-
Notifications
You must be signed in to change notification settings - Fork 717
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ingress support for Elasticsearch and Kibana Helm Charts #7941
Merged
Merged
Changes from 10 commits
Commits
Show all changes
11 commits
Select commit
Hold shift + click to select a range
4fbe42f
Elasticsearch/Kibana ECK Charts Helm Ingress.
naemono 0e0e19e
Adding newlines
naemono 0df2133
Adding some documentation for ingress.
naemono f1c6570
remove es dev host from examples.
naemono 4636355
Consistent hosts across examples.
naemono cb71bf8
Fix naming of file.
naemono f3a1e1a
spelling fixes.
naemono b8e1f9c
Merge branch 'main' into eck-charts-ingress
naemono ae206e3
Always add helm labels to ingress.
naemono 90bf9c5
Update eks documentation/examples.
naemono a5fb515
Update to be non-wildcard.
naemono File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
26 changes: 26 additions & 0 deletions
26
deploy/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-aks.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
--- | ||
# The following is an example of an Elasticsearch resource that is configured to use an Ingress resource in an AKS cluster. | ||
# | ||
ingress: | ||
enabled: true | ||
className: webapprouting.kubernetes.azure.com | ||
annotations: | ||
# This is required for AKS Loadbalancing to understand that it's communicating with | ||
# an HTTPS backend. | ||
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" | ||
labels: | ||
my: label | ||
pathType: Prefix | ||
hosts: | ||
- host: "*.company.dev" | ||
path: "/" | ||
nodeSets: | ||
- name: default | ||
count: 3 | ||
# Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive. | ||
# For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144 | ||
# and leave node.store.allow_mmap unset. | ||
# ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html | ||
# | ||
config: | ||
node.store.allow_mmap: false |
37 changes: 37 additions & 0 deletions
37
...oy/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-eks-alb.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
--- | ||
# The following is an example of an Elasticsearch resource that is configured to use an Ingress resource in an EKS cluster | ||
# which provisions an application load balancer. | ||
# | ||
ingress: | ||
enabled: true | ||
className: alb | ||
annotations: | ||
alb.ingress.kubernetes.io/scheme: "internet-facing" | ||
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' | ||
alb.ingress.kubernetes.io/backend-protocol: "HTTPS" | ||
alb.ingress.kubernetes.io/target-type: "ip" | ||
# To use an ALB with ECK, you must provide a valid ACM certificate ARN or use certificate discovery. | ||
# There are 2 options for EKS: | ||
# 1. Create a valid ACM certificate, and uncomment the following annotation and update it to the correct ARN. | ||
# 2. Create a valid ACM certificate and ensure that the hosts[0].host matches the certificate's Common Name (CN) and | ||
# certificate discovery *should* find the certificate automatically and use it. | ||
# | ||
# ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/guide/ingress/cert_discovery/ | ||
# | ||
# alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:us-east-1:00000000000:certificate/b65be571-8220-4f2e-8cb1-94194535d877" | ||
labels: | ||
my: label | ||
pathType: Prefix | ||
hosts: | ||
- host: "*.company.dev" | ||
path: "/" | ||
nodeSets: | ||
- name: default | ||
count: 3 | ||
# Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive. | ||
# For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144 | ||
# and leave node.store.allow_mmap unset. | ||
# ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html | ||
# | ||
config: | ||
node.store.allow_mmap: false |
27 changes: 27 additions & 0 deletions
27
...oy/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-eks-nlb.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
--- | ||
# The following is an example of an Elasticsearch resource that is configured to deploy a | ||
# network load balancer (NLB) in an EKS cluster. To provision an NLB "ingress" for the | ||
# Elasticsearch cluster, you are required to set annotations on the service, | ||
# and not an Ingress resource. | ||
ingress: | ||
enabled: false | ||
http: | ||
service: | ||
metadata: | ||
annotations: | ||
service.beta.kubernetes.io/aws-load-balancer-type: external | ||
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip | ||
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing | ||
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl | ||
spec: | ||
type: LoadBalancer | ||
nodeSets: | ||
- name: default | ||
count: 3 | ||
# Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive. | ||
# For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144 | ||
# and leave node.store.allow_mmap unset. | ||
# ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html | ||
# | ||
config: | ||
node.store.allow_mmap: false |
36 changes: 36 additions & 0 deletions
36
deploy/eck-stack/charts/eck-elasticsearch/examples/ingress/elasticsearch-ingress-gke.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
--- | ||
# The following is an example of an Elasticsearch resource that is configured to use an Ingress resource in a GKE cluster. | ||
# | ||
ingress: | ||
enabled: true | ||
annotations: | ||
my: annotation | ||
labels: | ||
my: label | ||
pathType: Prefix | ||
hosts: | ||
- host: "*.company.dev" | ||
path: "/" | ||
http: | ||
service: | ||
metadata: | ||
annotations: | ||
# This is required for `ClusterIP` services (which are the default ECK service type) to be used with Ingress in GKE clusters. | ||
cloud.google.com/neg: '{"ingress": true}' | ||
# This is required to enable the GKE Ingress Controller to use HTTPS as the backend protocol. | ||
cloud.google.com/app-protocols: '{"https":"HTTPS"}' | ||
nodeSets: | ||
- name: default | ||
count: 3 | ||
# Comment out when setting the vm.max_map_count via initContainer, as these are mutually exclusive. | ||
# For production workloads, it is strongly recommended to increase the kernel setting vm.max_map_count to 262144 | ||
# and leave node.store.allow_mmap unset. | ||
# ref: https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html | ||
# | ||
config: | ||
node.store.allow_mmap: false | ||
# Enable anonymous access to allow GCLB health probes to succeed | ||
xpack.security.authc: | ||
anonymous: | ||
username: anon | ||
roles: monitoring_user |
48 changes: 48 additions & 0 deletions
48
deploy/eck-stack/charts/eck-elasticsearch/templates/ingress.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
{{- if .Values.ingress.enabled -}} | ||
{{- $pathType := .Values.ingress.pathType | default "Prefix" -}} | ||
apiVersion: networking.k8s.io/v1 | ||
kind: Ingress | ||
metadata: | ||
name: {{ include "elasticsearch.fullname" . }} | ||
labels: | ||
{{- include "elasticsearch.labels" . | nindent 4 }} | ||
{{- with .Values.ingress.labels }} | ||
{{- toYaml . | nindent 4 }} | ||
{{- end }} | ||
{{- if .Values.ingress.annotations }} | ||
annotations: | ||
{{- with .Values.ingress.annotations }} | ||
{{- toYaml . | nindent 4 }} | ||
{{- end }} | ||
{{- end }} | ||
spec: | ||
{{- if .Values.ingress.className }} | ||
ingressClassName: {{ .Values.ingress.className | quote }} | ||
{{- end }} | ||
{{- if .Values.ingress.tls.enabled }} | ||
tls: | ||
- hosts: | ||
{{- range .Values.ingress.hosts }} | ||
- {{ .host | quote }} | ||
{{- end }} | ||
{{- if .Values.ingress.tls.secretName }} | ||
secretName: {{ .Values.ingress.tls.secretName }} | ||
{{- else }} | ||
secretName: {{ include "elasticsearch.fullname" . }}-es-http-certs-internal | ||
{{- end }} | ||
{{- end }} | ||
rules: | ||
{{- range .Values.ingress.hosts }} | ||
{{- $hostPath := .path | default "/" }} | ||
- host: {{ .host | quote }} | ||
http: | ||
paths: | ||
- path: {{ $hostPath }} | ||
pathType: {{ $pathType }} | ||
backend: | ||
service: | ||
name: {{ include "elasticsearch.fullname" $ }}-es-http | ||
port: | ||
number: 9200 | ||
{{- end }} | ||
{{ end }} |
88 changes: 88 additions & 0 deletions
88
deploy/eck-stack/charts/eck-elasticsearch/templates/tests/ingress_test.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
suite: test elasticsearch ingress | ||
templates: | ||
- templates/ingress.yaml | ||
tests: | ||
- it: should render quickstart properly | ||
set: | ||
ingress.enabled: true | ||
release: | ||
name: quickstart | ||
asserts: | ||
- isKind: | ||
of: Ingress | ||
- equal: | ||
path: metadata.name | ||
value: quickstart-eck-elasticsearch | ||
- it: name override should work properly | ||
set: | ||
nameOverride: override | ||
ingress.enabled: true | ||
release: | ||
name: quickstart | ||
asserts: | ||
- isKind: | ||
of: Ingress | ||
- equal: | ||
path: metadata.name | ||
value: quickstart-override | ||
- it: fullname override should work properly | ||
set: | ||
fullnameOverride: override | ||
ingress.enabled: true | ||
release: | ||
name: quickstart | ||
asserts: | ||
- isKind: | ||
of: Ingress | ||
- equal: | ||
path: metadata.name | ||
value: override | ||
- it: should render custom labels, and annotations values properly | ||
set: | ||
ingress: | ||
enabled: true | ||
labels: | ||
test: label | ||
annotations: | ||
test: annotation | ||
release: | ||
name: quickstart | ||
asserts: | ||
- isKind: | ||
of: Ingress | ||
- equal: | ||
path: metadata.labels | ||
value: | ||
app.kubernetes.io/instance: quickstart | ||
app.kubernetes.io/managed-by: Helm | ||
app.kubernetes.io/name: eck-elasticsearch | ||
helm.sh/chart: eck-elasticsearch-0.12.0-SNAPSHOT | ||
test: label | ||
- equal: | ||
path: metadata.annotations | ||
value: | ||
test: annotation | ||
- it: should render ingress properly | ||
values: | ||
- ../../examples/ingress/elasticsearch-ingress-gke.yaml | ||
release: | ||
name: quickstart | ||
asserts: | ||
- isKind: | ||
of: Ingress | ||
- equal: | ||
path: metadata.name | ||
value: quickstart-eck-elasticsearch | ||
- contains: | ||
path: spec.rules | ||
content: | ||
host: "*.company.dev" | ||
http: | ||
paths: | ||
- backend: | ||
service: | ||
name: quickstart-eck-elasticsearch-es-http | ||
port: | ||
number: 9200 | ||
path: / | ||
pathType: Prefix |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
29 changes: 29 additions & 0 deletions
29
deploy/eck-stack/charts/eck-kibana/examples/ingress/kibana-aks.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
# The following is an example of a Kibana resource that is configured to use an Ingress resource in an AKS cluster. | ||
# | ||
|
||
# Name of the Kibana instance. | ||
# | ||
fullnameOverride: kibana | ||
|
||
spec: | ||
# Reference to ECK-managed Elasticsearch instance, ideally from {{ "elasticsearch.fullname" }} | ||
# | ||
elasticsearchRef: | ||
name: elasticsearch | ||
config: | ||
server: | ||
publicBaseUrl: "https://kibana.company.dev" | ||
|
||
ingress: | ||
enabled: true | ||
className: webapprouting.kubernetes.azure.com | ||
annotations: | ||
# This is required for AKS Loadbalancing to understand that it's communicating with | ||
# an HTTPS backend. | ||
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" | ||
labels: | ||
my: label | ||
pathType: Prefix | ||
hosts: | ||
- host: "*.company.dev" | ||
path: "/" |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are you suggesting to use a wildcard here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No suggestion, it's part of what I tested. I'll update to be a non-wildcard now.