From 4d8931befb9d35550f74dbb85ba9b6300fe5ad97 Mon Sep 17 00:00:00 2001 From: Michael Pleshakov Date: Mon, 13 Apr 2020 10:46:05 -0700 Subject: [PATCH] Support TransportServer in Helm * Register TransportServer CRD * Add controller.enableTLSPassthrough parameter --- deployments/helm-chart/README.md | 1 + .../templates/controller-daemonset.yaml | 3 + .../templates/controller-deployment.yaml | 3 + .../templates/controller-ts-definition.yaml | 79 +++++++++++++++++++ deployments/helm-chart/templates/rbac.yaml | 1 + deployments/helm-chart/values.yaml | 3 + .../installation/installation-with-helm.md | 3 + 7 files changed, 93 insertions(+) create mode 100644 deployments/helm-chart/templates/controller-ts-definition.yaml diff --git a/deployments/helm-chart/README.md b/deployments/helm-chart/README.md index da7aad89b1..c53ab31000 100644 --- a/deployments/helm-chart/README.md +++ b/deployments/helm-chart/README.md @@ -146,6 +146,7 @@ Parameter | Description | Default `controller.useIngressClassOnly` | Ignore Ingress resources without the `"kubernetes.io/ingress.class"` annotation. | false `controller.watchNamespace` | Namespace to watch for Ingress resources. By default the Ingress controller watches all namespaces. | "" `controller.enableCustomResources` | Enable the custom resources. | true +`controller.enableTLSPassthrough` | Enable TLS Passthrough on port 443. Requires `controller.enableCustomResources`. | false `controller.healthStatus` | Add a location "/nginx-health" to the default server. The location responds with the 200 status code for any request. Useful for external health-checking of the Ingress controller. | false `controller.healthStatusURI` | Sets the URI of health status location in the default server. Requires `contoller.healthStatus`. | "/nginx-health" `controller.nginxStatus.enable` | Enable the NGINX stub_status, or the NGINX Plus API. | true diff --git a/deployments/helm-chart/templates/controller-daemonset.yaml b/deployments/helm-chart/templates/controller-daemonset.yaml index 677c160f52..e710cc9457 100644 --- a/deployments/helm-chart/templates/controller-daemonset.yaml +++ b/deployments/helm-chart/templates/controller-daemonset.yaml @@ -128,4 +128,7 @@ spec: - -enable-prometheus-metrics={{ .Values.prometheus.create }} - -prometheus-metrics-listen-port={{ .Values.prometheus.port }} - -enable-custom-resources={{ .Values.controller.enableCustomResources }} +{{- if .Values.controller.enableCustomResources }} + - -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }} +{{- end }} {{- end }} diff --git a/deployments/helm-chart/templates/controller-deployment.yaml b/deployments/helm-chart/templates/controller-deployment.yaml index 003208dec1..bbb981e869 100644 --- a/deployments/helm-chart/templates/controller-deployment.yaml +++ b/deployments/helm-chart/templates/controller-deployment.yaml @@ -126,4 +126,7 @@ spec: - -enable-prometheus-metrics={{ .Values.prometheus.create }} - -prometheus-metrics-listen-port={{ .Values.prometheus.port }} - -enable-custom-resources={{ .Values.controller.enableCustomResources }} +{{- if .Values.controller.enableCustomResources }} + - -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }} +{{- end }} {{- end }} diff --git a/deployments/helm-chart/templates/controller-ts-definition.yaml b/deployments/helm-chart/templates/controller-ts-definition.yaml new file mode 100644 index 0000000000..cefee61914 --- /dev/null +++ b/deployments/helm-chart/templates/controller-ts-definition.yaml @@ -0,0 +1,79 @@ +{{- if .Values.controller.enableCustomResources }} +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: transportservers.k8s.nginx.org + labels: + {{- include "nginx-ingress.labels" . | nindent 4 }} +spec: + group: k8s.nginx.org + versions: + - name: v1alpha1 + served: true + storage: true + scope: Namespaced + names: + plural: transportservers + singular: transportserver + kind: TransportServer + shortNames: + - ts + preserveUnknownFields: false + validation: + openAPIV3Schema: + description: TransportServer defines the TransportServer resource. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TransportServerSpec is the spec of the TransportServer resource. + type: object + properties: + action: + description: Action defines an action. + type: object + properties: + pass: + type: string + host: + type: string + listener: + description: TransportServerListener defines a listener for a TransportServer. + type: object + properties: + name: + type: string + protocol: + type: string + upstreamParameters: + description: UpstreamParameters defines parameters for an upstream. + type: object + properties: + udpRequests: + type: integer + udpResponses: + type: integer + upstreams: + type: array + items: + description: Upstream defines an upstream. + type: object + properties: + name: + type: string + port: + type: integer + service: + type: string +{{- end }} diff --git a/deployments/helm-chart/templates/rbac.yaml b/deployments/helm-chart/templates/rbac.yaml index 4b8ba12a7e..32ae2261e5 100644 --- a/deployments/helm-chart/templates/rbac.yaml +++ b/deployments/helm-chart/templates/rbac.yaml @@ -71,6 +71,7 @@ rules: resources: - virtualservers - virtualserverroutes + - transportservers verbs: - list - watch diff --git a/deployments/helm-chart/values.yaml b/deployments/helm-chart/values.yaml index 4f74a4378a..15b16e5a68 100644 --- a/deployments/helm-chart/values.yaml +++ b/deployments/helm-chart/values.yaml @@ -118,6 +118,9 @@ controller: ## Enable the custom resources. enableCustomResources: true + ## Enable TLS Passthrough on port 443. Requires controller.enableCustomResources. + enableTLSPassthrough: false + ## Add a location based on the value of health-status-uri to the default server. The location responds with the 200 status code for any request. ## Useful for external health-checking of the Ingress controller. healthStatus: false diff --git a/docs-web/installation/installation-with-helm.md b/docs-web/installation/installation-with-helm.md index 1d7aba578f..f0cbf6d6d9 100644 --- a/docs-web/installation/installation-with-helm.md +++ b/docs-web/installation/installation-with-helm.md @@ -208,6 +208,9 @@ The following tables lists the configurable parameters of the NGINX Ingress cont * - ``controller.enableCustomResources`` - Enable the custom resources. - true + * - ``controller.enableTLSPassthrough`` + - Enable TLS Passthrough on port 443. Requires ``controller.enableCustomResources``. + - false * - ``controller.healthStatus`` - Add a location "/nginx-health" to the default server. The location responds with the 200 status code for any request. Useful for external health-checking of the Ingress controller. - false