Merge pull request #68 from StackStorm/add/ingress

Add support for ingress

Author: warrenvw

CHANGELOG.md

@@ -2,6 +2,9 @@
 
 ## In Development
 
+## v0.15.0
+* Add support for ingress (#68)
+
 ## v0.14.0
 * Pin st2 version to `v3.1dev` as a new latest development version (#67)
 

Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 # Update StackStorm version here to rely on other Docker images tags
 appVersion: 3.1dev
 name: stackstorm-ha
-version: 0.14.0
+version: 0.15.0
 description: StackStorm K8s Helm Chart, optimized for running StackStorm in HA environment.
 home: https://stackstorm.com/#product
 icon: https://avatars1.githubusercontent.com/u/4969009

README.md

@@ -45,6 +45,22 @@ See Helm `values.yaml`, `enterprise` section for configuration examples.
 > Don't have StackStorm Enterprise License?<br>
 > 90-day free trial can be requested at https://stackstorm.com/#product
 
+## Configuration
+
+The default configuration values for this chart are described in `values.yaml`.
+
+## Ingress
+
+Ingress is worth considering if you want to expose multiple services under the same IP address, and
+these services all use the same L7 protocol (typically HTTP). You only pay for one load balancer if
+you are using native cloud integration, and because Ingress is "smart", you can get a lot of
+features out of the box (like SSL, Auth, Routing, etc.). See the ingress section in `values.yaml`
+for configuration details.
+
+You will first need to deploy an ingress controller of your preference. See
+https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/#additional-controllers
+for more information.
+
 ## Components
 
 The Community FOSS Dockerfiles used to generate the docker images for each st2 component are available at

templates/NOTES.txt

@@ -21,15 +21,24 @@ echo https://${ST2WEB_IP}/
 echo https://127.0.0.1:8443
 kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ .Release.Name }}-st2web{{ template "enterpriseSuffix" . }} 8443:443
 
-{{- end }}
-{{- if contains "NodePort" .Values.st2web.service.type }}
+{{- else if contains "NodePort" .Values.st2web.service.type }}
 
 export ST2WEB_IP=$(minikube ip 2>/dev/null || kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
 export ST2WEB_PORT="$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ .Release.Name }}-st2web{{ template "enterpriseSuffix" . }})"
 echo https://${ST2WEB_IP}:${ST2WEB_PORT}/
 
 {{- end }}
 
+{{- if .Values.ingress.enabled -}}
+Ingress is enabled. You may access following endpoints:
+{{- range .Values.ingress.hosts }}
+  {{- $host := .host -}}
+  {{- range .paths }}
+  http{{- if $.Values.ingress.tls }}s{{- end -}}://{{ $host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- end }}
+
 2. Login with the following credentials:
 username: {{ .Values.secrets.st2.username }}
 password: {{ .Values.secrets.st2.password }}

templates/ingress.yaml

@@ -1 +1,49 @@
-# TODO: Research & add Ingress controller for exposing st2web service to public net (#6)
+{{- if .Values.ingress.enabled }}
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ .Release.Name }}-ingress{{ template "enterpriseSuffix" . }}
+  labels:
+    app: ingress
+    tier: frontend
+    vendor: stackstorm
+    support: {{ template "supportMethod" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+  annotations:
+    {{- if .Values.ingress.tls }}
+    ingress.kubernetes.io/secure-backends: "true"
+    {{- end }}
+    {{- range $key, $value := .Values.ingress.annotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+spec:
+  rules:
+  {{- range .Values.ingress.hosts }}
+  - host: {{ .host }}
+    http:
+      paths:
+      {{- range .paths }}
+        - path: {{ default "/*" .path }}
+          backend:
+            serviceName: {{ .serviceName }}
+            servicePort: {{ .servicePort }}
+      {{- end }}
+  {{- else }}
+    {{- if required "Missing context '.Values.st2web.service.hostname'!" .Values.st2web.service.hostname }}
+  - host: {{ .Values.st2web.service.hostname }}
+    {{- end }}
+    http:
+      paths:
+        - path: "/*"
+          backend:
+            serviceName: {{ .Release.Name }}-st2web{{ template "enterpriseSuffix" . }}
+            servicePort: "443"
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+{{ toYaml .Values.ingress.tls | indent 4 }}
+  {{- end -}}
+{{- end }}

values.yaml

@@ -120,6 +120,32 @@ st2:
     #  uid: api_key:56928c2d9637ce44338e9564d4b939df8b258410db23b5a80f8ad69d58e648b574f35f9293c3a76bde263738be9aa8379a81553cd55513ad672540b7b0ec0cac
     #  user: st2admin
 
+##
+## StackStorm HA Ingress
+##
+ingress:
+  # As recommended, ingress is disabled by default.
+  enabled: false
+  # Annotations are used to configure the ingress controller
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  # Map hosts to paths
+  hosts: []
+  # - host: hostname.domain.tld
+  #   # NOTE: Both path and service details are optional. A working default will be used to
+  #   # automatically configure st2web for ingress.
+  #   # Map paths to services
+  #   paths:
+  #     - path: /
+  #       serviceName: service
+  #       servicePort: port
+  # Secure the Ingress by specifying a secret that contains a TLS private key and certificate
+  tls: []
+  # - secretName: chart-example-tls
+  #   hosts:
+  #     - chart-example.test
+
 ##
 ## StackStorm HA Cluster Secrets. All fields are required!
 ## NB! It's highly recommended to change ALL defaults!