You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ki...@apache.org on 2020/11/29 08:08:01 UTC

[trafficserver-ingress-controller] branch master updated: Add support for overriding logging and TLS option configuration files (#57)

This is an automated email from the ASF dual-hosted git repository.

kichan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver-ingress-controller.git


The following commit(s) were added to refs/heads/master by this push:
     new 2a1556a  Add support for overriding logging and TLS option configuration files (#57)
2a1556a is described below

commit 2a1556a6dd6eb760bac431dbcc638b0e9843d966
Author: Kit Chan <ki...@apache.org>
AuthorDate: Sun Nov 29 00:07:55 2020 -0800

    Add support for overriding logging and TLS option configuration files (#57)
    
    * add support to new environment variables for changing logging and ssl server filenames
    
    * rename script
    
    * Document update
---
 Dockerfile                             |  2 ++
 bin/entry.sh                           |  3 +++
 bin/{entry.sh => records-config.sh}    | 25 ++++++-------------------
 docs/TUTORIAL.md                       |  9 +++++++--
 k8s/traffic-server/ats-deployment.yaml |  4 ++++
 5 files changed, 22 insertions(+), 21 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 9050e73..ed2da79 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -96,10 +96,12 @@ COPY ["./config/redis.conf", "/usr/local/etc/redis.conf"]
 # entry.sh + other scripts
 COPY ["./bin/tls-config.sh", "/usr/local/bin/tls-config.sh"]
 COPY ["./bin/tls-reload.sh", "/usr/local/bin/tls-reload.sh"]
+COPY ["./bin/records-config.sh", "/usr/local/bin/records-config.sh"]
 COPY ["./bin/entry.sh", "/usr/local/bin/entry.sh"]
 WORKDIR /usr/local/bin/
 RUN chmod 755 tls-config.sh
 RUN chmod 755 tls-reload.sh
+RUN chmod 755 records-config.sh
 RUN chmod 755 entry.sh
 
 FROM alpine:3.12.1
diff --git a/bin/entry.sh b/bin/entry.sh
index 34aabbe..55f143c 100755
--- a/bin/entry.sh
+++ b/bin/entry.sh
@@ -28,6 +28,9 @@ crond
 # generate TLS cert config file for ats 
 /usr/local/bin/tls-config.sh 
 
+# append specific environment variables to records.config 
+/usr/local/bin/records-config.sh
+
 # start redis
 redis-server /usr/local/etc/redis.conf 
 
diff --git a/bin/entry.sh b/bin/records-config.sh
similarity index 58%
copy from bin/entry.sh
copy to bin/records-config.sh
index 34aabbe..fd2823b 100755
--- a/bin/entry.sh
+++ b/bin/records-config.sh
@@ -18,23 +18,10 @@
 
 set +x
 
-# start basic service
-syslogd
-crond
-
-# TLS auto reload script
-/usr/local/bin/tls-reload.sh >> /usr/local/var/log/ingress/ingress_ats.err &
-
-# generate TLS cert config file for ats 
-/usr/local/bin/tls-config.sh 
-
-# start redis
-redis-server /usr/local/etc/redis.conf 
-
-# start ats
-chown -R nobody:nobody /usr/local/etc/trafficserver
-DISTRIB_ID=gentoo /usr/local/bin/trafficserver start
-
-sleep 20 
-/usr/local/go/bin/src/ingress-ats/ingress_ats -atsIngressClass="$INGRESS_CLASS" -atsNamespace="$POD_NAMESPACE" -useInClusterConfig=T 2>>/usr/local/var/log/ingress/ingress_ats.err
+if [ ! -z "${LOG_CONFIG_FNAME}" ]; then
+	echo "CONFIG proxy.config.log.config.filename STRING ${LOG_CONFIG_FNAME}" >> /usr/local/etc/trafficserver/records.config
+fi
 
+if [ ! -z "${SSL_SERVERNAME_FNAME}" ]; then
+	echo "CONFIG proxy.config.ssl.servername.filename STRING ${SSL_SERVERNAME_FNAME}" >> /usr/local/etc/trafficserver/records.config
+fi
diff --git a/docs/TUTORIAL.md b/docs/TUTORIAL.md
index 009e5a8..3832a72 100644
--- a/docs/TUTORIAL.md
+++ b/docs/TUTORIAL.md
@@ -27,6 +27,7 @@
   - [ConfigMap](#configmap)
   - [Snippet](#snippet)
   - [Ingress Class](#ingress-class)
+  - [Customizing Logging and TLS](#customizing-logging-and-tls)
 - [Logging and Monitoring](#logging-and-monitoring)
   - [Fluentd](#fluentd)
   - [Prometheus and Grafana](#prometheus-and-grafana)
@@ -59,7 +60,7 @@ Once you have cloned the project repo and started Docker and Minikube, in the te
 
 - At this point, we have created necessary images for our example:
   - Step 4 builds an image to create a Docker container that will contain the Apache Traffic Server (ATS) itself, the kubernetes ingress controller, along with other software required for the controller to do its job.
-  - Step 5 builds an image for the trafficserver exporter. This exports the ATS statistics over HTTP for Prometheus to read. 
+  - Step 5 builds an image for the trafficserver exporter. This exports the ATS statistics for Prometheus to read. It uses the [Stats Over HTTP Plugin](https://docs/trafficserver.apache.org/en/8.1.x/admin-guide/plugins/stats_over_http.en.html)
   - Steps 6 and 7 build 2 images that will serve as backends to [kubernetes services](https://kubernetes.io/docs/concepts/services-networking/service/) which we will shortly create
   - Step 8 builds an image for fluentd. This is for log collection.
 
@@ -124,7 +125,11 @@ You can attach [ATS lua script](https://docs.trafficserver.apache.org/en/8.0.x/a
 
 #### Ingress Class
 
-You can provide an environment variable called `INGRESS_CLASS` in the deployment to specify the ingress class. Only ingress object with annotation `kubernetes.io/ingress.class` with value equal to the environment variable value will be used by ATS for routing
+You can provide an environment variable called `INGRESS_CLASS` in the deployment to specify the ingress class. See an example commented out [here](../k8s/trafficserver/ats-deployment.yaml). Only ingress object with annotation `kubernetes.io/ingress.class` with value equal to the environment variable value will be used by ATS for routing
+
+#### Customizing Logging and TLS
+
+You can specify a different [logging.yaml](https://docs.trafficserver.apache.org/en/8.1.x/admin-guide/files/logging.yaml.en.html) and [ssl_server_name.yaml](https://docs.trafficserver.apache.org/en/8.1.x/admin-guide/files/ssl_server_name.yaml.en.html) by providing environment variable `LOG_CONFIG_FNAME` and `SSL_SERVER_FNAME` respsectively. See an example commented out [here](../k8s/trafficserver/ats-deployment.yaml). The new contents of them can be provided through a ConfigMap and loade [...]
 
 ### Logging and Monitoring
 
diff --git a/k8s/traffic-server/ats-deployment.yaml b/k8s/traffic-server/ats-deployment.yaml
index 82b0697..c61fc64 100644
--- a/k8s/traffic-server/ats-deployment.yaml
+++ b/k8s/traffic-server/ats-deployment.yaml
@@ -66,6 +66,10 @@ spec:
                   fieldPath: metadata.namespace
 #            - name: INGRESS_CLASS
 #              value: "ats"
+#            - name: LOG_CONFIG_FNAME
+#              value: "/usr/local/etc/trafficserver/logging.yaml"
+#            - name: SSL_SERVERNAME_FNAME
+#              value: "/usr/local/etc/trafficserver/ssl_server_name.yaml"
             - name: POD_TLS_PATH
               value: "/etc/ats/ssl"
           ports: