From 16cfa76e24513a433fd913ea5437fa161f3d8c51 Mon Sep 17 00:00:00 2001 From: Fernando Diaz Date: Tue, 28 Aug 2018 15:45:05 -0500 Subject: [PATCH] Enhance the Ingress Addon - Updates Ingress-Controller Version to 0.18.0 - Adds Service Account for Ingress-Controller - Adds Support for Prometheus - Fixes bug with TCP/UDP ConfigMaps not Loading --- deploy/addons/ingress/ingress-configmap.yaml | 4 + deploy/addons/ingress/ingress-dp.yaml | 26 ++-- deploy/addons/ingress/ingress-rbac.yaml | 146 +++++++++++++++++++ deploy/addons/ingress/ingress-svc.yaml | 3 +- docs/contributors/build_guide.md | 3 + pkg/minikube/assets/addons.go | 5 + 6 files changed, 177 insertions(+), 10 deletions(-) create mode 100644 deploy/addons/ingress/ingress-rbac.yaml diff --git a/deploy/addons/ingress/ingress-configmap.yaml b/deploy/addons/ingress/ingress-configmap.yaml index 6cadddb9a96d..2d1f7df96284 100644 --- a/deploy/addons/ingress/ingress-configmap.yaml +++ b/deploy/addons/ingress/ingress-configmap.yaml @@ -29,9 +29,13 @@ kind: ConfigMap metadata: name: tcp-services namespace: kube-system + labels: + addonmanager.kubernetes.io/mode: EnsureExists --- apiVersion: v1 kind: ConfigMap metadata: name: udp-services namespace: kube-system + labels: + addonmanager.kubernetes.io/mode: EnsureExists diff --git a/deploy/addons/ingress/ingress-dp.yaml b/deploy/addons/ingress/ingress-dp.yaml index c5294fb53483..f5e1bfe35193 100644 --- a/deploy/addons/ingress/ingress-dp.yaml +++ b/deploy/addons/ingress/ingress-dp.yaml @@ -18,17 +18,19 @@ metadata: name: default-http-backend namespace: kube-system labels: + app.kubernetes.io/name: default-http-backend + app.kubernetes.io/part-of: kube-system addonmanager.kubernetes.io/mode: Reconcile spec: replicas: 1 selector: matchLabels: - app: default-http-backend + app.kubernetes.io/name: default-http-backend addonmanager.kubernetes.io/mode: Reconcile template: metadata: labels: - app: default-http-backend + app.kubernetes.io/name: default-http-backend addonmanager.kubernetes.io/mode: Reconcile spec: terminationGracePeriodSeconds: 60 @@ -62,24 +64,30 @@ metadata: name: nginx-ingress-controller namespace: kube-system labels: - app: nginx-ingress-controller + app.kubernetes.io/name: nginx-ingress-controller + app.kubernetes.io/part-of: kube-system addonmanager.kubernetes.io/mode: Reconcile spec: replicas: 1 selector: matchLabels: - app: nginx-ingress-controller + app.kubernetes.io/name: nginx-ingress-controller + app.kubernetes.io/part-of: kube-system addonmanager.kubernetes.io/mode: Reconcile template: metadata: labels: - app: nginx-ingress-controller - name: nginx-ingress-controller + app.kubernetes.io/name: nginx-ingress-controller + app.kubernetes.io/part-of: kube-system addonmanager.kubernetes.io/mode: Reconcile + annotations: + prometheus.io/port: '10254' + prometheus.io/scrape: 'true' spec: + serviceAccountName: nginx-ingress terminationGracePeriodSeconds: 60 containers: - - image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.16.2 + - image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.18.0 name: nginx-ingress-controller imagePullPolicy: IfNotPresent readinessProbe: @@ -108,8 +116,7 @@ spec: hostPort: 80 - containerPort: 443 hostPort: 443 - # we expose 18080 to access nginx stats in url /nginx-status - # this is optional + # (Optional) we expose 18080 to access nginx stats in url /nginx-status - containerPort: 18080 hostPort: 18080 args: @@ -118,6 +125,7 @@ spec: - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-conf - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services - --udp-services-configmap=$(POD_NAMESPACE)/udp-services + - --annotations-prefix=nginx.ingress.kubernetes.io # use minikube IP address in ingress status field - --report-node-internal-ip-address securityContext: diff --git a/deploy/addons/ingress/ingress-rbac.yaml b/deploy/addons/ingress/ingress-rbac.yaml new file mode 100644 index 000000000000..d0e54c5f0890 --- /dev/null +++ b/deploy/addons/ingress/ingress-rbac.yaml @@ -0,0 +1,146 @@ +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-ingress + namespace: kube-system + labels: + addonmanager.kubernetes.io/mode: Reconcile + +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: system:nginx-ingress + labels: + kubernetes.io/bootstrapping: rbac-defaults + addonmanager.kubernetes.io/mode: Reconcile +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - "extensions" + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "extensions" + resources: + - ingresses/status + verbs: + - update + +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: nginx-ingress-role + namespace: kube-system + labels: + addonmanager.kubernetes.io/mode: Reconcile +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + # Defaults to "-" + # Here: "-" + # This has to be adapted if you change either parameter + # when launching the nginx-ingress-controller. + - "ingress-controller-leader-nginx" + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get + +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: nginx-ingress-role-binding + labels: + addonmanager.kubernetes.io/mode: Reconcile +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: nginx-ingress-role +subjects: +- kind: ServiceAccount + name: nginx-ingress + namespace: kube-system + +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: system:nginx-ingress + labels: + kubernetes.io/bootstrapping: rbac-defaults + addonmanager.kubernetes.io/mode: Reconcile +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:nginx-ingress +subjects: +- kind: ServiceAccount + name: nginx-ingress + namespace: kube-system \ No newline at end of file diff --git a/deploy/addons/ingress/ingress-svc.yaml b/deploy/addons/ingress/ingress-svc.yaml index 61c7518d60ec..a7001b9ba108 100644 --- a/deploy/addons/ingress/ingress-svc.yaml +++ b/deploy/addons/ingress/ingress-svc.yaml @@ -18,7 +18,8 @@ metadata: name: default-http-backend namespace: kube-system labels: - app: default-http-backend + app.kubernetes.io/name: default-http-backend + app.kubernetes.io/part-of: kube-system kubernetes.io/minikube-addons: ingress kubernetes.io/minikube-addons-endpoint: ingress addonmanager.kubernetes.io/mode: Reconcile diff --git a/docs/contributors/build_guide.md b/docs/contributors/build_guide.md index a78d47e1b44e..e96d413c643d 100644 --- a/docs/contributors/build_guide.md +++ b/docs/contributors/build_guide.md @@ -21,6 +21,9 @@ $ cd $GOPATH/src/k8s.io/minikube $ make ``` +Note: Make sure that you uninstall any previous versions of minikube before building +from the source. + ### Building from Source in Docker (using Debian stretch image with golang) Clone minikube: ```shell diff --git a/pkg/minikube/assets/addons.go b/pkg/minikube/assets/addons.go index 00687d9d27f1..e4c7357bfb2b 100644 --- a/pkg/minikube/assets/addons.go +++ b/pkg/minikube/assets/addons.go @@ -203,6 +203,11 @@ var Addons = map[string]*Addon{ constants.AddonsPath, "ingress-configmap.yaml", "0640"), + NewBinDataAsset( + "deploy/addons/ingress/ingress-rbac.yaml", + constants.AddonsPath, + "ingress-rbac.yaml", + "0640"), NewBinDataAsset( "deploy/addons/ingress/ingress-dp.yaml", constants.AddonsPath,