Skip to content
This repository has been archived by the owner on Feb 22, 2022. It is now read-only.

Commit

Permalink
[stable/kong] Added PodDisruptionBudget for Kong and its ingress (#16293
Browse files Browse the repository at this point in the history
)

* added PodDisruptionBudget on Kong and its ingress

Signed-off-by: Felippe Mendonça <[email protected]>

* changed default value podDisruption feature to false
- update README
- included ci test to podDisruptionBudget

Signed-off-by: Felippe Mendonça <[email protected]>

* version bumped

Signed-off-by: Felippe Mendonça <[email protected]>
  • Loading branch information
felippe-mendonca authored and k8s-ci-robot committed Aug 16, 2019
1 parent 00d32f7 commit 7adb8ee
Show file tree
Hide file tree
Showing 6 changed files with 119 additions and 59 deletions.
2 changes: 1 addition & 1 deletion stable/kong/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,5 +12,5 @@ maintainers:
name: kong
sources:
- https://github.com/Kong/kong
version: 0.15.0
version: 0.15.1
appVersion: 1.2
122 changes: 64 additions & 58 deletions stable/kong/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -58,55 +58,58 @@ chart and deletes the release.
The following table lists the configurable parameters of the Kong chart
and their default values.

| Parameter | Description | Default |
| ------------------------------ | -------------------------------------------------------------------------------- | ------------------- |
| image.repository | Kong image | `kong` |
| image.tag | Kong image version | `1.2` |
| image.pullPolicy | Image pull policy | `IfNotPresent` |
| image.pullSecrets | Image pull secrets | `null` |
| replicaCount | Kong instance count | `1` |
| admin.useTLS | Secure Admin traffic | `true` |
| admin.servicePort | TCP port on which the Kong admin service is exposed | `8444` |
| admin.containerPort | TCP port on which Kong app listens for admin traffic | `8444` |
| admin.nodePort | Node port when service type is `NodePort` | |
| admin.hostPort | Host port to use for admin traffic | |
| admin.type | k8s service type, Options: NodePort, ClusterIP, LoadBalancer | `NodePort` |
| admin.loadBalancerIP | Will reuse an existing ingress static IP for the admin service | `null` |
| admin.loadBalancerSourceRanges | Limit admin access to CIDRs if set and service type is `LoadBalancer` | `[]` |
| admin.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` |
| admin.ingress.tls | Name of secret resource, containing TLS secret | |
| admin.ingress.hosts | List of ingress hosts. | `[]` |
| admin.ingress.path | Ingress path. | `/` |
| admin.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` |
| proxy.http.enabled | Enables http on the proxy | true |
| proxy.http.servicePort | Service port to use for http | 80 |
| proxy.http.containerPort | Container port to use for http | 8000 |
| proxy.http.nodePort | Node port to use for http | 32080 |
| proxy.http.hostPort | Host port to use for http | |
| proxy.tls.enabled | Enables TLS on the proxy | true |
| proxy.tls.containerPort | Container port to use for TLS | 8443 |
| proxy.tls.servicePort | Service port to use for TLS | 8443 |
| proxy.tls.nodePort | Node port to use for TLS | 32443 |
| proxy.tls.hostPort | Host port to use for TLS | |
| proxy.type | k8s service type. Options: NodePort, ClusterIP, LoadBalancer | `NodePort` |
| proxy.loadBalancerSourceRanges | Limit proxy access to CIDRs if set and service type is `LoadBalancer` | `[]` |
| proxy.loadBalancerIP | To reuse an existing ingress static IP for the admin service | |
| proxy.externalIPs | IPs for which nodes in the cluster will also accept traffic for the proxy | `[]` |
| proxy.externalTrafficPolicy | k8s service's externalTrafficPolicy. Options: Cluster, Local | |
| proxy.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` |
| proxy.ingress.tls | Name of secret resource, containing TLS secret | |
| proxy.ingress.hosts | List of ingress hosts. | `[]` |
| proxy.ingress.path | Ingress path. | `/` |
| proxy.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` |
| env | Additional [Kong configurations](https://getkong.org/docs/latest/configuration/) | |
| runMigrations | Run Kong migrations job | `true` |
| readinessProbe | Kong readiness probe | |
| livenessProbe | Kong liveness probe | |
| affinity | Node/pod affinities | |
| nodeSelector | Node labels for pod assignment | `{}` |
| podAnnotations | Annotations to add to each pod | `{}` |
| resources | Pod resource requests & limits | `{}` |
| tolerations | List of node taints to tolerate | `[]` |
| Parameter | Description | Default |
| ---------------------------------- | ------------------------------------------------------------------------------------- | ------------------- |
| image.repository | Kong image | `kong` |
| image.tag | Kong image version | `1.2` |
| image.pullPolicy | Image pull policy | `IfNotPresent` |
| image.pullSecrets | Image pull secrets | `null` |
| replicaCount | Kong instance count | `1` |
| admin.useTLS | Secure Admin traffic | `true` |
| admin.servicePort | TCP port on which the Kong admin service is exposed | `8444` |
| admin.containerPort | TCP port on which Kong app listens for admin traffic | `8444` |
| admin.nodePort | Node port when service type is `NodePort` | |
| admin.hostPort | Host port to use for admin traffic | |
| admin.type | k8s service type, Options: NodePort, ClusterIP, LoadBalancer | `NodePort` |
| admin.loadBalancerIP | Will reuse an existing ingress static IP for the admin service | `null` |
| admin.loadBalancerSourceRanges | Limit admin access to CIDRs if set and service type is `LoadBalancer` | `[]` |
| admin.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` |
| admin.ingress.tls | Name of secret resource, containing TLS secret | |
| admin.ingress.hosts | List of ingress hosts. | `[]` |
| admin.ingress.path | Ingress path. | `/` |
| admin.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` |
| proxy.http.enabled | Enables http on the proxy | true |
| proxy.http.servicePort | Service port to use for http | 80 |
| proxy.http.containerPort | Container port to use for http | 8000 |
| proxy.http.nodePort | Node port to use for http | 32080 |
| proxy.http.hostPort | Host port to use for http | |
| proxy.tls.enabled | Enables TLS on the proxy | true |
| proxy.tls.containerPort | Container port to use for TLS | 8443 |
| proxy.tls.servicePort | Service port to use for TLS | 8443 |
| proxy.tls.nodePort | Node port to use for TLS | 32443 |
| proxy.tls.hostPort | Host port to use for TLS | |
| proxy.type | k8s service type. Options: NodePort, ClusterIP, LoadBalancer | `NodePort` |
| proxy.loadBalancerSourceRanges | Limit proxy access to CIDRs if set and service type is `LoadBalancer` | `[]` |
| proxy.loadBalancerIP | To reuse an existing ingress static IP for the admin service | |
| proxy.externalIPs | IPs for which nodes in the cluster will also accept traffic for the proxy | `[]` |
| proxy.externalTrafficPolicy | k8s service's externalTrafficPolicy. Options: Cluster, Local | |
| proxy.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` |
| proxy.ingress.tls | Name of secret resource, containing TLS secret | |
| proxy.ingress.hosts | List of ingress hosts. | `[]` |
| proxy.ingress.path | Ingress path. | `/` |
| proxy.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` |
| env | Additional [Kong configurations](https://getkong.org/docs/latest/configuration/) | |
| runMigrations | Run Kong migrations job | `true` |
| readinessProbe | Kong readiness probe | |
| livenessProbe | Kong liveness probe | |
| affinity | Node/pod affinities | |
| nodeSelector | Node labels for pod assignment | `{}` |
| podAnnotations | Annotations to add to each pod | `{}` |
| resources | Pod resource requests & limits | `{}` |
| tolerations | List of node taints to tolerate | `[]` |
| podDisruptionBudget.enabled | Enable PodDisruptionBudget for Kong | `false` |
| podDisruptionBudget.maxUnavailable | Represents the minimum number of Pods that can be unavailable (integer or percentage) | `50%` |
| podDisruptionBudget.minAvailable | Represents the number of Pods that must be available (integer or percentage) | |

### Admin/Proxy listener override

Expand Down Expand Up @@ -374,12 +377,15 @@ The custom resources are:

You can can learn about kong ingress custom resource definitions [here](https://github.com/Kong/kubernetes-ingress-controller/blob/master/docs/custom-resources.md).

| Parameter | Description | Default |
| --------------- | ----------------------------------------- | ---------------------------------------------------------------------------- |
| enabled | Deploy the ingress controller, rbac and crd | false |
| replicaCount | Number of desired ingress controllers | 1 |
| image.repository | Docker image with the ingress controller | kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller |
| image.tag | Version of the ingress controller | 0.2.0 |
| readinessProbe | Kong ingress controllers readiness probe | |
| livenessProbe | Kong ingress controllers liveness probe | |
| ingressClass | The ingress-class value for controller | nginx
| Parameter | Description | Default |
| ---------------------------------- | ------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- |
| enabled | Deploy the ingress controller, rbac and crd | false |
| replicaCount | Number of desired ingress controllers | 1 |
| image.repository | Docker image with the ingress controller | kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller |
| image.tag | Version of the ingress controller | 0.2.0 |
| readinessProbe | Kong ingress controllers readiness probe | |
| livenessProbe | Kong ingress controllers liveness probe | |
| ingressClass | The ingress-class value for controller | nginx |
| podDisruptionBudget.enabled | Enable PodDisruptionBudget for ingress controller | `false` |
| podDisruptionBudget.maxUnavailable | Represents the minimum number of Pods that can be unavailable (integer or percentage) | `50%` |
| podDisruptionBudget.minAvailable | Represents the number of Pods that must be available (integer or percentage) | |
6 changes: 6 additions & 0 deletions stable/kong/ci/dbless-values.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,12 @@
# CI test for testing dbless deployment

podDisruptionBudget:
enabled: true

ingressController:
enabled: true
podDisruptionBudget:
enabled: true
env:
database: "off"
postgresql:
Expand Down
20 changes: 20 additions & 0 deletions stable/kong/templates/controller-pdb.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{{- if and .Values.ingressController.enabled .Values.ingressController.podDisruptionBudget.enabled }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: "{{ template "kong.fullname" . }}-controller"
labels:
app: "{{ template "kong.name" . }}"
spec:
{{- if .Values.ingressController.podDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.ingressController.podDisruptionBudget.minAvailable }}
{{- end }}
{{- if .Values.ingressController.podDisruptionBudget.maxUnavailable }}
maxUnavailable: {{ .Values.ingressController.podDisruptionBudget.maxUnavailable }}
{{- end }}
selector:
matchLabels:
app: {{ template "kong.name" . }}
release: {{ .Release.Name }}
component: controller
{{- end }}
Loading

0 comments on commit 7adb8ee

Please sign in to comment.