VOL-569: Create kubernetes deployment configuration for each voltha service
This update:
- renames all voltha images referenced in kubernetes deployment files
to the 'voltha-<component>' format
- adds the kubernetes deployment files for grafana, dashd, and shovel
- adds deployment files for an Ingress resource and an nginx-based ingress
controller to allow access to the Consul and Grafana UIs from outside
the cluster
Manifest file ingress/05-namespace.yml sets up a namespace 'ingress-nginx'
for all ingress-related resources. This file will be deleted once we move
all voltha components, including ingress, to a 'voltha' namespace.
Deployment instructions for the ingress resources are provided in README.md.
Change-Id: I0459e838318c43e21f40e83b314f77fc9e0456f8
diff --git a/k8s/ingress/05-namespace.yml b/k8s/ingress/05-namespace.yml
new file mode 100644
index 0000000..6878f0b
--- /dev/null
+++ b/k8s/ingress/05-namespace.yml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: ingress-nginx
diff --git a/k8s/ingress/10-default-backend.yml b/k8s/ingress/10-default-backend.yml
new file mode 100644
index 0000000..64f6f58
--- /dev/null
+++ b/k8s/ingress/10-default-backend.yml
@@ -0,0 +1,52 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: default-http-backend
+ labels:
+ app: default-http-backend
+ namespace: ingress-nginx
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: default-http-backend
+ spec:
+ terminationGracePeriodSeconds: 60
+ containers:
+ - name: default-http-backend
+ # Any image is permissable as long as:
+ # 1. It serves a 404 page at /
+ # 2. It serves 200 on a /healthz endpoint
+ image: gcr.io/google_containers/defaultbackend:1.4
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8080
+ scheme: HTTP
+ initialDelaySeconds: 30
+ timeoutSeconds: 5
+ ports:
+ - containerPort: 8080
+ resources:
+ limits:
+ cpu: 10m
+ memory: 20Mi
+ requests:
+ cpu: 10m
+ memory: 20Mi
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: default-http-backend
+ namespace: ingress-nginx
+ labels:
+ app: default-http-backend
+spec:
+ ports:
+ - port: 80
+ targetPort: 8080
+ selector:
+ app: default-http-backend
diff --git a/k8s/ingress/20-configmap.yml b/k8s/ingress/20-configmap.yml
new file mode 100644
index 0000000..08e9101
--- /dev/null
+++ b/k8s/ingress/20-configmap.yml
@@ -0,0 +1,7 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: nginx-configuration
+ namespace: ingress-nginx
+ labels:
+ app: ingress-nginx
diff --git a/k8s/ingress/30-tcp-services-configmap.yml b/k8s/ingress/30-tcp-services-configmap.yml
new file mode 100644
index 0000000..a963085
--- /dev/null
+++ b/k8s/ingress/30-tcp-services-configmap.yml
@@ -0,0 +1,5 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: tcp-services
+ namespace: ingress-nginx
diff --git a/k8s/ingress/40-udp-services-configmap.yml b/k8s/ingress/40-udp-services-configmap.yml
new file mode 100644
index 0000000..1870931
--- /dev/null
+++ b/k8s/ingress/40-udp-services-configmap.yml
@@ -0,0 +1,5 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: udp-services
+ namespace: ingress-nginx
diff --git a/k8s/ingress/50-rbac.yml b/k8s/ingress/50-rbac.yml
new file mode 100644
index 0000000..3018532
--- /dev/null
+++ b/k8s/ingress/50-rbac.yml
@@ -0,0 +1,133 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: nginx-ingress-serviceaccount
+ namespace: ingress-nginx
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+ name: nginx-ingress-clusterrole
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - endpoints
+ - nodes
+ - pods
+ - secrets
+ verbs:
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
+ - apiGroups:
+ - ""
+ resources:
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - "extensions"
+ resources:
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+ - apiGroups:
+ - "extensions"
+ resources:
+ - ingresses/status
+ verbs:
+ - update
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+ name: nginx-ingress-role
+ namespace: ingress-nginx
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - pods
+ - secrets
+ - namespaces
+ verbs:
+ - get
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ resourceNames:
+ # Defaults to "<election-id>-<ingress-class>"
+ # Here: "<ingress-controller-leader>-<nginx>"
+ # This has to be adapted if you change either parameter
+ # when launching the nginx-ingress-controller.
+ - "ingress-controller-leader-nginx"
+ verbs:
+ - get
+ - update
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - create
+ - apiGroups:
+ - ""
+ resources:
+ - endpoints
+ verbs:
+ - get
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+ name: nginx-ingress-role-nisa-binding
+ namespace: ingress-nginx
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: nginx-ingress-role
+subjects:
+ - kind: ServiceAccount
+ name: nginx-ingress-serviceaccount
+ namespace: ingress-nginx
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+ name: nginx-ingress-clusterrole-nisa-binding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: nginx-ingress-clusterrole
+subjects:
+ - kind: ServiceAccount
+ name: nginx-ingress-serviceaccount
+ namespace: ingress-nginx
diff --git a/k8s/ingress/60-cluster-ingress-nginx.yml b/k8s/ingress/60-cluster-ingress-nginx.yml
new file mode 100644
index 0000000..a70a7fa
--- /dev/null
+++ b/k8s/ingress/60-cluster-ingress-nginx.yml
@@ -0,0 +1,72 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: nginx-ingress-controller
+ namespace: ingress-nginx
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: ingress-nginx
+ template:
+ metadata:
+ labels:
+ app: ingress-nginx
+ annotations:
+ prometheus.io/port: '10254'
+ prometheus.io/scrape: 'true'
+ spec:
+ serviceAccountName: nginx-ingress-serviceaccount
+ initContainers:
+ - command:
+ - sh
+ - -c
+ - sysctl -w net.core.somaxconn=32768; sysctl -w net.ipv4.ip_local_port_range="1024 65535"
+ image: alpine:3.6
+ imagePullPolicy: IfNotPresent
+ name: sysctl
+ securityContext:
+ privileged: true
+ containers:
+ - name: nginx-ingress-controller
+ image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.10.2
+ args:
+ - /nginx-ingress-controller
+ - --default-backend-service=$(POD_NAMESPACE)/default-http-backend
+ - --configmap=$(POD_NAMESPACE)/nginx-configuration
+ - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
+ - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
+ - --annotations-prefix=nginx.ingress.kubernetes.io
+ env:
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ ports:
+ - name: http
+ containerPort: 80
+ - name: https
+ containerPort: 443
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /healthz
+ port: 10254
+ scheme: HTTP
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /healthz
+ port: 10254
+ scheme: HTTP
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
diff --git a/k8s/ingress/70-service-ingress-nginx.yml b/k8s/ingress/70-service-ingress-nginx.yml
new file mode 100644
index 0000000..9a1cfa9
--- /dev/null
+++ b/k8s/ingress/70-service-ingress-nginx.yml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: ingress-nginx
+ namespace: ingress-nginx
+spec:
+ type: NodePort
+ selector:
+ app: ingress-nginx
+ ports:
+ - name: http
+ port: 80
+ nodePort: 30080
+ targetPort: http
+ - name: https
+ port: 443
+ nodePort: 30443
+ targetPort: https
diff --git a/k8s/ingress/80-ingress.yml b/k8s/ingress/80-ingress.yml
new file mode 100644
index 0000000..c665801
--- /dev/null
+++ b/k8s/ingress/80-ingress.yml
@@ -0,0 +1,23 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: voltha-ingress
+ annotations:
+ kubernetes.io/ingress.class: "nginx"
+ ingress.kubernetes.io/rewrite-target: /
+spec:
+ rules:
+ - host: k8s-consul
+ http:
+ paths:
+ - path: /
+ backend:
+ serviceName: consul
+ servicePort: 8500
+ - host: k8s-grafana
+ http:
+ paths:
+ - path: /
+ backend:
+ serviceName: grafana
+ servicePort: 8883