canonical · louiseschmidtgen · Jun 21, 2024 · Jun 4, 2024 · Jun 4, 2024 · Jun 4, 2024
@@ -23,6 +23,7 @@
 
 DIR = Path(__file__).absolute().parent
 COMPONENTS = DIR.parent / "components"
+CHARTS = DIR.parent.parent / "k8s" / "manifests" / "charts"
 
 # Version marker for latest Kubernetes version. Expected to be one of:
 #
@@ -36,6 +37,9 @@
 # Helm release branch to track. The most recent tag in the branch will be used.
 HELM_RELEASE_BRANCH = "release-3.14"
 
+# Contour Helm repository and chart version
+CONTOUR_HELM_REPO = "oci://registry-1.docker.io/bitnamicharts/contour"
+CONTOUR_CHART_VERSION = "17.0.4"
 
 def get_kubernetes_version() -> str:
     """Update Kubernetes version based on the specified marker file"""
@@ -59,6 +63,9 @@ def get_cni_version() -> str:
 
         raise Exception(f"Failed to find cni dependency in {deps_file}")
 
+def pull_contour_chart() -> None:
+    LOG.info("Pulling Contour Helm chart from %s with version %s", CONTOUR_HELM_REPO, CONTOUR_CHART_VERSION)
+    util.helm_pull("bitnami/contour", CONTOUR_HELM_REPO, CONTOUR_CHART_VERSION, CHARTS)
 
 def get_containerd_version() -> str:
     """Update containerd version using latest tag of specified branch"""
@@ -101,6 +108,13 @@ def update_component_versions(dry_run: bool):
         if not dry_run:
             Path(path).write_text(version.strip() + "\n")
 
+    for component, pull_helm_chart in [
+        ("bitnami/contour", pull_contour_chart),
+    ]:
+        LOG.info("Updating chart for %s", component)
+        if not dry_run:
+            pull_helm_chart()
+
 
 def main():
     parser = argparse.ArgumentParser(

@@ -0,0 +1,65 @@
+#!/bin/bash
+
+CONTOUR_VERSION="v1.28.2"
+DIR=$(realpath $(dirname "${0}"))
+CHARTS_PATH="$DIR/../../k8s/components/charts"
+
+cd "$CHARTS_PATH"
+# Download the common CRDs
+echo "Downloading common CRDs from Contour ${CONTOUR_VERSION}"
+
+git clone https://github.com/projectcontour/contour --depth 1 -b "${CONTOUR_VERSION}" contour-src
+# curl -s -o "${CHARTS_PATH}/contour/templates/common-crds.yaml" "${COMMON_URL}"
+
+# Common CRDS for contour gateway and ingress
+rm -rf "ck-contour-common-${CONTOUR_VERSION:1}.tgz"
+helm create ck-contour-common
+
+rm -rf ck-contour-common/templates
+rm -rf ck-contour-common/charts
+rm -rf ck-contour-common/values.yaml
+mkdir -p ck-contour-common/crds
+
+cp contour-src/examples/contour/01-crds.yaml ck-contour-common/crds/
+sed -i 's/^\(version: \).*$/\1'"${CONTOUR_VERSION:1}"'/' ck-contour-common/Chart.yaml
+sed -i 's/^\(appVersion: \).*$/\1'"${CONTOUR_VERSION:1}"'/' ck-contour-common/Chart.yaml
+sed -i 's/^\(description: \).*$/\1'"A Helm Chart containing Contour common CRDs"'/' ck-contour-common/Chart.yaml
+
+helm package ck-contour-common
+rm -rf ck-contour-common
+
+# Contour Gateway Provisioner
+helm create ck-gateway-contour
+rm -rf ck-gateway-contour/templates/*
+rm -rf ck-gateway-contour/charts
+rm -rf ck-gateway-contour/values.yaml
+mkdir -p ck-gateway-contour/crds
+
+cp contour-src/examples/gateway/00-crds.yaml ck-gateway-contour/crds/
+cp contour-src/examples/gateway-provisioner/00-common.yaml ck-gateway-contour/templates/
+cp contour-src/examples/gateway-provisioner/01-roles.yaml ck-gateway-contour/templates/
+cp contour-src/examples/gateway-provisioner/02-rolebindings.yaml ck-gateway-contour/templates/
+cp contour-src/examples/gateway-provisioner/03-gateway-provisioner.yaml ck-gateway-contour/templates/
+
+# Add Gateway Class
+cat <<EOF >ck-gateway-contour/templates/ck-gateway-class.yaml
+---
+kind: GatewayClass
+apiVersion: gateway.networking.k8s.io/v1beta1
+metadata:
+  name: ck-gateway
+spec:
+  controllerName: projectcontour.io/gateway-controller
+EOF
+# Remove the Namespace resource from 00-common.yaml
+sed -i '1,5d' ck-gateway-contour/templates/00-common.yaml
+
+sed -i 's/^\(version: \).*$/\1'"${CONTOUR_VERSION:1}"'/' ck-gateway-contour/Chart.yaml
+sed -i 's/^\(appVersion: \).*$/\1'"${CONTOUR_VERSION:1}"'/' ck-gateway-contour/Chart.yaml
+sed -i 's/^\(description: \).*$/\1'"A Helm Chart containing Contour Gateway Provisioner"'/' ck-gateway-contour/Chart.yaml
+
+helm package ck-gateway-contour
+rm -rf ck-gateway-contour
+
+# Remove the github source code
+rm -rf contour-src
@@ -48,3 +48,19 @@ def read_file(path: Path) -> str:
 
 def read_url(url: str) -> str:
     return urlopen(url).read().decode().strip()
+
+def helm_pull(chart, repo_url: str, version: str, destination: Path) -> None:
+    parse_output(
+        [
+            "helm",
+            "pull",
+            f"{repo_url}",
+            f"{chart}",
+            "--version",
+            version,
+            "--destination",
+            destination
+        ]
+    )
+
+    LOG.info("Pulled helm chart %s @ %s as %s to %s", chart, version, repo_url, destination)
@@ -10,13 +10,11 @@ git config user.name k8s-bot
 rm "${DIR}/../../../tests/integration/tests/test_cilium_e2e.py"
 ## TODO: restore when loadbalancer is implemented
 rm "${DIR}/../../../tests/integration/tests/test_loadbalancer.py"
-## TODO: restore when gateway is implemented
-rm "${DIR}/../../../tests/integration/tests/test_gateway.py"
-## TODO: restore when ingress is implemented
-rm "${DIR}/../../../tests/integration/tests/test_ingress.py"
 ## TODO: restore when cleanup is implemented
 rm "${DIR}/../../../tests/integration/tests/test_cleanup.py"
 
+sed -i 's/ingressClassName: cilium/ingressClassName: ck-ingress/g' "${DIR}/../../../tests/integration/templates/ingress-test.yaml"
+
 git commit -a -m "Remove unrelated tests"
 
 # Apply strict patch

@@ -58,21 +58,27 @@ Once you have the name of the pod, run the following command to see Cilium's
 status:
 
 ```sh
-sudo k8s kubectl exec -it cilium-97vcw -n kube-system -c cilium-agent -- cilium status
+sudo k8s kubectl exec -it cilium-97vcw -n kube-system -c cilium-agent \
+  -- cilium status
 ```
 
-You should see a wide range of metrics and configuration values for your cluster.
+You should see a wide range of metrics and configuration values for your 
+cluster.
 
 ## Disable Network
 
 You can `disable` the built-in network:
 
 ``` {warning}
-   If you have an active cluster, disabling Network may impact external access to
-   services within your cluster.
-   Ensure that you have alternative configurations in place before disabling Network.
+   If you have an active cluster, disabling Network may impact external 
+   access to services within your cluster.
+   Ensure that you have alternative configurations in place before 
+   disabling Network.
 ```
 
+If your underlying network is cilium you will have to run 
+`sudo k8s disable gateway` before disabling network.
+
 ```
 sudo k8s disable network
 ```

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: ck-gateway-cilium
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
@@ -0,0 +1,7 @@
+---
+kind: GatewayClass
+apiVersion: gateway.networking.k8s.io/v1beta1
+metadata:
+  name: ck-gateway
+spec:
+  controllerName: io.cilium/gateway-controller
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: ck-ingress-tls
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
@@ -0,0 +1,10 @@
+apiVersion: projectcontour.io/v1
+kind: TLSCertificateDelegation
+metadata:
+  name: ck-ingress-tls-delegation
+  namespace: projectcontour-root
+spec:
+  delegations:
+    - secretName: {{ .Values.defaultTLSSecret}} 
+      targetNamespaces:
+      - "*"
@@ -0,0 +1,4 @@
+# Default values for ck-ingress.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+defaultTLSSecret: ""
@@ -28,6 +28,13 @@ var (
 		ManifestPath: path.Join("charts", "gateway-api-1.0.0.tgz"),
 	}
 
+	//chartGatewayClass represents a manifest to deploy a GatewayClass called ck-gateway.
+	chartGatewayClass = helm.InstallableChart{
+		Name:         "ck-gateway-class",
+		Namespace:    "default",
+		ManifestPath: path.Join("charts", "ck-gateway-cilium"),
+	}
+
 	// ciliumAgentImageRepo represents the image to use for cilium-agent.
 	ciliumAgentImageRepo = "ghcr.io/canonical/cilium"
 

@@ -21,6 +21,11 @@ func ApplyGateway(ctx context.Context, snap snap.Snap, gateway types.Gateway, ne
 		return fmt.Errorf("failed to install Gateway API CRDs: %w", err)
 	}
 
+	// Apply our GatewayClass named ck-gateway
+	if _, err := m.Apply(ctx, chartGatewayClass, helm.StatePresentOrDeleted(gateway.GetEnabled()), nil); err != nil {
+		return fmt.Errorf("failed to install Gateway API GatewayClass: %w", err)
+	}
+
 	changed, err := m.Apply(ctx, chartCilium, helm.StateUpgradeOnlyOrDeleted(network.GetEnabled()), map[string]any{"gatewayAPI": map[string]any{"enabled": gateway.GetEnabled()}})
 	if err != nil {
 		return fmt.Errorf("failed to apply Gateway API cilium configuration: %w", err)

@@ -0,0 +1,36 @@
+package contour
+
+import (
+	"path"
+
+	"github.com/canonical/k8s/pkg/client/helm"
+)
+
+var (
+	// chartContour represents manifests to deploy Contour.
+	// This excludes shared CRDs.
+	chartContour = helm.InstallableChart{
+		Name:         "ck-ingress",
+		Namespace:    "projectcontour",
+		ManifestPath: path.Join("charts", "contour-17.0.4.tgz"),
+	}
+	// chartGateway represents manifests to deploy Contour Gateway.
+	// This excludes shared CRDs.
+	chartGateway = helm.InstallableChart{
+		Name:         "ck-gateway",
+		Namespace:    "projectcontour",
+		ManifestPath: path.Join("charts", "ck-gateway-contour-1.28.2.tgz"),
+	}
+	// chartDefaultTLS represents manifests to deploy a delegation resource for the default TLS secret.
+	chartDefaultTLS = helm.InstallableChart{
+		Name:         "ck-ingress-tls",
+		Namespace:    "projectcontour-root",
+		ManifestPath: path.Join("charts", "ck-ingress-tls"),
+	}
+	// chartCommonContourCRDS represents manifests to deploy common Contour CRDs.
+	chartCommonContourCRDS = helm.InstallableChart{
+		Name:         "ck-contour-common",
+		Namespace:    "projectcontour",
+		ManifestPath: path.Join("charts", "ck-contour-common-1.28.2.tgz"),
+	}
+)