks/prod-issuer.yaml b/deployment/ingress/eks/prod-issuer.yaml new file mode 100644 index 00000000000..9633e3227d1 --- /dev/null +++ b/deployment/ingress/eks/prod-issuer.yaml @@ -0,0 +1,15 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-prod + namespace: cert-manager +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: ${letsencrypt_email} + privateKeySecretRef: + name: letsencrypt-prod + solvers: + - http01: + ingress: + class: nginx diff --git a/deployment/scripts/.env b/deployment/scripts/.env index 36ae75900fb..c7bb131a3be 100644 --- a/deployment/scripts/.env +++ b/deployment/scripts/.env @@ -1,11 +1,18 @@ # Kubernetes Provider Enviromment Variables k8s_provider="eks" -# Helm Enviroment Variables +# Helm Environment Values k8s_namespace="fuel-core" fuel_core_image_repository="ghcr.io/fuellabs/fuel-core" fuel_core_image_tag="latest" fuel_core_pod_replicas="1" +pvc_storage_class="gp2" +pvc_storage_requests="3Gi" + +# Ingress Environment variables +letsencrypt_email="helloworld@gmail.com" +ingress_dns="example.com" +ingress_http_port="80" # AWS Environment variables TF_VAR_environment="fuel-core" diff --git a/deployment/scripts/fuel-core-delete.sh b/deployment/scripts/fuel-core-delete.sh index 93d22761487..9617b3bd6b1 100755 --- a/deployment/scripts/fuel-core-delete.sh +++ b/deployment/scripts/fuel-core-delete.sh @@ -8,5 +8,5 @@ if [ "${k8s_provider}" == "eks" ]; then echo "Deleting fuel-core helm chart on ${TF_VAR_eks_cluster_name} ...." helm delete fuel-core --namespace ${k8s_namespace} else - echo "You have chosen a non-supported kubernetes provider" + echo "You have inputted a non-supported kubernetes provider in your .env" fi diff --git a/deployment/scripts/fuel-core-deploy.sh b/deployment/scripts/fuel-core-deploy.sh index 43805929937..1fc425f10de 100755 --- a/deployment/scripts/fuel-core-deploy.sh +++ b/deployment/scripts/fuel-core-deploy.sh @@ -19,5 +19,5 @@ if [ "${k8s_provider}" == "eks" ]; then --timeout 8000s \ --debug else - echo "You have chosen a non-supported kubernetes provider" + echo "You have inputted a non-supported kubernetes provider in your .env" fi diff --git a/deployment/scripts/ingress-deploy.sh b/deployment/scripts/ingress-deploy.sh new file mode 100755 index 00000000000..9107a4ef0f2 --- /dev/null +++ b/deployment/scripts/ingress-deploy.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +set -o allexport && source .env && set +o allexport + +if [ "${k8s_provider}" == "eks" ]; then + echo " ...." + aws eks update-kubeconfig --name ${TF_VAR_eks_cluster_name} + cd ../ingress/${k8s_provider} + kubectl apply -f ingress-controller.yaml + helm repo add jetstack https://charts.jetstack.io + helm repo update + helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.2.0 --create-namespace + mv prod-issuer.yaml prod-issuer.template + envsubst < prod-issuer.template > prod-issuer.yaml + rm prod-issuer.template + mv ingress.yaml ingress.template + envsubst < ingress.template > ingress.yaml + rm ingress.template +else + echo "You have inputted a non-supported kubernetes provider in your .env" +fi From 6df2a94176cdd5ba8d4542171666b0da9b1dfeb6 Mon Sep 17 00:00:00 2001 From: rfuelsh Date: Mon, 14 Mar 2022 00:32:59 -0400 Subject: [PATCH 02/10] Add new lines --- deployment/charts/templates/fuel-core-deploy.yaml | 2 +- deployment/ingress/eks/ingress.yaml | 2 +- deployment/scripts/ingress-deploy.sh | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/deployment/charts/templates/fuel-core-deploy.yaml b/deployment/charts/templates/fuel-core-deploy.yaml index dd8827bb82a..f313e4047da 100644 --- a/deployment/charts/templates/fuel-core-deploy.yaml +++ b/deployment/charts/templates/fuel-core-deploy.yaml @@ -75,4 +75,4 @@ spec: volumes: - name: {{ .Values.app.volume.pvname }} persistentVolumeClaim: - claimName: {{ .Values.app.volume.claimname }} \ No newline at end of file + claimName: {{ .Values.app.volume.claimname }} diff --git a/deployment/ingress/eks/ingress.yaml b/deployment/ingress/eks/ingress.yaml index 5f17a464b8c..e06a1872308 100644 --- a/deployment/ingress/eks/ingress.yaml +++ b/deployment/ingress/eks/ingress.yaml @@ -23,4 +23,4 @@ spec: tls: - hosts: - ${ingress_dns} - secretName: letsencrypt-prod \ No newline at end of file + secretName: letsencrypt-prod diff --git a/deployment/scripts/ingress-deploy.sh b/deployment/scripts/ingress-deploy.sh index 9107a4ef0f2..fd68976bc35 100755 --- a/deployment/scripts/ingress-deploy.sh +++ b/deployment/scripts/ingress-deploy.sh @@ -13,9 +13,11 @@ if [ "${k8s_provider}" == "eks" ]; then mv prod-issuer.yaml prod-issuer.template envsubst < prod-issuer.template > prod-issuer.yaml rm prod-issuer.template + kubectl apply -f prod-issuer.yaml mv ingress.yaml ingress.template envsubst < ingress.template > ingress.yaml rm ingress.template + kubectl apply -f ingress.yaml else echo "You have inputted a non-supported kubernetes provider in your .env" fi From 8707f8ba81893ae51519c22da4183a00fd8c7306 Mon Sep 17 00:00:00 2001 From: rfuelsh Date: Mon, 14 Mar 2022 12:46:05 -0400 Subject: [PATCH 03/10] Updating ValidatingWebhookConfiguration API Version --- deployment/ingress/eks/ingress-controller.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/ingress/eks/ingress-controller.yaml b/deployment/ingress/eks/ingress-controller.yaml index 319b52c2bc3..75ee10d2831 100644 --- a/deployment/ingress/eks/ingress-controller.yaml +++ b/deployment/ingress/eks/ingress-controller.yaml @@ -414,7 +414,7 @@ spec: secretName: ingress-nginx-admission --- # Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: labels: From 1783f424c0e085938226f3bdd8b0f59ff8c918c5 Mon Sep 17 00:00:00 2001 From: rfuelsh Date: Mon, 14 Mar 2022 12:50:02 -0400 Subject: [PATCH 04/10] Updating ValidatingWebhookConfiguration API Version --- deployment/ingress/eks/ingress-controller.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/ingress/eks/ingress-controller.yaml b/deployment/ingress/eks/ingress-controller.yaml index 75ee10d2831..319b52c2bc3 100644 --- a/deployment/ingress/eks/ingress-controller.yaml +++ b/deployment/ingress/eks/ingress-controller.yaml @@ -414,7 +414,7 @@ spec: secretName: ingress-nginx-admission --- # Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml -apiVersion: admissionregistration.k8s.io/v1 +apiVersion: admissionregistration.k8s.io/v1beta1 kind: ValidatingWebhookConfiguration metadata: labels: From 3aed6d0bf94c0a9f39d4106bf7c2b94b39e42db1 Mon Sep 17 00:00:00 2001 From: rfuelsh Date: Mon, 14 Mar 2022 15:20:42 -0400 Subject: [PATCH 05/10] Update cert manager helm chart version --- deployment/scripts/ingress-deploy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/scripts/ingress-deploy.sh b/deployment/scripts/ingress-deploy.sh index fd68976bc35..f768dab48d0 100755 --- a/deployment/scripts/ingress-deploy.sh +++ b/deployment/scripts/ingress-deploy.sh @@ -9,7 +9,7 @@ if [ "${k8s_provider}" == "eks" ]; then kubectl apply -f ingress-controller.yaml helm repo add jetstack https://charts.jetstack.io helm repo update - helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.2.0 --create-namespace + helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.7.1 --create-namespace mv prod-issuer.yaml prod-issuer.template envsubst < prod-issuer.template > prod-issuer.yaml rm prod-issuer.template From 485c8895e2be584fc791632a285671a2df8a14e4 Mon Sep 17 00:00:00 2001 From: rfuelsh Date: Wed, 16 Mar 2022 21:51:43 -0400 Subject: [PATCH 06/10] Remove ingress controller definition --- .../ingress/eks/ingress-controller.yaml | 652 ------------------ deployment/scripts/ingress-deploy.sh | 2 +- 2 files changed, 1 insertion(+), 653 deletions(-) delete mode 100644 deployment/ingress/eks/ingress-controller.yaml diff --git a/deployment/ingress/eks/ingress-controller.yaml b/deployment/ingress/eks/ingress-controller.yaml deleted file mode 100644 index 319b52c2bc3..00000000000 --- a/deployment/ingress/eks/ingress-controller.yaml +++ /dev/null @@ -1,652 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: ingress-nginx - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - ---- -# Source: ingress-nginx/templates/controller-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - helm.sh/chart: ingress-nginx-2.0.3 - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: controller - name: ingress-nginx - namespace: ingress-nginx ---- -# Source: ingress-nginx/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - helm.sh/chart: ingress-nginx-2.0.3 - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: controller - name: ingress-nginx-controller - namespace: ingress-nginx -data: ---- -# Source: ingress-nginx/templates/clusterrole.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - helm.sh/chart: ingress-nginx-2.0.3 - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - name: ingress-nginx - namespace: ingress-nginx -rules: - - apiGroups: - - '' - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - verbs: - - list - - watch - - apiGroups: - - '' - resources: - - nodes - verbs: - - get - - apiGroups: - - '' - resources: - - services - verbs: - - get - - list - - update - - watch - - apiGroups: - - extensions - - networking.k8s.io # k8s 1.14+ - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - '' - resources: - - events - verbs: - - create - - patch - - apiGroups: - - extensions - - networking.k8s.io # k8s 1.14+ - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io # k8s 1.14+ - resources: - - ingressclasses - verbs: - - get - - list - - watch ---- -# Source: ingress-nginx/templates/clusterrolebinding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - helm.sh/chart: ingress-nginx-2.0.3 - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: - - kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -# Source: ingress-nginx/templates/controller-role.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - helm.sh/chart: ingress-nginx-2.0.3 - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: controller - name: ingress-nginx - namespace: ingress-nginx -rules: - - apiGroups: - - '' - resources: - - namespaces - verbs: - - get - - apiGroups: - - '' - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - '' - resources: - - services - verbs: - - get - - list - - update - - watch - - apiGroups: - - extensions - - networking.k8s.io # k8s 1.14+ - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - - networking.k8s.io # k8s 1.14+ - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io # k8s 1.14+ - resources: - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - '' - resources: - - configmaps - resourceNames: - - ingress-controller-leader-nginx - verbs: - - get - - update - - apiGroups: - - '' - resources: - - configmaps - verbs: - - create - - apiGroups: - - '' - resources: - - endpoints - verbs: - - create - - get - - update - - apiGroups: - - '' - resources: - - events - verbs: - - create - - patch ---- -# Source: ingress-nginx/templates/controller-rolebinding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - helm.sh/chart: ingress-nginx-2.0.3 - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: controller - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: - - kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -# Source: ingress-nginx/templates/controller-service-webhook.yaml -apiVersion: v1 -kind: Service -metadata: - labels: - helm.sh/chart: ingress-nginx-2.0.3 - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: controller - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - type: ClusterIP - ports: - - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller ---- -# Source: ingress-nginx/templates/controller-service.yaml -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '60' - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' - service.beta.kubernetes.io/aws-load-balancer-type: nlb - labels: - helm.sh/chart: ingress-nginx-2.0.3 - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: controller - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - type: LoadBalancer - externalTrafficPolicy: Local - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller ---- -# Source: ingress-nginx/templates/controller-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - helm.sh/chart: ingress-nginx-2.0.3 - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: controller - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - selector: - matchLabels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - revisionHistoryLimit: 10 - minReadySeconds: 0 - template: - metadata: - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - spec: - dnsPolicy: ClusterFirst - containers: - - name: controller - image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.32.0 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - args: - - /nginx-ingress-controller - - --publish-service=ingress-nginx/ingress-nginx-controller - - --election-id=ingress-controller-leader - - --ingress-class=nginx - - --configmap=ingress-nginx/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - securityContext: - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - runAsUser: 101 - allowPrivilegeEscalation: true - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - livenessProbe: - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - readinessProbe: - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: webhook - containerPort: 8443 - protocol: TCP - volumeMounts: - - name: webhook-cert - mountPath: /usr/local/certificates/ - readOnly: true - resources: - requests: - cpu: 100m - memory: 90Mi - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - helm.sh/chart: ingress-nginx-2.0.3 - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: admission-webhook - name: ingress-nginx-admission - namespace: ingress-nginx -webhooks: - - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - extensions - - networking.k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - failurePolicy: Fail - clientConfig: - service: - namespace: ingress-nginx - name: ingress-nginx-controller-admission - path: /extensions/v1beta1/ingresses ---- -# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: ingress-nginx-admission - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - labels: - helm.sh/chart: ingress-nginx-2.0.3 - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: admission-webhook - namespace: ingress-nginx -rules: - - apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: ingress-nginx-admission - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - labels: - helm.sh/chart: ingress-nginx-2.0.3 - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: admission-webhook - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: - - kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml -apiVersion: batch/v1 -kind: Job -metadata: - name: ingress-nginx-admission-create - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - labels: - helm.sh/chart: ingress-nginx-2.0.3 - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: admission-webhook - namespace: ingress-nginx -spec: - template: - metadata: - name: ingress-nginx-admission-create - labels: - helm.sh/chart: ingress-nginx-2.0.3 - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: admission-webhook - spec: - containers: - - name: create - image: jettech/kube-webhook-certgen:v1.2.0 - imagePullPolicy: IfNotPresent - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.ingress-nginx.svc - - --namespace=ingress-nginx - - --secret-name=ingress-nginx-admission - restartPolicy: OnFailure - serviceAccountName: ingress-nginx-admission - securityContext: - runAsNonRoot: true - runAsUser: 2000 ---- -# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml -apiVersion: batch/v1 -kind: Job -metadata: - name: ingress-nginx-admission-patch - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - labels: - helm.sh/chart: ingress-nginx-2.0.3 - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: admission-webhook - namespace: ingress-nginx -spec: - template: - metadata: - name: ingress-nginx-admission-patch - labels: - helm.sh/chart: ingress-nginx-2.0.3 - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: admission-webhook - spec: - containers: - - name: patch - image: jettech/kube-webhook-certgen:v1.2.0 - imagePullPolicy: - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=ingress-nginx - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - restartPolicy: OnFailure - serviceAccountName: ingress-nginx-admission - securityContext: - runAsNonRoot: true - runAsUser: 2000 ---- -# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: ingress-nginx-admission - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - labels: - helm.sh/chart: ingress-nginx-2.0.3 - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: admission-webhook - namespace: ingress-nginx -rules: - - apiGroups: - - '' - resources: - - secrets - verbs: - - get - - create ---- -# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: ingress-nginx-admission - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - labels: - helm.sh/chart: ingress-nginx-2.0.3 - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: admission-webhook - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: - - kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ingress-nginx-admission - annotations: - helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - labels: - helm.sh/chart: ingress-nginx-2.0.3 - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: admission-webhook - namespace: ingress-nginx \ No newline at end of file diff --git a/deployment/scripts/ingress-deploy.sh b/deployment/scripts/ingress-deploy.sh index f768dab48d0..d9485b72c49 100755 --- a/deployment/scripts/ingress-deploy.sh +++ b/deployment/scripts/ingress-deploy.sh @@ -6,7 +6,7 @@ if [ "${k8s_provider}" == "eks" ]; then echo " ...." aws eks update-kubeconfig --name ${TF_VAR_eks_cluster_name} cd ../ingress/${k8s_provider} - kubectl apply -f ingress-controller.yaml + kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.1/deploy/static/provider/aws/deploy.yaml helm repo add jetstack https://charts.jetstack.io helm repo update helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.7.1 --create-namespace From c7ced2dac563ebafc4969833aae29e5d1a5e98a9 Mon Sep 17 00:00:00 2001 From: rfuelsh Date: Wed, 16 Mar 2022 22:17:27 -0400 Subject: [PATCH 07/10] Updating helm upgrade cert-manager --- deployment/scripts/ingress-deploy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/scripts/ingress-deploy.sh b/deployment/scripts/ingress-deploy.sh index d9485b72c49..ad12d1e63c5 100755 --- a/deployment/scripts/ingress-deploy.sh +++ b/deployment/scripts/ingress-deploy.sh @@ -9,7 +9,7 @@ if [ "${k8s_provider}" == "eks" ]; then kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.1/deploy/static/provider/aws/deploy.yaml helm repo add jetstack https://charts.jetstack.io helm repo update - helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.7.1 --create-namespace + helm upgrade cert-manager jetstack/cert-manager --namespace cert-manager --version v1.7.1 --install --create-namespace mv prod-issuer.yaml prod-issuer.template envsubst < prod-issuer.template > prod-issuer.yaml rm prod-issuer.template From ebecef1dadad330b43e70d109522a1e15fdc8f2a Mon Sep 17 00:00:00 2001 From: rfuelsh Date: Wed, 16 Mar 2022 22:24:59 -0400 Subject: [PATCH 08/10] Changing ingress controller version --- deployment/scripts/ingress-deploy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/scripts/ingress-deploy.sh b/deployment/scripts/ingress-deploy.sh index ad12d1e63c5..1a91ee88b5b 100755 --- a/deployment/scripts/ingress-deploy.sh +++ b/deployment/scripts/ingress-deploy.sh @@ -6,7 +6,7 @@ if [ "${k8s_provider}" == "eks" ]; then echo " ...." aws eks update-kubeconfig --name ${TF_VAR_eks_cluster_name} cd ../ingress/${k8s_provider} - kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.1/deploy/static/provider/aws/deploy.yaml + kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.0.1/deploy/static/provider/aws/deploy.yaml helm repo add jetstack https://charts.jetstack.io helm repo update helm upgrade cert-manager jetstack/cert-manager --namespace cert-manager --version v1.7.1 --install --create-namespace From 3f2d880d2ba2427362e1ae04b443c90ea2ab7a00 Mon Sep 17 00:00:00 2001 From: rfuelsh Date: Wed, 16 Mar 2022 22:59:48 -0400 Subject: [PATCH 09/10] Adding ingress delete script --- deployment/scripts/ingress-delete.sh | 15 +++++++++++++++ deployment/scripts/ingress-deploy.sh | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100755 deployment/scripts/ingress-delete.sh diff --git a/deployment/scripts/ingress-delete.sh b/deployment/scripts/ingress-delete.sh new file mode 100755 index 00000000000..1e83da2b40a --- /dev/null +++ b/deployment/scripts/ingress-delete.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +set -o allexport && source .env && set +o allexport + +if [ "${k8s_provider}" == "eks" ]; then + echo " ...." + aws eks update-kubeconfig --name ${TF_VAR_eks_cluster_name} + cd ../ingress/${k8s_provider} + kubectl delete -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/aws/1.21/deploy.yaml + helm delete cert-manager --namespace cert-manager + kubectl delete -f prod-issuer.yaml + kubectl delete -f ingress.yaml +else + echo "You have inputted a non-supported kubernetes provider in your .env" +fi diff --git a/deployment/scripts/ingress-deploy.sh b/deployment/scripts/ingress-deploy.sh index 1a91ee88b5b..a2198b3f877 100755 --- a/deployment/scripts/ingress-deploy.sh +++ b/deployment/scripts/ingress-deploy.sh @@ -6,7 +6,7 @@ if [ "${k8s_provider}" == "eks" ]; then echo " ...." aws eks update-kubeconfig --name ${TF_VAR_eks_cluster_name} cd ../ingress/${k8s_provider} - kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.0.1/deploy/static/provider/aws/deploy.yaml + kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/aws/1.21/deploy.yaml helm repo add jetstack https://charts.jetstack.io helm repo update helm upgrade cert-manager jetstack/cert-manager --namespace cert-manager --version v1.7.1 --install --create-namespace From f7a289c691ba507f02877ac784bf73740c5949d2 Mon Sep 17 00:00:00 2001 From: rfuelsh Date: Wed, 16 Mar 2022 23:08:57 -0400 Subject: [PATCH 10/10] Adding nginx ingress annotation --- deployment/ingress/eks/ingress.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/deployment/ingress/eks/ingress.yaml b/deployment/ingress/eks/ingress.yaml index e06a1872308..795bb37903b 100644 --- a/deployment/ingress/eks/ingress.yaml +++ b/deployment/ingress/eks/ingress.yaml @@ -8,6 +8,7 @@ metadata: nginx.ingress.kubernetes.io/force-ssl-redirect: "false" nginx.ingress.kubernetes.io/rewrite-target: / cert-manager.io/cluster-issuer: "letsencrypt-prod" + kubernetes.io/ingress.class: "nginx" spec: rules: - host: ${ingress_dns}