From ae7526ccfe9dcb9742a598c5961f85a4db90b629 Mon Sep 17 00:00:00 2001 From: Kevin Smith <42681130+kevinsmithwrs@users.noreply.github.com> Date: Tue, 22 Dec 2020 05:12:19 -0500 Subject: [PATCH] [elasticsearch][kibana] Add flexible ingress (#994) Co-authored-by: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> --- elasticsearch/templates/ingress.yaml | 20 +++++- elasticsearch/tests/elasticsearch_test.py | 48 ++++++++++++++ elasticsearch/values.yaml | 5 +- kibana/templates/ingress.yaml | 26 +++++++- kibana/tests/kibana_test.py | 76 +++++++++++++++++++++++ kibana/values.yaml | 5 +- 6 files changed, 172 insertions(+), 8 deletions(-) diff --git a/elasticsearch/templates/ingress.yaml b/elasticsearch/templates/ingress.yaml index e34b475e1..bcb2befa6 100644 --- a/elasticsearch/templates/ingress.yaml +++ b/elasticsearch/templates/ingress.yaml @@ -1,6 +1,6 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "elasticsearch.uname" . -}} -{{- $servicePort := .Values.httpPort -}} +{{- $httpPort := .Values.httpPort -}} {{- $ingressPath := .Values.ingress.path -}} apiVersion: networking.k8s.io/v1beta1 kind: Ingress @@ -17,22 +17,38 @@ metadata: spec: {{- if .Values.ingress.tls }} tls: + {{- if .ingressPath }} {{- range .Values.ingress.tls }} - hosts: {{- range .hosts }} - {{ . }} {{- end }} secretName: {{ .secretName }} + {{- end }} + {{- else }} +{{ toYaml .Values.ingress.tls | indent 4 }} {{- end }} {{- end }} rules: {{- range .Values.ingress.hosts }} + {{- if $ingressPath }} - host: {{ . }} http: paths: - path: {{ $ingressPath }} backend: serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} + servicePort: {{ $httpPort }} + {{- else }} + - host: {{ .host }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ .servicePort | default $httpPort }} + {{- end }} + {{- end }} {{- end }} {{- end }} diff --git a/elasticsearch/tests/elasticsearch_test.py b/elasticsearch/tests/elasticsearch_test.py index f414d68e1..db2bc0d24 100755 --- a/elasticsearch/tests/elasticsearch_test.py +++ b/elasticsearch/tests/elasticsearch_test.py @@ -691,6 +691,54 @@ def test_adding_a_node_affinity(): def test_adding_an_ingress_rule(): config = """ +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + hosts: + - host: elasticsearch.elastic.co + paths: + - path: / + - host: '' + paths: + - path: / + - path: /mypath + servicePort: 8888 + - host: elasticsearch.hello.there + paths: + - path: / + servicePort: 9999 + tls: + - secretName: elastic-co-wildcard + hosts: + - elasticsearch.elastic.co +""" + + r = helm_template(config) + assert uname in r["ingress"] + i = r["ingress"][uname]["spec"] + assert i["tls"][0]["hosts"][0] == "elasticsearch.elastic.co" + assert i["tls"][0]["secretName"] == "elastic-co-wildcard" + + assert i["rules"][0]["host"] == "elasticsearch.elastic.co" + assert i["rules"][0]["http"]["paths"][0]["path"] == "/" + assert i["rules"][0]["http"]["paths"][0]["backend"]["serviceName"] == uname + assert i["rules"][0]["http"]["paths"][0]["backend"]["servicePort"] == 9200 + assert i["rules"][1]["host"] == None + assert i["rules"][1]["http"]["paths"][0]["path"] == "/" + assert i["rules"][1]["http"]["paths"][0]["backend"]["serviceName"] == uname + assert i["rules"][1]["http"]["paths"][0]["backend"]["servicePort"] == 9200 + assert i["rules"][1]["http"]["paths"][1]["path"] == "/mypath" + assert i["rules"][1]["http"]["paths"][1]["backend"]["serviceName"] == uname + assert i["rules"][1]["http"]["paths"][1]["backend"]["servicePort"] == 8888 + assert i["rules"][2]["host"] == "elasticsearch.hello.there" + assert i["rules"][2]["http"]["paths"][0]["path"] == "/" + assert i["rules"][2]["http"]["paths"][0]["backend"]["serviceName"] == uname + assert i["rules"][2]["http"]["paths"][0]["backend"]["servicePort"] == 9999 + + +def test_adding_a_deprecated_ingress_rule(): + config = """ ingress: enabled: true annotations: diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml index 40583e8be..8ed7cb4e3 100755 --- a/elasticsearch/values.yaml +++ b/elasticsearch/values.yaml @@ -243,9 +243,10 @@ ingress: annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" - path: / hosts: - - chart-example.local + - host: chart-example.local + paths: + - path: / tls: [] # - secretName: chart-example-tls # hosts: diff --git a/kibana/templates/ingress.yaml b/kibana/templates/ingress.yaml index fd4eae24a..f79255f30 100644 --- a/kibana/templates/ingress.yaml +++ b/kibana/templates/ingress.yaml @@ -1,6 +1,6 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "kibana.fullname" . -}} -{{- $servicePort := .Values.service.port -}} +{{- $httpPort := .Values.httpPort -}} {{- $ingressPath := .Values.ingress.path -}} apiVersion: networking.k8s.io/v1beta1 kind: Ingress @@ -14,16 +14,38 @@ metadata: spec: {{- if .Values.ingress.tls }} tls: + {{- if .ingressPath }} + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- else }} {{ toYaml .Values.ingress.tls | indent 4 }} + {{- end }} {{- end }} rules: {{- range .Values.ingress.hosts }} + {{- if $ingressPath }} - host: {{ . }} http: paths: - path: {{ $ingressPath }} backend: serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} + servicePort: {{ $httpPort }} + {{- else }} + - host: {{ .host }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ .servicePort | default $httpPort }} + {{- end }} + {{- end }} {{- end }} {{- end }} diff --git a/kibana/tests/kibana_test.py b/kibana/tests/kibana_test.py index b188db456..5a3f30b34 100644 --- a/kibana/tests/kibana_test.py +++ b/kibana/tests/kibana_test.py @@ -206,6 +206,54 @@ def test_adding_a_extra_init_container(): def test_adding_an_ingress_rule(): config = """ +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + hosts: + - host: kibana.elastic.co + paths: + - path: / + - path: /testpath + servicePort: 8888 + - host: '' + paths: + - path: / + - host: kibana.hello.there + paths: + - path: /mypath + servicePort: 9999 + tls: + - secretName: elastic-co-wildcard + hosts: + - kibana.elastic.co +""" + + r = helm_template(config) + assert name in r["ingress"] + i = r["ingress"][name]["spec"] + assert i["tls"][0]["hosts"][0] == "kibana.elastic.co" + assert i["tls"][0]["secretName"] == "elastic-co-wildcard" + + assert i["rules"][0]["host"] == "kibana.elastic.co" + assert i["rules"][0]["http"]["paths"][0]["path"] == "/" + assert i["rules"][0]["http"]["paths"][0]["backend"]["serviceName"] == name + assert i["rules"][0]["http"]["paths"][0]["backend"]["servicePort"] == 5601 + assert i["rules"][0]["http"]["paths"][1]["path"] == "/testpath" + assert i["rules"][0]["http"]["paths"][1]["backend"]["serviceName"] == name + assert i["rules"][0]["http"]["paths"][1]["backend"]["servicePort"] == 8888 + assert i["rules"][1]["host"] == None + assert i["rules"][1]["http"]["paths"][0]["path"] == "/" + assert i["rules"][1]["http"]["paths"][0]["backend"]["serviceName"] == name + assert i["rules"][1]["http"]["paths"][0]["backend"]["servicePort"] == 5601 + assert i["rules"][2]["host"] == "kibana.hello.there" + assert i["rules"][2]["http"]["paths"][0]["path"] == "/mypath" + assert i["rules"][2]["http"]["paths"][0]["backend"]["serviceName"] == name + assert i["rules"][2]["http"]["paths"][0]["backend"]["servicePort"] == 9999 + + +def test_adding_a_deprecated_ingress_rule(): + config = """ ingress: enabled: true annotations: @@ -233,6 +281,34 @@ def test_adding_an_ingress_rule(): def test_adding_an_ingress_rule_wildcard(): config = """ +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + hosts: + - host: kibana.elastic.co + paths: + - path: / + tls: + - secretName: elastic-co-wildcard + hosts: + - "*.elastic.co" +""" + + r = helm_template(config) + assert name in r["ingress"] + i = r["ingress"][name]["spec"] + assert i["tls"][0]["hosts"][0] == "*.elastic.co" + assert i["tls"][0]["secretName"] == "elastic-co-wildcard" + + assert i["rules"][0]["host"] == "kibana.elastic.co" + assert i["rules"][0]["http"]["paths"][0]["path"] == "/" + assert i["rules"][0]["http"]["paths"][0]["backend"]["serviceName"] == name + assert i["rules"][0]["http"]["paths"][0]["backend"]["servicePort"] == 5601 + + +def test_adding_a_deprecated_ingress_rule_wildcard(): + config = """ ingress: enabled: true annotations: diff --git a/kibana/values.yaml b/kibana/values.yaml index 8169e80db..a84a29746 100755 --- a/kibana/values.yaml +++ b/kibana/values.yaml @@ -120,9 +120,10 @@ ingress: annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" - path: / hosts: - - chart-example.local + - host: chart-example.local + paths: + - path: / tls: [] # - secretName: chart-example-tls # hosts: