chore(ingress): change global.use_ingress to ingress.enabled

duanhongyi · duanhongyi · commit a1910b3d2f2a · 2019-03-21T12:41:07.000+08:00
diff --git a/charts/controller/templates/controller-clusterrole.yaml b/charts/controller/templates/controller-clusterrole.yaml
@@ -50,7 +50,7 @@ rules:
 - apiGroups: ["extensions", "autoscaling"]
   resources: ["horizontalpodautoscalers"]
   verbs: ["get", "list", "create", "update", "delete"]
-{{ if .Values.global.use_ingress }}
+{{ if .Values.ingress.enabled }}
 - apiGroups: ["extensions"]
   resources: ["ingresses"]
   verbs: ["get", "list", "watch", "create", "update", "delete"]
diff --git a/charts/controller/templates/controller-deployment.yaml b/charts/controller/templates/controller-deployment.yaml
@@ -6,6 +6,9 @@ metadata:
     heritage: drycc
   annotations:
     component.drycc.cc/version: {{ .Values.docker_tag }}
+  {{- range $key, $value := .Values.ingress.annotations }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
 spec:
   replicas: 1
   strategy:
@@ -58,10 +61,16 @@ spec:
             # NOTE(bacongobbler): use drycc/registry_proxy to work around Docker --insecure-registry requirements
             - name: "DRYCC_REGISTRY_SERVICE_HOST"
               value: "127.0.0.1"
-            # Environmental variable value for $USE_NATIVE_INGRESS
-            - name: "USE_NATIVE_INGRESS"
-              value: "{{ .Values.global.use_ingress }}"
-            - name: "INGRESS_HOSTNAME"
+            # Environmental variable value for $INGRESS_ENABLED
+            - name: "DRYCC_INGRESS_ENABLED"
+              value: "{{ .Values.ingress.enabled }}"
+            {{- if index $.Values.ingress "annotations" }}
+            - name: "DRYCC_INGRESS_CLASS"
+              value: "{{ (index $.Values.ingress.annotations "kubernetes.io/ingress.class" | default "") }}"
+            - name: "DRYCC_INGRESS_TLS_ACME"
+              value: "{{ (index $.Values.ingress.annotations "kubernetes.io/tls-acme" | default "true") }}"
+            {{- end -}}
+            - name: "DRYCC_PLATFORM_DOMAIN"
               value: "{{ .Values.platform_domain }}"
             - name: "K8S_API_VERIFY_TLS"
               value: "{{ .Values.k8s_api_verify_tls }}"
diff --git a/charts/controller/templates/controller-ingress.yaml b/charts/controller/templates/controller-ingress.yaml
@@ -1,4 +1,4 @@
-{{ if .Values.global.use_ingress }}
+{{ if .Values.ingress.enabled }}
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
diff --git a/charts/controller/values.yaml b/charts/controller/values.yaml
@@ -50,11 +50,16 @@ global:
   registry_service_port: 5555
   # Prefix for the imagepull secret created when using private registry
   secret_prefix: "private-registry"
-  # Experimental feature to toggle using kubernetes ingress instead of the Drycc router.
-  #
-  # Valid values are:
-  # - true: The drycc controller will now create Kubernetes ingress rules for each app, and ingress rules will automatically be created for the controller itself.
-  # - false: The default mode, and the default behavior of Drycc workflow.
-  use_ingress: false
   # Role-Based Access Control for Kubernetes >= 1.5
   use_rbac: false
+
+ingress:
+  # Experimental feature to use Kubernetes ingress instead of Workflow's drycc-router.
+  #
+  # Valid values are:
+  # - true: drycc-router will not be deployed. Workflow will not be usable until a Kubernetes ingress controller is installed.
+  # - false: drycc-router will be deployed (default).
+  enabled: false
+  # annotations:
+  #   kubernetes.io/ingress.class: nginx
+  #   kubernetes.io/tls-acme: 'true'
diff --git a/rootfs/api/models/app.py b/rootfs/api/models/app.py
@@ -230,16 +230,16 @@ def create(self, *args, **kwargs):  # noqa
 
         try:
             # In order to create an ingress, we must first have a namespace.
-            if settings.USE_NATIVE_INGRESS:
+            if settings.INGRESS_ENABLED:
                 if ingress == "":
                     raise ServiceUnavailable('Empty hostname')
                 try:
                     self._scheduler.ingress.get(ingress)
                 except KubeException:
                     self.log("creating Ingress {}".format(namespace), level=logging.INFO)
-                    self._scheduler.ingress.create(ingress,
-                                                   namespace,
-                                                   settings.INGRESS_HOSTNAME)
+                    self._scheduler.ingress.create(
+                        ingress, namespace, settings.PLATFORM_DOMAIN,
+                        settings.INGRESS_CLASS, settings.INGRESS_TLS_ACME)
         except KubeException as e:
             raise ServiceUnavailable('Could not create Ingress in Kubernetes') from e
         try:
diff --git a/rootfs/api/settings/production.py b/rootfs/api/settings/production.py
@@ -261,9 +261,12 @@
 BUILDER_KEY = os.environ.get('DRYCC_BUILDER_KEY', random_secret)
 
 # experimental native ingress
-USE_NATIVE_INGRESS = bool(strtobool(
-    os.environ.get('USE_NATIVE_INGRESS', 'false')))
-INGRESS_HOSTNAME = os.environ.get('INGRESS_HOSTNAME', '')
+INGRESS_ENABLED = bool(strtobool(
+    os.environ.get('DRYCC_INGRESS_ENABLED', 'false')))
+INGRESS_CLASS = os.environ.get('DRYCC_INGRESS_CLASS', '')
+INGRESS_TLS_ACME = bool(strtobool(
+    os.environ.get('DRYCC_INGRESS_TLS_ACME', 'false')))
+PLATFORM_DOMAIN = os.environ.get('DRYCC_PLATFORM_DOMAIN', '')
 
 # k8s image policies
 SLUGRUNNER_IMAGE = os.environ.get('SLUGRUNNER_IMAGE_NAME', 'quay.io/drycc/slugrunner:canary')  # noqa
diff --git a/rootfs/scheduler/resources/ingress.py b/rootfs/scheduler/resources/ingress.py
@@ -22,31 +22,40 @@ def get(self, name=None, **kwargs):
 
         return response
 
-    def create(self, ingress, namespace, hostname):
+    def create(self, ingress, namespace, hostname, ingress_class, tls_acme):
         url = "/apis/extensions/v1beta1/namespaces/%s/ingresses" % namespace
 
         data = {
             "kind": "Ingress",
             "apiVersion": "extensions/v1beta1",
             "metadata": {
                 "name": ingress
+                "annotations": {
+                    "kubernetes.io/tls-acme": tls_acme
+                }
             },
             "spec": {
                 "rules": [
-                    {"host": ingress + "." + hostname,
-                     "http": {
-                         "paths": [
-                             {"path": "/",
-                              "backend": {
-                                  "serviceName": ingress,
-                                  "servicePort": 80
-                              }}
-                         ]
-                     }
-                     }
+                    {
+                        "host": ingress + "." + hostname,
+                        "http": {
+                            "paths": [
+                                {
+                                    "path": "/",
+                                    "backend": {
+                                        "serviceName": ingress,
+                                        "servicePort": 80
+                                    }
+                                }
+                            ]
+                        }
+                    }
                 ]
             }
         }
+        if ingress_class:
+            data["metadata"]["annotations"].update({
+                "kubernetes.io/ingress.class": ingress_class})
         response = self.http_post(url, json=data)
 
         if not response.status_code == 201:

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-{{ if .Values.global.use_ingress }}`
	`1`	`+{{ if .Values.ingress.enabled }}`
`2`	`2`	`apiVersion: extensions/v1beta1`
`3`	`3`	`kind: Ingress`
`4`	`4`	`metadata:`