ayan.poddar
/
eShopOnContainers
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 19 Wiki Activity
Browse Source

local k8s docker support

pull/874/head
eiximenis 6 years ago
parent
de6f9e67c9
commit
2593d5d3ad
23 changed files with 370 additions and 220 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -3
      k8s/deploy-ingress-azure.ps1
  2. +2
    -0
      k8s/deploy-ingress-dockerlocal.ps1
  3. +1
    -8
      k8s/deploy-ingress.ps1
  4. +4
    -0
      k8s/deploy.ps1
  5. +18
    -0
      k8s/helm-rbac.yaml
  6. +13
    -5
      k8s/helm/deploy-all.ps1
  7. +5
    -0
      k8s/helm/ingress_values_dockerk8s.yaml
  8. +0
    -19
      k8s/nginx-ingress/azure/service.yaml
  9. +21
    -0
      k8s/nginx-ingress/cloud-generic.yaml
  10. BIN
      k8s/nginx-ingress/cm.yaml
  11. +0
    -11
      k8s/nginx-ingress/configmap.yaml
  12. +0
    -52
      k8s/nginx-ingress/default-backend.yaml
  13. +3
    -0
      k8s/nginx-ingress/local-dockerk8s/identityapi-cm-fix.yaml
  14. +3
    -0
      k8s/nginx-ingress/local-dockerk8s/mvc-cm-fix.yaml
  15. +39
    -0
      k8s/nginx-ingress/local-dockerk8s/mvc-fix.yaml
  16. +238
    -0
      k8s/nginx-ingress/mandatory.yaml
  17. +0
    -4
      k8s/nginx-ingress/namespace.yaml
  18. +0
    -40
      k8s/nginx-ingress/patch-service-without-rbac.yaml
  19. +0
    -7
      k8s/nginx-ingress/publish-service-patch.yaml
  20. +22
    -0
      k8s/nginx-ingress/service-nodeport.yaml
  21. +0
    -5
      k8s/nginx-ingress/tcp-services-configmap.yaml
  22. +0
    -5
      k8s/nginx-ingress/udp-services-configmap.yaml
  23. +0
    -61
      k8s/nginx-ingress/without-rbac.yaml

+ 1
- 3
k8s/deploy-ingress-azure.ps1 View File

@ -1,3 +1 @@
kubectl patch deployment -n ingress-nginx nginx-ingress-controller --type=json --patch="$(cat nginx-ingress\publish-service-patch.yaml)"
kubectl apply -f nginx-ingress\azure\service.yaml
kubectl apply -f nginx-ingress\patch-service-without-rbac.yaml
kubectl apply -f nginx-ingress\cloud-generic.yaml

+ 2
- 0
k8s/deploy-ingress-dockerlocal.ps1 View File

@ -0,0 +1,2 @@
kubectl apply -f nginx-ingress\cm.yaml
kubectl apply -f nginx-ingress\cloud-generic.yaml

+ 1
- 8
k8s/deploy-ingress.ps1 View File

@ -1,12 +1,5 @@
kubectl apply -f ingress.yaml
# Deploy nginx-ingress core files # Deploy nginx-ingress core files
kubectl apply -f nginx-ingress\namespace.yaml
kubectl apply -f nginx-ingress\default-backend.yaml
kubectl apply -f nginx-ingress\configmap.yaml
kubectl apply -f nginx-ingress\tcp-services-configmap.yaml
kubectl apply -f nginx-ingress\udp-services-configmap.yaml
kubectl apply -f nginx-ingress\without-rbac.yaml
kubectl apply -f nginx-ingress\mandatory.yaml

+ 4
- 0
k8s/deploy.ps1 View File

@ -113,6 +113,7 @@ ExecKube -cmd 'delete configmap internalurls'
ExecKube -cmd 'delete configmap urls' ExecKube -cmd 'delete configmap urls'
ExecKube -cmd 'delete configmap externalcfg' ExecKube -cmd 'delete configmap externalcfg'
ExecKube -cmd 'delete configmap ocelot' ExecKube -cmd 'delete configmap ocelot'
ExecKube -cmd 'delete -f ingress.yaml'
# start sql, rabbitmq, frontend deployments # start sql, rabbitmq, frontend deployments
if ($deployInfrastructure) { if ($deployInfrastructure) {
@ -204,5 +205,8 @@ ExecKube -cmd 'rollout resume deployments/apigwwm'
ExecKube -cmd 'rollout resume deployments/apigwws' ExecKube -cmd 'rollout resume deployments/apigwws'
ExecKube -cmd 'rollout resume deployments/ordering-signalrhub' ExecKube -cmd 'rollout resume deployments/ordering-signalrhub'
Write-Host "Adding/Updating ingress resource..." -ForegroundColor Yellow
ExecKube -cmd 'apply -f ingress.yaml'
Write-Host "WebSPA is exposed at http://$externalDns, WebMVC at http://$externalDns/webmvc, WebStatus at http://$externalDns/webstatus" -ForegroundColor Yellow Write-Host "WebSPA is exposed at http://$externalDns, WebMVC at http://$externalDns/webmvc, WebStatus at http://$externalDns/webstatus" -ForegroundColor Yellow

+ 18
- 0
k8s/helm-rbac.yaml View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system

+ 13
- 5
k8s/helm/deploy-all.ps1 View File

@ -8,11 +8,19 @@ Param(
[parameter(Mandatory=$false)][bool]$clean=$true, [parameter(Mandatory=$false)][bool]$clean=$true,
[parameter(Mandatory=$false)][string]$aksName="", [parameter(Mandatory=$false)][string]$aksName="",
[parameter(Mandatory=$false)][string]$aksRg="", [parameter(Mandatory=$false)][string]$aksRg="",
[parameter(Mandatory=$false)][string]$imageTag="latest"
)
[parameter(Mandatory=$false)][string]$imageTag="latest",
[parameter(Mandatory=$false)][bool]$useLocalk8s=$false
)
$dns = $externalDns $dns = $externalDns
$ingressValuesFile="ingress_values.yaml"
if ($ingressValuesFile) {
$ingressValuesFile="ingress_values_dockerk8s.yaml"
$dns="localhost"
}
if ($externalDns -eq "aks") { if ($externalDns -eq "aks") {
if ([string]::IsNullOrEmpty($aksName) -or [string]::IsNullOrEmpty($aksRg)) { if ([string]::IsNullOrEmpty($aksName) -or [string]::IsNullOrEmpty($aksRg)) {
Write-Host "Error: When using -dns aks, MUST set -aksName and -aksRg too." -ForegroundColor Red Write-Host "Error: When using -dns aks, MUST set -aksName and -aksRg too." -ForegroundColor Red
@ -58,18 +66,18 @@ $charts = ("eshop-common", "apigwmm", "apigwms", "apigwwm", "apigwws", "basket-a
if ($deployInfrastructure) { if ($deployInfrastructure) {
foreach ($infra in $infras) { foreach ($infra in $infras) {
Write-Host "Installing infrastructure: $infra" -ForegroundColor Green Write-Host "Installing infrastructure: $infra" -ForegroundColor Green
helm install --values app.yaml --values inf.yaml --values ingress_values.yaml --set app.name=$appName --set inf.k8s.dns=$dns --name="$appName-$infra" $infra
helm install --values app.yaml --values inf.yaml --values $ingressValuesFile --set app.name=$appName --set inf.k8s.dns=$dns --name="$appName-$infra" $infra
} }
} }
foreach ($chart in $charts) { foreach ($chart in $charts) {
Write-Host "Installing: $chart" -ForegroundColor Green Write-Host "Installing: $chart" -ForegroundColor Green
if ($useCustomRegistry) { if ($useCustomRegistry) {
helm install --set inf.registry.server=$registry --set inf.registry.login=$dockerUser --set inf.registry.pwd=$dockerPassword --set inf.registry.secretName=eshop-docker-scret --values app.yaml --values inf.yaml --values ingress_values.yaml --set app.name=$appName --set inf.k8s.dns=$dns --set image.tag=$imageTag --set image.pullPolicy=Always --name="$appName-$chart" $chart
helm install --set inf.registry.server=$registry --set inf.registry.login=$dockerUser --set inf.registry.pwd=$dockerPassword --set inf.registry.secretName=eshop-docker-scret --values app.yaml --values inf.yaml --values $ingressValuesFile --set app.name=$appName --set inf.k8s.dns=$dns --set image.tag=$imageTag --set image.pullPolicy=Always --name="$appName-$chart" $chart
} }
else { else {
if ($chart -ne "eshop-common") { # eshop-common is ignored when no secret must be deployed if ($chart -ne "eshop-common") { # eshop-common is ignored when no secret must be deployed
helm install --values app.yaml --values inf.yaml --values ingress_values.yaml --set app.name=$appName --set inf.k8s.dns=$dns --set image.tag=$imageTag --set image.pullPolicy=Always --name="$appName-$chart" $chart
helm install --values app.yaml --values inf.yaml --values $ingressValuesFile --set app.name=$appName --set inf.k8s.dns=$dns --set image.tag=$imageTag --set image.pullPolicy=Always --name="$appName-$chart" $chart
} }
} }
} }


+ 5
- 0
k8s/helm/ingress_values_dockerk8s.yaml View File

@ -0,0 +1,5 @@
ingress:
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/ssl-redirect: "false"

+ 0
- 19
k8s/nginx-ingress/azure/service.yaml View File

@ -1,19 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app: ingress-nginx
spec:
externalTrafficPolicy: Local
type: LoadBalancer
selector:
app: ingress-nginx
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: https

+ 21
- 0
k8s/nginx-ingress/cloud-generic.yaml View File

@ -0,0 +1,21 @@
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
externalTrafficPolicy: Local
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: https

BIN
k8s/nginx-ingress/cm.yaml View File


+ 0
- 11
k8s/nginx-ingress/configmap.yaml View File

@ -1,11 +0,0 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app: ingress-nginx
data:
ssl-redirect: "false"
proxy-buffer-size: "128k"
proxy-buffers: "4 256k"

+ 0
- 52
k8s/nginx-ingress/default-backend.yaml View File

@ -1,52 +0,0 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: default-http-backend
labels:
app: default-http-backend
namespace: ingress-nginx
spec:
replicas: 1
template:
metadata:
labels:
app: default-http-backend
spec:
terminationGracePeriodSeconds: 60
containers:
- name: default-http-backend
# Any image is permissable as long as:
# 1. It serves a 404 page at /
# 2. It serves 200 on a /healthz endpoint
image: gcr.io/google_containers/defaultbackend:1.4
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
ports:
- containerPort: 8080
resources:
limits:
cpu: 10m
memory: 20Mi
requests:
cpu: 10m
memory: 20Mi
---
apiVersion: v1
kind: Service
metadata:
name: default-http-backend
namespace: ingress-nginx
labels:
app: default-http-backend
spec:
ports:
- port: 80
targetPort: 8080
selector:
app: default-http-backend

+ 3
- 0
k8s/nginx-ingress/local-dockerk8s/identityapi-cm-fix.yaml View File

@ -0,0 +1,3 @@
data:
mvc_e: http://10.0.75.1/webmvc

+ 3
- 0
k8s/nginx-ingress/local-dockerk8s/mvc-cm-fix.yaml View File

@ -0,0 +1,3 @@
data:
urls__IdentityUrl: http://10.0.75.1/identity
urls__mvc: http://10.0.75.1/webmvc

+ 39
- 0
k8s/nginx-ingress/local-dockerk8s/mvc-fix.yaml View File

@ -0,0 +1,39 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
ingress.kubernetes.io/ssl-redirect: "false"
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
labels:
app: webmvc
name: eshop-webmvc-loopback
namespace: default
spec:
rules:
- http:
paths:
- backend:
serviceName: webmvc
servicePort: http
path: /webmvc
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
ingress.kubernetes.io/ssl-redirect: "false"
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
labels:
app: identity-api
name: eshop-identity-api-loopback
namespace: default
spec:
rules:
- http:
paths:
- backend:
serviceName: identity
servicePort: http
path: /identity

+ 238
- 0
k8s/nginx-ingress/mandatory.yaml View File

@ -0,0 +1,238 @@
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
---
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: nginx-ingress-clusterrole
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-role
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
# Defaults to "<election-id>-<ingress-class>"
# Here: "<ingress-controller-leader>-<nginx>"
# This has to be adapted if you change either parameter
# when launching the nginx-ingress-controller.
- "ingress-controller-leader-nginx"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: nginx-ingress-role-nisa-binding
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-role
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-clusterrole-nisa-binding
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-clusterrole
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
spec:
serviceAccountName: nginx-ingress-serviceaccount
containers:
- name: nginx-ingress-controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.20.0
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1

+ 0
- 4
k8s/nginx-ingress/namespace.yaml View File

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx

+ 0
- 40
k8s/nginx-ingress/patch-service-without-rbac.yaml View File

@ -1,40 +0,0 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
namespace: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
app: ingress-nginx
template:
metadata:
labels:
app: ingress-nginx
spec:
containers:
- name: nginx-ingress-controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443

+ 0
- 7
k8s/nginx-ingress/publish-service-patch.yaml View File

@ -1,7 +0,0 @@
[
{
'op': 'add',
'path': '/spec/template/spec/containers/0/args/-',
'value': '--publish-service=$(POD_NAMESPACE)/ingress-nginx'
}
]

+ 22
- 0
k8s/nginx-ingress/service-nodeport.yaml View File

@ -0,0 +1,22 @@
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
- name: https
port: 443
targetPort: 443
protocol: TCP
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx

+ 0
- 5
k8s/nginx-ingress/tcp-services-configmap.yaml View File

@ -1,5 +0,0 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: tcp-services
namespace: ingress-nginx

+ 0
- 5
k8s/nginx-ingress/udp-services-configmap.yaml View File

@ -1,5 +0,0 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: udp-services
namespace: ingress-nginx

+ 0
- 61
k8s/nginx-ingress/without-rbac.yaml View File

@ -1,61 +0,0 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
namespace: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
app: ingress-nginx
template:
metadata:
labels:
app: ingress-nginx
annotations:
prometheus.io/port: '10254'
prometheus.io/scrape: 'true'
spec:
containers:
- name: nginx-ingress-controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --annotations-prefix=nginx.ingress.kubernetes.io
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1

Write Preview
Loading…
Cancel
Save