You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by om...@apache.org on 2019/12/03 13:12:58 UTC
[incubator-dlab] branch DLAB-1158 updated: added step-ca
This is an automated email from the ASF dual-hosted git repository.
omartushevskyi pushed a commit to branch DLAB-1158
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/DLAB-1158 by this push:
new 7e0a03b added step-ca
7e0a03b is described below
commit 7e0a03be035ea205b0babb3d809bf773debff612
Author: Oleh Martushevskyi <Ol...@epam.com>
AuthorDate: Tue Dec 3 15:12:44 2019 +0200
added step-ca
---
.../helm_charts/dlab-ui-chart/templates/cert.yaml | 1 +
.../modules/helm_charts/dlab-ui-chart/values.yaml | 9 ++-
.../ssn-gke/main/modules/helm_charts/dlab-ui.tf | 3 +-
.../main/modules/helm_charts/external-dns.tf | 35 +++++++++
.../modules/helm_charts/external-dns/.helmignore | 43 ++++++++++++
.../modules/helm_charts/external-dns/Chart.yaml | 26 +++++++
.../helm_charts/external-dns/templates/NOTES.txt | 27 +++++++
.../external-dns/templates/_helpers.tpl | 65 +++++++++++++++++
.../external-dns/templates/externaldns.yaml | 82 ++++++++++++++++++++++
.../modules/helm_charts/external-dns/values.yaml | 23 ++++++
.../ssn-gke/main/modules/helm_charts/keycloak.tf | 4 +-
11 files changed, 312 insertions(+), 6 deletions(-)
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/templates/cert.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/templates/cert.yaml
index 9285a2b..1836887 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/templates/cert.yaml
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/templates/cert.yaml
@@ -35,6 +35,7 @@ spec:
# DNS SAN
dnsNames:
- localhost
+ - dlab-ui.k8s-gcp.dlabanalytics.com
# IP Address SAN
ipAddresses:
- "127.0.0.1"
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml
index a75d1ab..0b679ad 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml
@@ -41,7 +41,8 @@ ui:
https_port: 443
ingress:
enabled: true
- host: ${ssn_k8s_alb_dns_name}
+ host: dlab-ui.k8s-gcp.dlabanalytics.com
+ # ${ssn_k8s_alb_dns_name}
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
@@ -53,8 +54,10 @@ ui:
username: ${mongo_user}
db_name: ${mongo_db_name}
keycloak:
- auth_server_url: https://${ssn_k8s_alb_dns_name}/auth
- redirect_uri: https://${ssn_k8s_alb_dns_name}/
+ auth_server_url: dlab-ui.k8s-gcp.dlabanalytics.com
+ # https://${ssn_k8s_alb_dns_name}/auth
+ redirect_uri: dlab-ui.k8s-gcp.dlabanalytics.com
+ # https://${ssn_k8s_alb_dns_name}/
custom_certs:
enabled: ${custom_certs_enabled}
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf
index 0f0fcb9..5dd911a 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf
@@ -49,7 +49,8 @@ data "template_file" "dlab_ui_values" {
resource "helm_release" "dlab_ui" {
name = "dlab-ui"
chart = "./modules/helm_charts/dlab-ui-chart"
- depends_on = [helm_release.mongodb, kubernetes_secret.mongo_db_password_secret, null_resource.step_ca_issuer_delay]
+ depends_on = [helm_release.mongodb, kubernetes_secret.mongo_db_password_secret, null_resource.step_ca_issuer_delay,
+ helm_release.external_dns]
namespace = kubernetes_namespace.dlab-namespace.metadata[0].name
wait = true
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns.tf b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns.tf
new file mode 100644
index 0000000..3da1568
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns.tf
@@ -0,0 +1,35 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+data "template_file" "external_dns_values" {
+ template = file("./modules/helm_charts/external-dns/values.yaml")
+}
+
+resource "helm_release" "external_dns" {
+ name = "external-dns"
+ chart = "./modules/helm_charts/external-dns"
+ namespace = kubernetes_namespace.dlab-namespace.metadata[0].name
+ wait = true
+ depends_on = [helm_release.nginx]
+ values = [
+ data.template_file.step_issuer_values.rendered
+ ]
+}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/.helmignore b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/.helmignore
new file mode 100644
index 0000000..4976779
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/.helmignore
@@ -0,0 +1,43 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/Chart.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/Chart.yaml
new file mode 100644
index 0000000..89fe41a
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/Chart.yaml
@@ -0,0 +1,26 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: external-dns
+version: 0.1.0
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/templates/NOTES.txt b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/templates/NOTES.txt
new file mode 100644
index 0000000..58e9f20
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/templates/NOTES.txt
@@ -0,0 +1,27 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+Your release is named {{ .Release.Name }}.
+
+To learn more about the release, try:
+
+ $ helm status {{ .Release.Name }}
+ $ helm get {{ .Release.Name }}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/templates/_helpers.tpl b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/templates/_helpers.tpl
new file mode 100644
index 0000000..91e2a65
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/templates/_helpers.tpl
@@ -0,0 +1,65 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "external-dns.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "external-dns.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "external-dns.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "external-dns.labels" -}}
+app.kubernetes.io/name: {{ include "external-dns.name" . }}
+helm.sh/chart: {{ include "external-dns.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/templates/externaldns.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/templates/externaldns.yaml
new file mode 100644
index 0000000..dc44629
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/templates/externaldns.yaml
@@ -0,0 +1,82 @@
+{{- /*
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+*/ -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: external-dns
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+ name: external-dns
+rules:
+- apiGroups: [""]
+ resources: ["services"]
+ verbs: ["get","watch","list"]
+- apiGroups: [""]
+ resources: ["pods"]
+ verbs: ["get","watch","list"]
+- apiGroups: ["extensions"]
+ resources: ["ingresses"]
+ verbs: ["get","watch","list"]
+- apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+ name: external-dns-viewer
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: external-dns
+subjects:
+- kind: ServiceAccount
+ name: external-dns
+ namespace: default
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: external-dns
+spec:
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app: external-dns
+ spec:
+ serviceAccountName: external-dns
+ containers:
+ - name: external-dns
+ image: registry.opensource.zalan.do/teapot/external-dns:latest
+ args:
+ - --source=ingress
+ - --domain-filter=k8s-gcp.dlabanalytics.com
+ - --provider=google
+ - --google-project=or2-msq-epmc-dlab-t1iylu
+ - --registry=txt
+ - --txt-owner-id=my-identifier
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/values.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/values.yaml
new file mode 100644
index 0000000..b2591c4
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/values.yaml
@@ -0,0 +1,23 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+replicaCount: 1
+
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf
index a5ab90e..8c8eb06 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf
@@ -22,7 +22,7 @@
data "template_file" "configure_keycloak" {
template = file("./modules/helm_charts/files/configure_keycloak.sh")
vars = {
- ssn_k8s_alb_dns_name = local.ui_host
+ ssn_k8s_alb_dns_name = "dlab-ui.k8s-gcp.dlabanalytics.com" # local.ui_host
keycloak_user = var.keycloak_user
keycloak_password = random_string.keycloak_password.result
keycloak_client_secret = random_uuid.keycloak_client_secret.result
@@ -42,7 +42,7 @@ data "template_file" "keycloak_values" {
vars = {
keycloak_user = var.keycloak_user
keycloak_password = random_string.keycloak_password.result
- ssn_k8s_alb_dns_name = local.ui_host
+ ssn_k8s_alb_dns_name = "dlab-ui.k8s-gcp.dlabanalytics.com" # local.ui_host
configure_keycloak_file = data.template_file.configure_keycloak.rendered
mysql_db_name = var.mysql_db_name
mysql_user = var.mysql_user
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org