From 4cab73b63bf5e2c3fbd03a9059ac7b7854c69640 Mon Sep 17 00:00:00 2001 From: Kevin Smith Date: Fri, 18 Dec 2020 13:56:31 -0500 Subject: [PATCH 1/4] Add flexible ingress for elasticsearch and kibana --- elasticsearch/templates/ingress.yaml | 19 ++++++-------- elasticsearch/tests/elasticsearch_test.py | 26 ++++++++++++++++++-- elasticsearch/values.yaml | 5 ++-- kibana/templates/ingress.yaml | 11 +++++---- kibana/tests/kibana_test.py | 30 ++++++++++++++++++++--- kibana/values.yaml | 5 ++-- 6 files changed, 69 insertions(+), 27 deletions(-) diff --git a/elasticsearch/templates/ingress.yaml b/elasticsearch/templates/ingress.yaml index e34b475e1..aa2eda53e 100644 --- a/elasticsearch/templates/ingress.yaml +++ b/elasticsearch/templates/ingress.yaml @@ -1,7 +1,6 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "elasticsearch.uname" . -}} -{{- $servicePort := .Values.httpPort -}} -{{- $ingressPath := .Values.ingress.path -}} +{{- $httpPort := .Values.httpPort -}} apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: @@ -17,22 +16,18 @@ metadata: spec: {{- if .Values.ingress.tls }} tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} +{{ toYaml .Values.ingress.tls | indent 4 }} {{- end }} rules: {{- range .Values.ingress.hosts }} - - host: {{ . }} + - host: {{ .host }} http: paths: - - path: {{ $ingressPath }} + {{- range .paths }} + - path: {{ .path }} backend: serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} + servicePort: {{ .servicePort | default $httpPort }} + {{- end }} {{- end }} {{- end }} diff --git a/elasticsearch/tests/elasticsearch_test.py b/elasticsearch/tests/elasticsearch_test.py index e70f5adde..d0cd3ad7c 100755 --- a/elasticsearch/tests/elasticsearch_test.py +++ b/elasticsearch/tests/elasticsearch_test.py @@ -648,9 +648,19 @@ def test_adding_an_ingress_rule(): enabled: true annotations: kubernetes.io/ingress.class: nginx - path: / hosts: - - elasticsearch.elastic.co + - host: elasticsearch.elastic.co + paths: + - path: / + - host: '' + paths: + - path: / + - path: /mypath + servicePort: 8888 + - host: elasticsearch.hello.there + paths: + - path: / + servicePort: 9999 tls: - secretName: elastic-co-wildcard hosts: @@ -667,6 +677,18 @@ def test_adding_an_ingress_rule(): assert i["rules"][0]["http"]["paths"][0]["path"] == "/" assert i["rules"][0]["http"]["paths"][0]["backend"]["serviceName"] == uname assert i["rules"][0]["http"]["paths"][0]["backend"]["servicePort"] == 9200 + assert i["rules"][1]["host"] == None + assert i["rules"][1]["http"]["paths"][0]["path"] == "/" + assert i["rules"][1]["http"]["paths"][0]["backend"]["serviceName"] == uname + assert i["rules"][1]["http"]["paths"][0]["backend"]["servicePort"] == 9200 + assert i["rules"][1]["http"]["paths"][1]["path"] == "/mypath" + assert i["rules"][1]["http"]["paths"][1]["backend"]["serviceName"] == uname + assert i["rules"][1]["http"]["paths"][1]["backend"]["servicePort"] == 8888 + assert i["rules"][2]["host"] == "elasticsearch.hello.there" + assert i["rules"][2]["http"]["paths"][0]["path"] == "/" + assert i["rules"][2]["http"]["paths"][0]["backend"]["serviceName"] == uname + assert i["rules"][2]["http"]["paths"][0]["backend"]["servicePort"] == 9999 + def test_changing_the_protocol(): diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml index d2d2d94b9..ebdd04458 100755 --- a/elasticsearch/values.yaml +++ b/elasticsearch/values.yaml @@ -243,9 +243,10 @@ ingress: annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" - path: / hosts: - - chart-example.local + - host: chart-example.local + paths: + - path: / tls: [] # - secretName: chart-example-tls # hosts: diff --git a/kibana/templates/ingress.yaml b/kibana/templates/ingress.yaml index fd4eae24a..57ab7d451 100644 --- a/kibana/templates/ingress.yaml +++ b/kibana/templates/ingress.yaml @@ -1,7 +1,6 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "kibana.fullname" . -}} -{{- $servicePort := .Values.service.port -}} -{{- $ingressPath := .Values.ingress.path -}} +{{- $httpPort := .Values.httpPort -}} apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: @@ -18,12 +17,14 @@ spec: {{- end }} rules: {{- range .Values.ingress.hosts }} - - host: {{ . }} + - host: {{ .host }} http: paths: - - path: {{ $ingressPath }} + {{- range .paths }} + - path: {{ .path }} backend: serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} + servicePort: {{ .servicePort | default $httpPort }} + {{- end }} {{- end }} {{- end }} diff --git a/kibana/tests/kibana_test.py b/kibana/tests/kibana_test.py index b188db456..9b3323329 100644 --- a/kibana/tests/kibana_test.py +++ b/kibana/tests/kibana_test.py @@ -210,9 +210,19 @@ def test_adding_an_ingress_rule(): enabled: true annotations: kubernetes.io/ingress.class: nginx - path: / hosts: - - kibana.elastic.co + - host: kibana.elastic.co + paths: + - path: / + - path: /testpath + servicePort: 8888 + - host: '' + paths: + - path: / + - host: kibana.hello.there + paths: + - path: /mypath + servicePort: 9999 tls: - secretName: elastic-co-wildcard hosts: @@ -229,6 +239,17 @@ def test_adding_an_ingress_rule(): assert i["rules"][0]["http"]["paths"][0]["path"] == "/" assert i["rules"][0]["http"]["paths"][0]["backend"]["serviceName"] == name assert i["rules"][0]["http"]["paths"][0]["backend"]["servicePort"] == 5601 + assert i["rules"][0]["http"]["paths"][1]["path"] == "/testpath" + assert i["rules"][0]["http"]["paths"][1]["backend"]["serviceName"] == name + assert i["rules"][0]["http"]["paths"][1]["backend"]["servicePort"] == 8888 + assert i["rules"][1]["host"] == None + assert i["rules"][1]["http"]["paths"][0]["path"] == "/" + assert i["rules"][1]["http"]["paths"][0]["backend"]["serviceName"] == name + assert i["rules"][1]["http"]["paths"][0]["backend"]["servicePort"] == 5601 + assert i["rules"][2]["host"] == "kibana.hello.there" + assert i["rules"][2]["http"]["paths"][0]["path"] == "/mypath" + assert i["rules"][2]["http"]["paths"][0]["backend"]["serviceName"] == name + assert i["rules"][2]["http"]["paths"][0]["backend"]["servicePort"] == 9999 def test_adding_an_ingress_rule_wildcard(): @@ -237,9 +258,10 @@ def test_adding_an_ingress_rule_wildcard(): enabled: true annotations: kubernetes.io/ingress.class: nginx - path: / hosts: - - kibana.elastic.co + - host: kibana.elastic.co + paths: + - path: / tls: - secretName: elastic-co-wildcard hosts: diff --git a/kibana/values.yaml b/kibana/values.yaml index 23a3acb00..9f59286ac 100755 --- a/kibana/values.yaml +++ b/kibana/values.yaml @@ -120,9 +120,10 @@ ingress: annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" - path: / hosts: - - chart-example.local + - host: chart-example.local + paths: + - path: / tls: [] # - secretName: chart-example-tls # hosts: From faabaff42c040a8fd7bb9ea8749d3601acde407b Mon Sep 17 00:00:00 2001 From: Kevin Smith <42681130+kevinsmithwrs@users.noreply.github.com> Date: Mon, 21 Dec 2020 09:52:12 -0500 Subject: [PATCH 2/4] Update elasticsearch/tests/elasticsearch_test.py Co-authored-by: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> --- elasticsearch/tests/elasticsearch_test.py | 1 - 1 file changed, 1 deletion(-) diff --git a/elasticsearch/tests/elasticsearch_test.py b/elasticsearch/tests/elasticsearch_test.py index d0cd3ad7c..206d34d29 100755 --- a/elasticsearch/tests/elasticsearch_test.py +++ b/elasticsearch/tests/elasticsearch_test.py @@ -690,7 +690,6 @@ def test_adding_an_ingress_rule(): assert i["rules"][2]["http"]["paths"][0]["backend"]["servicePort"] == 9999 - def test_changing_the_protocol(): config = """ protocol: https From ae0d1688885f322c7d49c709a2b4e1774a368d88 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Tue, 22 Dec 2020 10:32:54 +0100 Subject: [PATCH 3/4] add backward compatibility --- elasticsearch/templates/ingress.yaml | 21 +++++++++ elasticsearch/tests/elasticsearch_test.py | 28 ++++++++++++ kibana/templates/ingress.yaml | 21 +++++++++ kibana/tests/kibana_test.py | 54 +++++++++++++++++++++++ 4 files changed, 124 insertions(+) diff --git a/elasticsearch/templates/ingress.yaml b/elasticsearch/templates/ingress.yaml index aa2eda53e..a9222eeee 100644 --- a/elasticsearch/templates/ingress.yaml +++ b/elasticsearch/templates/ingress.yaml @@ -1,6 +1,7 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "elasticsearch.uname" . -}} {{- $httpPort := .Values.httpPort -}} +{{- $ingressPath := .Values.ingress.path -}} apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: @@ -16,10 +17,29 @@ metadata: spec: {{- if .Values.ingress.tls }} tls: + {{- if .ingressPath }} + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- else }} {{ toYaml .Values.ingress.tls | indent 4 }} + {{- end }} {{- end }} rules: {{- range .Values.ingress.hosts }} + {{- if $ingressPath }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $httpPort }} + {{- else }} - host: {{ .host }} http: paths: @@ -29,5 +49,6 @@ spec: serviceName: {{ $fullName }} servicePort: {{ .servicePort | default $httpPort }} {{- end }} + {{- end }} {{- end }} {{- end }} diff --git a/elasticsearch/tests/elasticsearch_test.py b/elasticsearch/tests/elasticsearch_test.py index 206d34d29..cefb290a2 100755 --- a/elasticsearch/tests/elasticsearch_test.py +++ b/elasticsearch/tests/elasticsearch_test.py @@ -690,6 +690,34 @@ def test_adding_an_ingress_rule(): assert i["rules"][2]["http"]["paths"][0]["backend"]["servicePort"] == 9999 +def test_adding_a_deprecated_ingress_rule(): + config = """ +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + path: / + hosts: + - elasticsearch.elastic.co + tls: + - secretName: elastic-co-wildcard + hosts: + - elasticsearch.elastic.co +""" + + r = helm_template(config) + assert uname in r["ingress"] + i = r["ingress"][uname]["spec"] + print(i["tls"]) + assert i["tls"][0]["hosts"][0] == "elasticsearch.elastic.co" + assert i["tls"][0]["secretName"] == "elastic-co-wildcard" + + assert i["rules"][0]["host"] == "elasticsearch.elastic.co" + assert i["rules"][0]["http"]["paths"][0]["path"] == "/" + assert i["rules"][0]["http"]["paths"][0]["backend"]["serviceName"] == uname + assert i["rules"][0]["http"]["paths"][0]["backend"]["servicePort"] == 9200 + + def test_changing_the_protocol(): config = """ protocol: https diff --git a/kibana/templates/ingress.yaml b/kibana/templates/ingress.yaml index 57ab7d451..f79255f30 100644 --- a/kibana/templates/ingress.yaml +++ b/kibana/templates/ingress.yaml @@ -1,6 +1,7 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "kibana.fullname" . -}} {{- $httpPort := .Values.httpPort -}} +{{- $ingressPath := .Values.ingress.path -}} apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: @@ -13,10 +14,29 @@ metadata: spec: {{- if .Values.ingress.tls }} tls: + {{- if .ingressPath }} + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- else }} {{ toYaml .Values.ingress.tls | indent 4 }} + {{- end }} {{- end }} rules: {{- range .Values.ingress.hosts }} + {{- if $ingressPath }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $httpPort }} + {{- else }} - host: {{ .host }} http: paths: @@ -26,5 +46,6 @@ spec: serviceName: {{ $fullName }} servicePort: {{ .servicePort | default $httpPort }} {{- end }} + {{- end }} {{- end }} {{- end }} diff --git a/kibana/tests/kibana_test.py b/kibana/tests/kibana_test.py index 9b3323329..5a3f30b34 100644 --- a/kibana/tests/kibana_test.py +++ b/kibana/tests/kibana_test.py @@ -252,6 +252,33 @@ def test_adding_an_ingress_rule(): assert i["rules"][2]["http"]["paths"][0]["backend"]["servicePort"] == 9999 +def test_adding_a_deprecated_ingress_rule(): + config = """ +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + path: / + hosts: + - kibana.elastic.co + tls: + - secretName: elastic-co-wildcard + hosts: + - kibana.elastic.co +""" + + r = helm_template(config) + assert name in r["ingress"] + i = r["ingress"][name]["spec"] + assert i["tls"][0]["hosts"][0] == "kibana.elastic.co" + assert i["tls"][0]["secretName"] == "elastic-co-wildcard" + + assert i["rules"][0]["host"] == "kibana.elastic.co" + assert i["rules"][0]["http"]["paths"][0]["path"] == "/" + assert i["rules"][0]["http"]["paths"][0]["backend"]["serviceName"] == name + assert i["rules"][0]["http"]["paths"][0]["backend"]["servicePort"] == 5601 + + def test_adding_an_ingress_rule_wildcard(): config = """ ingress: @@ -280,6 +307,33 @@ def test_adding_an_ingress_rule_wildcard(): assert i["rules"][0]["http"]["paths"][0]["backend"]["servicePort"] == 5601 +def test_adding_a_deprecated_ingress_rule_wildcard(): + config = """ +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + path: / + hosts: + - kibana.elastic.co + tls: + - secretName: elastic-co-wildcard + hosts: + - "*.elastic.co" +""" + + r = helm_template(config) + assert name in r["ingress"] + i = r["ingress"][name]["spec"] + assert i["tls"][0]["hosts"][0] == "*.elastic.co" + assert i["tls"][0]["secretName"] == "elastic-co-wildcard" + + assert i["rules"][0]["host"] == "kibana.elastic.co" + assert i["rules"][0]["http"]["paths"][0]["path"] == "/" + assert i["rules"][0]["http"]["paths"][0]["backend"]["serviceName"] == name + assert i["rules"][0]["http"]["paths"][0]["backend"]["servicePort"] == 5601 + + def test_override_the_default_update_strategy(): config = """ updateStrategy: From b334adb870d3a2572f746b7db315029861340f17 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Tue, 22 Dec 2020 10:35:42 +0100 Subject: [PATCH 4/4] fixup! add backward compatibility --- elasticsearch/templates/ingress.yaml | 10 +++++----- elasticsearch/tests/elasticsearch_test.py | 1 - 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/elasticsearch/templates/ingress.yaml b/elasticsearch/templates/ingress.yaml index a9222eeee..bcb2befa6 100644 --- a/elasticsearch/templates/ingress.yaml +++ b/elasticsearch/templates/ingress.yaml @@ -19,11 +19,11 @@ spec: tls: {{- if .ingressPath }} {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . }} - {{- end }} - secretName: {{ .secretName }} + - hosts: + {{- range .hosts }} + - {{ . }} + {{- end }} + secretName: {{ .secretName }} {{- end }} {{- else }} {{ toYaml .Values.ingress.tls | indent 4 }} diff --git a/elasticsearch/tests/elasticsearch_test.py b/elasticsearch/tests/elasticsearch_test.py index cefb290a2..435b316a0 100755 --- a/elasticsearch/tests/elasticsearch_test.py +++ b/elasticsearch/tests/elasticsearch_test.py @@ -708,7 +708,6 @@ def test_adding_a_deprecated_ingress_rule(): r = helm_template(config) assert uname in r["ingress"] i = r["ingress"][uname]["spec"] - print(i["tls"]) assert i["tls"][0]["hosts"][0] == "elasticsearch.elastic.co" assert i["tls"][0]["secretName"] == "elastic-co-wildcard"