-
Notifications
You must be signed in to change notification settings - Fork 19
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #157 from dystewart/external
Configure ingressController to use routeSelector and configure external ingress service
- Loading branch information
Showing
11 changed files
with
168 additions
and
4 deletions.
There are no files selected for viewing
16 changes: 16 additions & 0 deletions
16
...-ocp-prod/feature/external-ingress/externalsecrets/external-apps-ingress-certificate.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
apiVersion: external-secrets.io/v1beta1 | ||
kind: ExternalSecret | ||
metadata: | ||
name: external-apps-ingress-certificate | ||
namespace: openshift-ingress-operator | ||
spec: | ||
secretStoreRef: | ||
name: nerc-secret-store | ||
kind: SecretStore | ||
target: | ||
name: external-apps-ingress-certificate | ||
template: | ||
type: kubernetes.io/tls | ||
dataFrom: | ||
- extract: | ||
key: nerc/nerc-ocp-prod/openshift-ingress/external-apps-ingress-certificate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
9 changes: 9 additions & 0 deletions
9
cluster-scope/overlays/nerc-ocp-prod/feature/external-ingress/kustomization.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
apiVersion: kustomize.config.k8s.io/v1beta1 | ||
kind: Kustomization | ||
commonLabels: | ||
nerg.mghpcc.org/feature: external-ingress | ||
|
||
resources: | ||
- ingresscontrollers/external-apps.yaml | ||
- externalsecrets/external-apps-ingress-certificate.yaml | ||
- post-sync-hook |
34 changes: 34 additions & 0 deletions
34
cluster-scope/overlays/nerc-ocp-prod/feature/external-ingress/post-sync-hook/job.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
name: patch-external-ingress-service | ||
annotations: | ||
argocd.argoproj.io/hook: PostSync | ||
argocd.argoproj.io/hook-delete-policy: BeforeHookCreation | ||
spec: | ||
template: | ||
spec: | ||
restartPolicy: OnFailure | ||
serviceAccountName: patcher | ||
containers: | ||
- name: patcher | ||
# This is 4.10.42 | ||
image: quay.io/openshift/origin-cli:4.10 | ||
command: | ||
- bash | ||
- /scripts/apply-patches.sh | ||
- /patches | ||
volumeMounts: | ||
- name: patch-scripts | ||
mountPath: /scripts | ||
- name: patches | ||
mountPath: /patches | ||
|
||
volumes: | ||
- name: patch-scripts | ||
configMap: | ||
name: patch-scripts | ||
|
||
- name: patches | ||
configMap: | ||
name: patches |
21 changes: 21 additions & 0 deletions
21
...r-scope/overlays/nerc-ocp-prod/feature/external-ingress/post-sync-hook/kustomization.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
apiVersion: kustomize.config.k8s.io/v1beta1 | ||
kind: Kustomization | ||
namespace: openshift-ingress | ||
|
||
commonLabels: | ||
app: patch-external-ingress-service | ||
|
||
resources: | ||
- job.yaml | ||
- serviceaccount.yaml | ||
- role.yaml | ||
- rolebinding.yaml | ||
|
||
configMapGenerator: | ||
- name: patch-scripts | ||
files: | ||
- scripts/apply-patches.sh | ||
|
||
- name: patches | ||
files: | ||
- patches/router-external-apps.patch.yaml |
8 changes: 8 additions & 0 deletions
8
...-ocp-prod/feature/external-ingress/post-sync-hook/patches/router-external-apps.patch.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
annotations: | ||
metallb.universe.tf/address-pool: public | ||
name: router-external-apps | ||
spec: | ||
loadBalancerIP: 199.94.61.6 |
11 changes: 11 additions & 0 deletions
11
cluster-scope/overlays/nerc-ocp-prod/feature/external-ingress/post-sync-hook/role.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: Role | ||
metadata: | ||
name: patcher-allow-patching | ||
rules: | ||
- apiGroups: | ||
- '' | ||
resources: | ||
- services | ||
verbs: | ||
- patch |
11 changes: 11 additions & 0 deletions
11
...ter-scope/overlays/nerc-ocp-prod/feature/external-ingress/post-sync-hook/rolebinding.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: RoleBinding | ||
metadata: | ||
name: patcher-allow-patching | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: Role | ||
name: patcher-allow-patching | ||
subjects: | ||
- kind: ServiceAccount | ||
name: patcher |
47 changes: 47 additions & 0 deletions
47
...e/overlays/nerc-ocp-prod/feature/external-ingress/post-sync-hook/scripts/apply-patches.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
#!/bin/bash | ||
|
||
PATCH_DIR="$1" | ||
|
||
shopt -s nullglob | ||
|
||
mapfile -t patches < <(printf "%s\n" \ | ||
"$PATCH_DIR"/*.patch.yaml \ | ||
"$PATCH_DIR"/*.jsonpatch.yaml \ | ||
"$PATCH_DIR"/*.jsonmerge.yaml | sort) | ||
|
||
for patch in "${patches[@]}"; do | ||
|
||
# For strategic merge patches it's possible to infer the target of the patch | ||
# from the patch itself, but other patch types -- such as JSONPatch patches | ||
# -- require us to provide an explicit target. | ||
# | ||
# The following code replaces the patch type in the filename with "target" | ||
# (so that "something.patch.yaml" becomes "something.target.yaml"), and | ||
# if the resulting filename exists it will be used to determine the | ||
# target of the patch. | ||
targetname=$(awk -vOFS=. -F. '{$(NF-1) = "target"; print}' <<<"$patch") | ||
|
||
if [[ -f "$targetname" ]]; then | ||
target=$targetname | ||
else | ||
target=$patch | ||
fi | ||
|
||
case $patch in | ||
*.patch.yaml) | ||
patch_type=strategic;; | ||
*.jsonpatch.yaml) | ||
patch_type=json;; | ||
*.mergepatch.yaml) | ||
patch_type=merge;; | ||
|
||
*) echo "ERROR: $patch: unknown patch type" >&2 | ||
continue | ||
;; | ||
esac | ||
|
||
echo "Applying $patch" | ||
if ! kubectl patch -f "$target" --patch-file "$patch" --type "$patch_type"; then | ||
echo "ERROR: $patch: failed to apply" >&2 | ||
fi | ||
done |
4 changes: 4 additions & 0 deletions
4
...-scope/overlays/nerc-ocp-prod/feature/external-ingress/post-sync-hook/serviceaccount.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: patcher |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters