diff --git a/changelog.d/20231115_110934_andrey_update_helm.md b/changelog.d/20231115_110934_andrey_update_helm.md new file mode 100644 index 000000000000..1fa31275fdd8 --- /dev/null +++ b/changelog.d/20231115_110934_andrey_update_helm.md @@ -0,0 +1,17 @@ +### Changed + +- \[Helm\] Minimum compatible Kubernetes version is 1.19.0. + () + +- \[Helm\] The CVAT hostname can be configured with `ingress.hostname` option. + () + +- \[Helm\] `ingress.tls` configuration has been reworked. + () + +- \[Helm\] Traefik subchart updated to 25.0.0 (appVersion v2.10.5) + () + +### Removed + \[Helm\] `ingress.hosts` has been removed, use `ingress.hostname` instead. + () diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml index cd0db7ba9071..833dfbcd7f66 100644 --- a/helm-chart/Chart.yaml +++ b/helm-chart/Chart.yaml @@ -1,5 +1,6 @@ apiVersion: v2 name: cvat +kubeVersion: ">= 1.19.0" description: A Helm chart for Kubernetes # A chart can be either an 'application' or a 'library' chart. @@ -15,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.10.3 +version: 0.11.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -51,7 +52,7 @@ dependencies: condition: analytics.enabled - name: traefik - version: 10.24.0 + version: 25.0.0 repository: https://helm.traefik.io/traefik condition: traefik.enabled diff --git a/helm-chart/cvat.values.yaml b/helm-chart/cvat.values.yaml index 9765325f3cc1..9cb5b0d3ff1a 100644 --- a/helm-chart/cvat.values.yaml +++ b/helm-chart/cvat.values.yaml @@ -3,51 +3,6 @@ analytics: ingress: enabled: true - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: web - kubernetes.io/ingress.class: traefik - hosts: - - host: cvat.local - paths: - - path: /api - pathType: "Prefix" - service: - name: backend-service - port: 8080 - - path: /admin - pathType: "Prefix" - service: - name: backend-service - port: 8080 - - path: /static - pathType: "Prefix" - service: - name: backend-service - port: 8080 - - path: /django-rq - pathType: "Prefix" - service: - name: backend-service - port: 8080 - - path: /git - pathType: "Prefix" - service: - name: backend-service - port: 8080 - - path: /opencv - pathType: "Prefix" - service: - name: backend-service - port: 8080 - - path: /profiler - pathType: "Prefix" - service: - name: backend-service - port: 8080 - - path : / - pathType: "Prefix" - service: - name: frontend-service - port: 80 + traefik: enabled: true diff --git a/helm-chart/templates/analytics/ingress.yaml b/helm-chart/templates/analytics/ingress.yaml index 396bc2cfb6d5..98dad20391d5 100644 --- a/helm-chart/templates/analytics/ingress.yaml +++ b/helm-chart/templates/analytics/ingress.yaml @@ -1,13 +1,6 @@ -{{- $version := .Capabilities.KubeVersion.GitVersion -}} {{- if and .Values.ingress.enabled .Values.analytics.enabled -}} {{- $fullName := include "cvat.fullname" . -}} -{{- if semverCompare ">=1.19-0" $version -}} apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" $version -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} kind: Ingress metadata: name: {{ $fullName }}-analytics @@ -15,34 +8,34 @@ metadata: labels: {{- include "cvat.labels" . | nindent 4 }} annotations: + {{- if .Values.traefik.enabled }} traefik.ingress.kubernetes.io/router.middlewares: {{ $.Release.Namespace }}-stripprefix@kubernetescrd, {{ $.Release.Namespace }}-forwardauth@kubernetescrd - {{- with .Values.analytics.ingress.annotations }} + {{- end }} + {{- with .Values.ingress.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: -{{- if semverCompare ">=1.19-0" $version }} - ingressClassName: {{ .Values.ingress.className }} +{{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className | toYaml }} +{{- else if and .Values.traefik.enabled .Values.traefik.ingressClass.enabled }} + ingressClassName: {{ .Values.traefik.ingressClass.name | default (include "traefik.fullname" .Subcharts.traefik) }} {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - - path: {{ $.Values.analytics.ingress.path }} - {{- if $.Values.analytics.ingress.pathType }} - pathType: {{ $.Values.analytics.ingress.pathType }} - {{- end }} - {{- if semverCompare ">=1.19-0" $version }} - backend: - service: - name: {{ $.Release.Name }}-{{ $.Values.analytics.ingress.service.name }} - port: - number: {{ $.Values.analytics.ingress.service.port }} - {{- else }} - backend: - serviceName: {{ $.Release.Name }}-{{ $.Values.analytics.ingress.service.name }} - servicePort: {{ $.Values.analytics.ingress.service.port }} - {{- end }} + {{- if .Values.ingress.tls }} + tls: + - hosts: + - {{ .Values.ingress.hostname }} + secretName: {{ .Values.ingress.tlsSecretName }} {{- end }} + rules: + - host: {{ .Values.ingress.hostname }} + http: + paths: + - path: /analytics + pathType: Prefix + backend: + service: + name: {{ $.Release.Name }}-grafana + port: + number: 80 {{- end }} diff --git a/helm-chart/templates/ingress.yaml b/helm-chart/templates/ingress.yaml index 6e512ce51f16..8eddd964da9e 100644 --- a/helm-chart/templates/ingress.yaml +++ b/helm-chart/templates/ingress.yaml @@ -1,13 +1,6 @@ -{{- $version := .Capabilities.KubeVersion.GitVersion -}} {{- if .Values.ingress.enabled -}} {{- $fullName := include "cvat.fullname" . -}} -{{- if semverCompare ">=1.19-0" $version -}} apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" $version -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} kind: Ingress metadata: name: {{ $fullName }} @@ -19,40 +12,35 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: -{{- if semverCompare ">=1.19-0" $version }} - ingressClassName: {{ .Values.ingress.className }} +{{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className | toYaml }} +{{- else if and .Values.traefik.enabled .Values.traefik.ingressClass.enabled }} + ingressClassName: {{ .Values.traefik.ingressClass.name | default (include "traefik.fullname" .Subcharts.traefik) }} {{- end }} -{{- if .Values.ingress.tls }} + {{- if .Values.ingress.tls }} tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} + - hosts: + - {{ .Values.ingress.hostname }} + secretName: {{ .Values.ingress.tlsSecretName }} {{- end }} -{{- end }} rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if .pathType }} - pathType: {{ .pathType }} - {{- end }} - {{- if semverCompare ">=1.19-0" $version }} - backend: - service: - name: {{ $.Release.Name }}-{{ .service.name }} - port: - number: {{ .service.port }} - {{- else }} - backend: - serviceName: {{ .service.name }} - servicePort: {{ .service.port }} - {{- end }} - {{- end }} - {{- end }} + - host: {{ .Values.ingress.hostname }} + http: + paths: + {{- range tuple "api" "admin" "static" "django-rq" "profiler" }} + - path: "/{{ . }}" + pathType: Prefix + backend: + service: + name: {{ $.Release.Name }}-backend-service + port: + number: 8080 + {{- end }} + - path: / + pathType: Prefix + backend: + service: + name: {{ .Release.Name }}-frontend-service + port: + number: 80 {{- end }} diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index c0d35955ef0f..503e706e422f 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -273,15 +273,6 @@ analytics: clickhousePassword: user clickhouseHost: "{{ .Release.Name }}-clickhouse" - ingress: - path: /analytics - pathType: "Prefix" - annotations: - kubernetes.io/ingress.class: traefik - service: - name: grafana - port: 80 - vector: envFrom: - secretRef: @@ -364,56 +355,34 @@ grafana: enabled: false ingress: + ## @param ingress.enabled Enable ingress resource generation for CVAT + ## enabled: false - -# In case you need an ingress, write them manually in your my.values.eml, see example below: -# enabled: true -# annotations: -# traefik.ingress.kubernetes.io/router.entrypoints: web -# kubernetes.io/ingress.class: traefik -# hosts: -# - host: cvat.local -# paths: -# - path: /api -# pathType: "Prefix" -# service: -# name: backend-service -# port: 8080 -# - path: /admin -# pathType: "Prefix" -# service: -# name: backend-service -# port: 8080 -# - path: /static -# pathType: "Prefix" -# service: -# name: backend-service -# port: 8080 -# - path: /django-rq -# pathType: "Prefix" -# service: -# name: backend-service -# port: 8080 -# - path: /profiler -# pathType: "Prefix" -# service: -# name: backend-service -# port: 8080 -# - path : / -# pathType: "Prefix" -# service: -# name: frontend-service -# port: 80 -# tls: -# - hosts: -# - -# secretName: ingress-tls-cvat + ## @param ingress.hostname Host for the ingress resource + ## + hostname: cvat.local + ## @param ingress.annotations Additional annotations for the Ingress resource. + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## + annotations: {} + ## @param ingress.className IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + className: "" + ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret defined in tlsSecretName parameter + ## + tls: false + ## @param ingress.tlsSecretName Specifies the name of the secret containing TLS certificates. Ignored if ingress.tls is false + ## + tlsSecretName: ingress-tls-cvat traefik: enabled: false - service: - externalIPs: - # - "192.168.49.2" smokescreen: opts: ''