From e0b1175f91d109d575a98e0994c96540739eba16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20B=C5=82aszczyk?= Date: Thu, 5 Aug 2021 11:44:24 +0200 Subject: [PATCH] feat: update all ingress objects for k8s 1.18+ (#306) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: update all ingress object for k8s 1.18+ * add kubeval validation task * force validate * improve ci * add kratos * fix docs * u * remove replication * take care of orphans * fix test url * Apply suggestions from code review Co-authored-by: Piotr Mścichowski * update docs * improve validation * add missing values Co-authored-by: Piotr Mścichowski --- .circleci/config.yml | 24 ++++++++++ .circleci/helm-validate.sh | 9 ++++ .circleci/values/example-idp.yaml | 2 + .circleci/values/keto.yaml | 5 ++ .../values/kratos-selfservice-ui-node.yaml | 2 + .circleci/values/kratos.yaml | 5 ++ .circleci/values/oathkeeper.yaml | 21 ++------- README.md | 3 ++ docs/helm/hydra.md | 13 ++++-- .../keto/README.md => docs/helm/keto.md | 43 +++++++++++++++++ docs/helm/kratos.md | 43 +++++++++++++++++ docs/helm/oathkeeper.md | 43 +++++++++++++++++ .../charts/example-idp/templates/ingress.yaml | 40 +++++++++++----- helm/charts/example-idp/values.yaml | 6 ++- helm/charts/keto/templates/NOTES.txt | 4 +- helm/charts/keto/templates/ingress-read.yaml | 46 +++++++++++-------- helm/charts/keto/templates/ingress-write.yaml | 46 +++++++++++-------- helm/charts/keto/values.yaml | 8 +++- .../templates/NOTES.txt | 2 +- .../templates/ingress.yaml | 40 +++++++++++----- .../templates/tests/test-connection.yaml | 2 +- .../kratos-selfservice-ui-node/values.yaml | 6 ++- helm/charts/kratos/templates/NOTES.txt | 4 +- .../kratos/templates/ingress-admin.yaml | 39 +++++++++++----- .../kratos/templates/ingress-public.yaml | 41 +++++++++++------ helm/charts/kratos/values.yaml | 18 ++++---- helm/charts/oathkeeper/templates/NOTES.txt | 4 +- .../oathkeeper/templates/ingress-api.yaml | 41 +++++++++++------ .../oathkeeper/templates/ingress-proxy.yaml | 41 +++++++++++------ helm/charts/oathkeeper/values.yaml | 11 +++-- 30 files changed, 453 insertions(+), 159 deletions(-) create mode 100755 .circleci/helm-validate.sh create mode 100644 .circleci/values/example-idp.yaml create mode 100644 .circleci/values/kratos-selfservice-ui-node.yaml rename helm/charts/keto/README.md => docs/helm/keto.md (63%) diff --git a/.circleci/config.yml b/.circleci/config.yml index eda909be5..3fa5b4282 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -15,6 +15,23 @@ jobs: - run: helm lint ./helm/charts/kratos/ - run: helm lint ./helm/charts/example-idp/ - run: helm lint ./helm/charts/kratos-selfservice-ui-node/ + + validate: + docker: + - image: circleci/golang:1.16.5 + working_directory: /go/src/github.com/ory/k8s + steps: + - checkout + - run: curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash + - run: helm plugin install https://github.com/instrumenta/helm-kubeval + - run: .circleci/helm-validate.sh oathkeeper + - run: .circleci/helm-validate.sh oathkeeper-maester + - run: .circleci/helm-validate.sh keto + - run: .circleci/helm-validate.sh hydra + - run: .circleci/helm-validate.sh hydra-maester + - run: .circleci/helm-validate.sh kratos + - run: .circleci/helm-validate.sh example-idp + - run: .circleci/helm-validate.sh kratos-selfservice-ui-node test: machine: @@ -63,6 +80,9 @@ jobs: - run: command: | .circleci/helm-test.sh keto + - run: + command: | + .circleci/helm-test.sh kratos-selfservice-ui-node release: docker: @@ -90,6 +110,10 @@ workflows: filters: tags: only: /.*/ + - validate: + filters: + tags: + only: /.*/ - release: requires: - lint diff --git a/.circleci/helm-validate.sh b/.circleci/helm-validate.sh new file mode 100755 index 000000000..05fe2b0a5 --- /dev/null +++ b/.circleci/helm-validate.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +set -Eeuo pipefail + +cd "$( dirname "${BASH_SOURCE[0]}" )/.." + +schema_url="https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/" + +helm kubeval "./helm/charts/${1}" --exit-on-error --strict --schema-location "${schema_url}" -f ".circleci/values/${1}.yaml" --force-color diff --git a/.circleci/values/example-idp.yaml b/.circleci/values/example-idp.yaml new file mode 100644 index 000000000..f6ccc628a --- /dev/null +++ b/.circleci/values/example-idp.yaml @@ -0,0 +1,2 @@ +ingress: + enabled: true diff --git a/.circleci/values/keto.yaml b/.circleci/values/keto.yaml index 6b03199b1..6d667d1c2 100644 --- a/.circleci/values/keto.yaml +++ b/.circleci/values/keto.yaml @@ -3,3 +3,8 @@ keto: autoMigrate: true config: dsn: "postgres://ory:ory@postgresql.default.svc.cluster.local/ory?sslmode=disable&max_conn_lifetime=10s" +ingress: + read: + enabled: true + write: + enabled: true \ No newline at end of file diff --git a/.circleci/values/kratos-selfservice-ui-node.yaml b/.circleci/values/kratos-selfservice-ui-node.yaml new file mode 100644 index 000000000..95e57c375 --- /dev/null +++ b/.circleci/values/kratos-selfservice-ui-node.yaml @@ -0,0 +1,2 @@ +ingress: + enabled: true \ No newline at end of file diff --git a/.circleci/values/kratos.yaml b/.circleci/values/kratos.yaml index 809ab8220..0ff633496 100644 --- a/.circleci/values/kratos.yaml +++ b/.circleci/values/kratos.yaml @@ -62,3 +62,8 @@ kratos: courier: smtp: connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true +ingress: + admin: + enabled: true + public: + enabled: true diff --git a/.circleci/values/oathkeeper.yaml b/.circleci/values/oathkeeper.yaml index 6d7e87251..465423ce5 100644 --- a/.circleci/values/oathkeeper.yaml +++ b/.circleci/values/oathkeeper.yaml @@ -8,19 +8,8 @@ maester: # api: # type: NodePort # -#ingress: -# proxy: -# enabled: true -# annotations: -# kubernetes.io/ingress.global-static-ip-name: "oathkeeper-proxy" -# hosts: -# - host: oathkeeper-k8s-proxy.dev.ory.dev -# paths: ["/"] -# -# api: -# enabled: true -# hosts: -# - host: oathkeeper-k8s-api.dev.ory.dev -# paths: ["/"] -# annotations: -# kubernetes.io/ingress.global-static-ip-name: "oathkeeper-api" +ingress: + proxy: + enabled: true + api: + enabled: true diff --git a/README.md b/README.md index c3b4bb33d..661732512 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,9 @@ This repository contains helm charts for Kubernetes. All charts are in incubatio Please go to [k8s.ory.sh/helm](https://k8s.ory.sh/helm/) for a list of helm charts and their configuration options. +**NOTE** +> All charts present in this repository require Kuberentes 1.18+. Please refer to releases [0.18.0](https://github.com/ory/k8s/releases/tag/v0.18.0) and older for versions supporting older releases of Kubernetes. + ## Development You can test and develop charts locally using [Minikube](https://kubernetes.io/docs/setup/learning-environment/minikube/). diff --git a/docs/helm/hydra.md b/docs/helm/hydra.md index 0678b3a38..1e8b6dff2 100644 --- a/docs/helm/hydra.md +++ b/docs/helm/hydra.md @@ -303,7 +303,7 @@ Should you forget, helm will fail and remind you to. Since this version we support only kubernetes >= v1.18 for the ingress definition. If you enabled ingresses you need to migrate values from: -``` +```yaml ingress: public: hosts: @@ -314,8 +314,10 @@ ingress: - host: admin.hydra.localhost paths: ["/"] ``` + to -``` + +```yaml ingress: public: className: "" @@ -332,6 +334,7 @@ ingress: - path: / pathType: ImplementationSpecific ``` -where chaanges are on: - - introduce the `className` for specify the [ingress class documentation](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#extended-configuration-with-ingress-classes) that need to be used - - change `paths` definition from array of string to array of object, where each object include the `path` and the `pathType` (see [path matching documentation](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types)) \ No newline at end of file + +where changes are on: +- introduce the `className` to specify the [ingress class documentation](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#extended-configuration-with-ingress-classes) that need to be used +- change `paths` definition from an array of strings to an array of objects, where each object include the `path` and the `pathType` (see [path matching documentation](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types)) diff --git a/helm/charts/keto/README.md b/docs/helm/keto.md similarity index 63% rename from helm/charts/keto/README.md rename to docs/helm/keto.md index 03eba5e99..63aaaedda 100644 --- a/helm/charts/keto/README.md +++ b/docs/helm/keto.md @@ -77,3 +77,46 @@ $ helm install -f ./path/to/keto-config.yaml ory/keto Additionally, the following extra settings are available: - `autoMigrate` (bool): If enabled, an `initContainer` running `keto migrate sql` will be created. + +## Upgrade + +### From `0.18.0` + +Since this version we support only kubernetes >= v1.18 for the ingress definition. + +If you enabled ingresses you need to migrate values from: +```yaml +ingress: + read: + hosts: + - host: chart-example.local + paths: ["/read"] + write: + hosts: + - host: chart-example.local + paths: ["/write"] +``` + +to + +```yaml +ingress: + read: + className: "" + hosts: + - host: chart-example.local + paths: + - path: /read + pathType: Prefix + write: + className: "" + hosts: + - host: chart-example.local + paths: + - path: /write + pathType: Prefix +``` + +where changes are on: +- introduce the `className` to specify the [ingress class documentation](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#extended-configuration-with-ingress-classes) that need to be used +- change `paths` definition from an array of strings to an array of objects, where each object include the `path` and the `pathType` (see [path matching documentation](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types)) diff --git a/docs/helm/kratos.md b/docs/helm/kratos.md index ed459b458..cba9276fb 100644 --- a/docs/helm/kratos.md +++ b/docs/helm/kratos.md @@ -64,3 +64,46 @@ Additionally, the following extra settings are available: - `deployment.environmentSecretsName` (string): Allows you to set arbitrary environment variables from [a secret containing a list of keys and values](https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#configure-all-key-value-pairs-in-a-secret-as-container-environment-variables). (This secret is not created by the Helm chart) Check values.yaml for more configuration options. + +## Upgrade + +### From `0.18.0` + +Since this version we support only kubernetes >= v1.18 for the ingress definition. + +If you enabled ingresses you need to migrate values from: +```yaml +ingress: + public: + hosts: + - host: kratos.public.local.com + paths: ["/"] + admin: + hosts: + - host: kratos.admin.local.com + paths: ["/"] +``` + +to + +```yaml +ingress: + public: + className: "" + hosts: + - host: kratos.public.local.com + paths: + - path: / + pathType: ImplementationSpecific + admin: + className: "" + hosts: + - host: kratos.admin.local.com + paths: + - path: / + pathType: ImplementationSpecific +``` + +where changes are on: +- introduce the `className` to specify the [ingress class documentation](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#extended-configuration-with-ingress-classes) that need to be used +- change `paths` definition from an array of strings to an array of objects, where each object include the `path` and the `pathType` (see [path matching documentation](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types)) diff --git a/docs/helm/oathkeeper.md b/docs/helm/oathkeeper.md index 10b50c0e4..ec2a2149d 100644 --- a/docs/helm/oathkeeper.md +++ b/docs/helm/oathkeeper.md @@ -109,3 +109,46 @@ This mode requires giving elevated privileges to the Oathkeeper Maestercontrolle **Sidecar mode** In this mode, the Hydra Maester controller runs as an additional container in the Oathkeeper application Pod. All communication is done on the local filesystem, which can be a shared `tempfs`, mounted directory or a persistent volume, and the controller is scaled together with the Oathkeeper application. + +## Upgrade + +### From `0.18.0` + +Since this version we support only kubernetes >= v1.18 for the ingress definition. + +If you enabled ingresses you need to migrate values from: +```yaml +ingress: + proxy: + hosts: + - host: proxy.oathkeeper.localhost + paths: ["/"] + api: + hosts: + - host: api.oathkeeper.localhost + paths: ["/"] +``` + +to + +```yaml +ingress: + proxy: + className: "" + hosts: + - host: proxy.oathkeeper.localhost + paths: + - path: / + pathType: ImplementationSpecific + api: + className: "" + hosts: + - host: api.oathkeeper.localhost + paths: + - path: / + pathType: ImplementationSpecific +``` + +where changes are on: +- introduce the `className` to specify the [ingress class documentation](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#extended-configuration-with-ingress-classes) that need to be used +- change `paths` definition from an array of strings to an array of objects, where each object include the `path` and the `pathType` (see [path matching documentation](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types)) diff --git a/helm/charts/example-idp/templates/ingress.yaml b/helm/charts/example-idp/templates/ingress.yaml index fea0f0bae..b8e4d0110 100644 --- a/helm/charts/example-idp/templates/ingress.yaml +++ b/helm/charts/example-idp/templates/ingress.yaml @@ -1,36 +1,52 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "example-idp.fullname" . -}} -apiVersion: extensions/v1beta1 +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else -}} +apiVersion: networking.k8s.io/v1beta1 +{{- end }} kind: Ingress metadata: name: {{ $fullName }} + namespace: {{ .Release.Namespace }} labels: -{{ include "example-idp.labels" . | indent 4 }} + {{- include "example-idp.labels" . | nindent 4 }} {{- with .Values.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: -{{- if .Values.ingress.tls }} + ingressClassName: {{ .Values.ingress.className }} + {{- if .Values.ingress.tls }} tls: - {{- range .Values.ingress.tls }} + {{- range .Values.ingress.tls }} - hosts: - {{- range .hosts }} + {{- range .hosts }} - {{ . | quote }} - {{- end }} + {{- end }} secretName: {{ .secretName }} + {{- end }} {{- end }} -{{- end }} rules: - {{- range .Values.ingress.hosts }} + {{- range .Values.ingress.hosts }} - host: {{ .host | quote }} http: paths: - {{- range .paths }} - - path: {{ . }} + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + name: http + {{- else }} serviceName: {{ $fullName }} servicePort: http - {{- end }} - {{- end }} + {{- end }} + {{- end }} + {{- end }} {{- end }} diff --git a/helm/charts/example-idp/values.yaml b/helm/charts/example-idp/values.yaml index 09ed30275..a3cf9efbd 100644 --- a/helm/charts/example-idp/values.yaml +++ b/helm/charts/example-idp/values.yaml @@ -22,13 +22,15 @@ service: ingress: enabled: false + className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: example-idp.localhost - paths: ["/"] - + paths: + - path: / + pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: diff --git a/helm/charts/keto/templates/NOTES.txt b/helm/charts/keto/templates/NOTES.txt index 44e850cb1..91b1ae745 100644 --- a/helm/charts/keto/templates/NOTES.txt +++ b/helm/charts/keto/templates/NOTES.txt @@ -3,13 +3,13 @@ Read endpoint available at: {{- range $host := .Values.ingress.read.hosts }} {{- range .paths }} - http{{ if $.Values.ingress.read.tls }}s{{ end }}://{{ $host.host }}{{ . }} + http{{ if $.Values.ingress.read.tls }}s{{ end }}://{{ $host.host }}{{ .path }} {{- end }} {{- end }} Write endpoint available at: {{- range $host := .Values.ingress.write.hosts }} {{- range .paths }} - http{{ if $.Values.ingress.write.tls }}s{{ end }}://{{ $host.host }}{{ . }} + http{{ if $.Values.ingress.write.tls }}s{{ end }}://{{ $host.host }}{{ .path }} {{- end }} {{- end }} {{- else if or ( contains "NodePort" .Values.service.read.type ) ( contains "NodePort" .Values.service.write.type ) }} diff --git a/helm/charts/keto/templates/ingress-read.yaml b/helm/charts/keto/templates/ingress-read.yaml index e24bc171f..3f1089a4f 100644 --- a/helm/charts/keto/templates/ingress-read.yaml +++ b/helm/charts/keto/templates/ingress-read.yaml @@ -1,42 +1,52 @@ {{- if .Values.ingress.read.enabled -}} {{- $fullName := include "keto.fullname" . -}} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1 +{{- else -}} +apiVersion: networking.k8s.io/v1beta1 +{{- end }} kind: Ingress metadata: name: {{ $fullName }}-read - {{- if .Release.Namespace }} namespace: {{ .Release.Namespace }} - {{- end }} labels: -{{ include "keto.labels" . | indent 4 }} + {{- include "keto.labels" . | nindent 4 }} {{- with .Values.ingress.read.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: -{{- if .Values.ingress.read.tls }} + ingressClassName: {{ .Values.ingress.read.className }} + {{- if .Values.ingress.read.tls }} tls: - {{- range .Values.ingress.read.tls }} + {{- range .Values.ingress.read.tls }} - hosts: - {{- range .hosts }} + {{- range .hosts }} - {{ . | quote }} - {{- end }} + {{- end }} secretName: {{ .secretName }} + {{- end }} {{- end }} -{{- end }} rules: - {{- range .Values.ingress.read.hosts }} + {{- range .Values.ingress.read.hosts }} - host: {{ .host | quote }} http: paths: - {{- range .paths }} - - path: {{ . }} - pathType: Prefix + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} backend: - service: - name: {{ $fullName }} - port: - name: http-read - {{- end }} - {{- end }} + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + name: http-read + {{- else }} + serviceName: {{ $fullName }} + servicePort: http-read + {{- end }} + {{- end }} + {{- end }} {{- end }} diff --git a/helm/charts/keto/templates/ingress-write.yaml b/helm/charts/keto/templates/ingress-write.yaml index 4d1ef7ae5..2c67669c0 100644 --- a/helm/charts/keto/templates/ingress-write.yaml +++ b/helm/charts/keto/templates/ingress-write.yaml @@ -1,42 +1,52 @@ {{- if .Values.ingress.write.enabled -}} {{- $fullName := include "keto.fullname" . -}} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1 +{{- else -}} +apiVersion: networking.k8s.io/v1beta1 +{{- end }} kind: Ingress metadata: name: {{ $fullName }}-write - {{- if .Release.Namespace }} namespace: {{ .Release.Namespace }} - {{- end }} labels: -{{ include "keto.labels" . | indent 4 }} + {{- include "keto.labels" . | nindent 4 }} {{- with .Values.ingress.write.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: -{{- if .Values.ingress.write.tls }} + ingressClassName: {{ .Values.ingress.write.className }} + {{- if .Values.ingress.write.tls }} tls: - {{- range .Values.ingress.write.tls }} + {{- range .Values.ingress.write.tls }} - hosts: - {{- range .hosts }} + {{- range .hosts }} - {{ . | quote }} - {{- end }} + {{- end }} secretName: {{ .secretName }} + {{- end }} {{- end }} -{{- end }} rules: - {{- range .Values.ingress.write.hosts }} + {{- range .Values.ingress.write.hosts }} - host: {{ .host | quote }} http: paths: - {{- range .paths }} - - path: {{ . }} - pathType: Prefix + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} backend: - service: - name: {{ $fullName }} - port: - name: http-write - {{- end }} - {{- end }} + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + name: http-write + {{- else }} + serviceName: {{ $fullName }} + servicePort: http-write + {{- end }} + {{- end }} + {{- end }} {{- end }} diff --git a/helm/charts/keto/values.yaml b/helm/charts/keto/values.yaml index fd899b426..b9689d485 100644 --- a/helm/charts/keto/values.yaml +++ b/helm/charts/keto/values.yaml @@ -47,26 +47,30 @@ job: ingress: read: enabled: false + className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local paths: - - /read + - path: /read + pathType: Prefix tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local write: enabled: false + className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local paths: - - /write + - path: /write + pathType: Prefix tls: [] # - secretName: chart-example-tls # hosts: diff --git a/helm/charts/kratos-selfservice-ui-node/templates/NOTES.txt b/helm/charts/kratos-selfservice-ui-node/templates/NOTES.txt index 66f18ddcd..639901d28 100644 --- a/helm/charts/kratos-selfservice-ui-node/templates/NOTES.txt +++ b/helm/charts/kratos-selfservice-ui-node/templates/NOTES.txt @@ -2,7 +2,7 @@ {{- if .Values.ingress.enabled }} {{- range $host := .Values.ingress.hosts }} {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} {{- end }} {{- end }} {{- else if contains "NodePort" .Values.service.type }} diff --git a/helm/charts/kratos-selfservice-ui-node/templates/ingress.yaml b/helm/charts/kratos-selfservice-ui-node/templates/ingress.yaml index b543eb860..67a657189 100644 --- a/helm/charts/kratos-selfservice-ui-node/templates/ingress.yaml +++ b/helm/charts/kratos-selfservice-ui-node/templates/ingress.yaml @@ -1,36 +1,52 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "kratos-selfservice-ui-node.fullname" . -}} -apiVersion: extensions/v1beta1 +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else -}} +apiVersion: networking.k8s.io/v1beta1 +{{- end }} kind: Ingress metadata: name: {{ $fullName }} + namespace: {{ .Release.Namespace }} labels: -{{ include "kratos-selfservice-ui-node.labels" . | indent 4 }} + {{- include "kratos-selfservice-ui-node.labels" . | nindent 4 }} {{- with .Values.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: -{{- if .Values.ingress.tls }} + ingressClassName: {{ .Values.ingress.className }} + {{- if .Values.ingress.tls }} tls: - {{- range .Values.ingress.tls }} + {{- range .Values.ingress.tls }} - hosts: - {{- range .hosts }} + {{- range .hosts }} - {{ . | quote }} - {{- end }} + {{- end }} secretName: {{ .secretName }} + {{- end }} {{- end }} -{{- end }} rules: - {{- range .Values.ingress.hosts }} + {{- range .Values.ingress.hosts }} - host: {{ .host | quote }} http: paths: - {{- range .paths }} - - path: {{ . }} + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + name: http + {{- else }} serviceName: {{ $fullName }} servicePort: http - {{- end }} - {{- end }} + {{- end }} + {{- end }} + {{- end }} {{- end }} diff --git a/helm/charts/kratos-selfservice-ui-node/templates/tests/test-connection.yaml b/helm/charts/kratos-selfservice-ui-node/templates/tests/test-connection.yaml index 7a57ad6c3..a31ee8c2a 100644 --- a/helm/charts/kratos-selfservice-ui-node/templates/tests/test-connection.yaml +++ b/helm/charts/kratos-selfservice-ui-node/templates/tests/test-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "kratos-selfservice-ui-node.fullname" . }}:{{ .Values.service.port }}'] + args: ['{{ include "kratos-selfservice-ui-node.fullname" . }}:{{ .Values.service.port }}/health'] restartPolicy: Never diff --git a/helm/charts/kratos-selfservice-ui-node/values.yaml b/helm/charts/kratos-selfservice-ui-node/values.yaml index 2d9bd7c48..91a93490d 100644 --- a/helm/charts/kratos-selfservice-ui-node/values.yaml +++ b/helm/charts/kratos-selfservice-ui-node/values.yaml @@ -19,13 +19,15 @@ service: ingress: enabled: false + className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local - paths: [] - + paths: + - path: / + pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: diff --git a/helm/charts/kratos/templates/NOTES.txt b/helm/charts/kratos/templates/NOTES.txt index 39a406ee1..f4ee544c0 100644 --- a/helm/charts/kratos/templates/NOTES.txt +++ b/helm/charts/kratos/templates/NOTES.txt @@ -2,7 +2,7 @@ The ORY Kratos HTTP Public API is available via: {{- if .Values.ingress.public.enabled }} {{- range $host := .Values.ingress.public.hosts }} {{- range .paths }} - http{{ if $.Values.ingress.public.tls }}s{{ end }}://{{ $host.host }}{{ . }} + http{{ if $.Values.ingress.public.tls }}s{{ end }}://{{ $host.host }}{{ .path }} {{- end }} {{- end }} {{- else if contains "NodePort" .Values.service.public.type }} @@ -44,7 +44,7 @@ The ORY Kratos HTTP Admin API is available via: {{- if .Values.ingress.admin.enabled }} {{- range $host := .Values.ingress.admin.hosts }} {{- range .paths }} - http{{ if $.Values.ingress.admin.tls }}s{{ end }}://{{ $host.host }}{{ . }} + http{{ if $.Values.ingress.admin.tls }}s{{ end }}://{{ $host.host }}{{ .path }} {{- end }} {{- end }} {{- else if contains "NodePort" .Values.service.admin.type }} diff --git a/helm/charts/kratos/templates/ingress-admin.yaml b/helm/charts/kratos/templates/ingress-admin.yaml index 3cad9ec75..a51bc39c0 100644 --- a/helm/charts/kratos/templates/ingress-admin.yaml +++ b/helm/charts/kratos/templates/ingress-admin.yaml @@ -1,37 +1,52 @@ {{- if .Values.ingress.admin.enabled -}} {{- $fullName := include "kratos.fullname" . -}} -apiVersion: extensions/v1beta1 +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else -}} +apiVersion: networking.k8s.io/v1beta1 +{{- end }} kind: Ingress metadata: name: {{ $fullName }}-admin namespace: {{ .Release.Namespace }} labels: -{{ include "kratos.labels" . | indent 4 }} + {{- include "kratos.labels" . | nindent 4 }} {{- with .Values.ingress.admin.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: -{{- if .Values.ingress.admin.tls }} + ingressClassName: {{ .Values.ingress.admin.className }} + {{- if .Values.ingress.admin.tls }} tls: - {{- range .Values.ingress.admin.tls }} + {{- range .Values.ingress.admin.tls }} - hosts: - {{- range .hosts }} + {{- range .hosts }} - {{ . | quote }} - {{- end }} + {{- end }} secretName: {{ .secretName }} + {{- end }} {{- end }} -{{- end }} rules: - {{- range .Values.ingress.admin.hosts }} + {{- range .Values.ingress.admin.hosts }} - host: {{ .host | quote }} http: paths: - {{- range .paths }} - - path: {{ . }} + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }}-admin + port: + name: http + {{- else }} serviceName: {{ $fullName }}-admin servicePort: http - {{- end }} - {{- end }} + {{- end }} + {{- end }} + {{- end }} {{- end }} diff --git a/helm/charts/kratos/templates/ingress-public.yaml b/helm/charts/kratos/templates/ingress-public.yaml index 2e79c5682..1b74e7be8 100644 --- a/helm/charts/kratos/templates/ingress-public.yaml +++ b/helm/charts/kratos/templates/ingress-public.yaml @@ -1,37 +1,52 @@ -{{- if or .Values.ingress.public.enabled .Values.demo -}} +{{- if .Values.ingress.public.enabled -}} {{- $fullName := include "kratos.fullname" . -}} -apiVersion: extensions/v1beta1 +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else -}} +apiVersion: networking.k8s.io/v1beta1 +{{- end }} kind: Ingress metadata: name: {{ $fullName }}-public namespace: {{ .Release.Namespace }} labels: -{{ include "kratos.labels" . | indent 4 }} + {{- include "kratos.labels" . | nindent 4 }} {{- with .Values.ingress.public.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: -{{- if .Values.ingress.public.tls }} + ingressClassName: {{ .Values.ingress.public.className }} + {{- if .Values.ingress.public.tls }} tls: - {{- range .Values.ingress.public.tls }} + {{- range .Values.ingress.public.tls }} - hosts: - {{- range .hosts }} + {{- range .hosts }} - {{ . | quote }} - {{- end }} + {{- end }} secretName: {{ .secretName }} + {{- end }} {{- end }} -{{- end }} rules: - {{- range .Values.ingress.public.hosts }} + {{- range .Values.ingress.public.hosts }} - host: {{ .host | quote }} http: paths: - {{- range .paths }} - - path: {{ . }} + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }}-public + port: + name: http + {{- else }} serviceName: {{ $fullName }}-public servicePort: http - {{- end }} - {{- end }} + {{- end }} + {{- end }} + {{- end }} {{- end }} diff --git a/helm/charts/kratos/values.yaml b/helm/charts/kratos/values.yaml index 5fba44a5f..4be871332 100644 --- a/helm/charts/kratos/values.yaml +++ b/helm/charts/kratos/values.yaml @@ -56,29 +56,31 @@ secret: ingress: admin: enabled: false + className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: kratos.admin.local.com - paths: - - / - + paths: + - path: / + pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local public: enabled: false + className: "" annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" hosts: - host: kratos.public.local.com - paths: - - / - + paths: + - path: / + pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: diff --git a/helm/charts/oathkeeper/templates/NOTES.txt b/helm/charts/oathkeeper/templates/NOTES.txt index b18dc961e..bedd7b834 100644 --- a/helm/charts/oathkeeper/templates/NOTES.txt +++ b/helm/charts/oathkeeper/templates/NOTES.txt @@ -3,7 +3,7 @@ The ORY Oathkeeper HTTP Reverse Proxy is available via: {{- if .Values.ingress.proxy.enabled }} {{- range $host := .Values.ingress.proxy.hosts }} {{- range .paths }} - http{{ if $.Values.ingress.proxy.tls }}s{{ end }}://{{ $host.host }}{{ . }} + http{{ if $.Values.ingress.proxy.tls }}s{{ end }}://{{ $host.host }}{{ .path }} {{- end }} {{- end }} {{- else if contains "NodePort" .Values.service.proxy.type }} @@ -39,7 +39,7 @@ The ORY Oathkeeper HTTP API is available via: {{- if .Values.ingress.api.enabled }} {{- range $host := .Values.ingress.api.hosts }} {{- range .paths }} - http{{ if $.Values.ingress.api.tls }}s{{ end }}://{{ $host.host }}{{ . }} + http{{ if $.Values.ingress.api.tls }}s{{ end }}://{{ $host.host }}{{ .path }} {{- end }} {{- end }} {{- else if contains "NodePort" .Values.service.api.type }} diff --git a/helm/charts/oathkeeper/templates/ingress-api.yaml b/helm/charts/oathkeeper/templates/ingress-api.yaml index a1a032ca0..860ccff6a 100644 --- a/helm/charts/oathkeeper/templates/ingress-api.yaml +++ b/helm/charts/oathkeeper/templates/ingress-api.yaml @@ -1,39 +1,52 @@ {{- if .Values.ingress.api.enabled -}} {{- $fullName := include "oathkeeper.fullname" . -}} -apiVersion: extensions/v1beta1 +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else -}} +apiVersion: networking.k8s.io/v1beta1 +{{- end }} kind: Ingress metadata: name: {{ $fullName }}-api - {{- if .Release.Namespace }} namespace: {{ .Release.Namespace }} - {{- end }} labels: -{{ include "oathkeeper.labels" . | indent 4 }} + {{- include "oathkeeper.labels" . | nindent 4 }} {{- with .Values.ingress.api.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: -{{- if .Values.ingress.api.tls }} + ingressClassName: {{ .Values.ingress.api.className }} + {{- if .Values.ingress.api.tls }} tls: - {{- range .Values.ingress.api.tls }} + {{- range .Values.ingress.api.tls }} - hosts: - {{- range .hosts }} + {{- range .hosts }} - {{ . | quote }} - {{- end }} + {{- end }} secretName: {{ .secretName }} + {{- end }} {{- end }} -{{- end }} rules: - {{- range .Values.ingress.api.hosts }} + {{- range .Values.ingress.api.hosts }} - host: {{ .host | quote }} http: paths: - {{- range .paths }} - - path: {{ . }} + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }}-api + port: + name: http + {{- else }} serviceName: {{ $fullName }}-api servicePort: http - {{- end }} - {{- end }} + {{- end }} + {{- end }} + {{- end }} {{- end }} diff --git a/helm/charts/oathkeeper/templates/ingress-proxy.yaml b/helm/charts/oathkeeper/templates/ingress-proxy.yaml index db61db37a..6bee557ff 100644 --- a/helm/charts/oathkeeper/templates/ingress-proxy.yaml +++ b/helm/charts/oathkeeper/templates/ingress-proxy.yaml @@ -1,39 +1,52 @@ {{- if .Values.ingress.proxy.enabled -}} {{- $fullName := include "oathkeeper.fullname" . -}} -apiVersion: extensions/v1beta1 +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else -}} +apiVersion: networking.k8s.io/v1beta1 +{{- end }} kind: Ingress metadata: name: {{ $fullName }}-proxy - {{- if .Release.Namespace }} namespace: {{ .Release.Namespace }} - {{- end }} labels: -{{ include "oathkeeper.labels" . | indent 4 }} + {{- include "oathkeeper.labels" . | nindent 4 }} {{- with .Values.ingress.proxy.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: -{{- if .Values.ingress.proxy.tls }} + ingressClassName: {{ .Values.ingress.proxy.className }} + {{- if .Values.ingress.proxy.tls }} tls: - {{- range .Values.ingress.proxy.tls }} + {{- range .Values.ingress.proxy.tls }} - hosts: - {{- range .hosts }} + {{- range .hosts }} - {{ . | quote }} - {{- end }} + {{- end }} secretName: {{ .secretName }} + {{- end }} {{- end }} -{{- end }} rules: - {{- range .Values.ingress.proxy.hosts }} + {{- range .Values.ingress.proxy.hosts }} - host: {{ .host | quote }} http: paths: - {{- range .paths }} - - path: {{ . }} + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }}-proxy + port: + name: http + {{- else }} serviceName: {{ $fullName }}-proxy servicePort: http - {{- end }} - {{- end }} + {{- end }} + {{- end }} + {{- end }} {{- end }} diff --git a/helm/charts/oathkeeper/values.yaml b/helm/charts/oathkeeper/values.yaml index 43b46ca10..454b3bd79 100644 --- a/helm/charts/oathkeeper/values.yaml +++ b/helm/charts/oathkeeper/values.yaml @@ -79,12 +79,15 @@ ingress: proxy: # En-/Disable the proxy ingress. enabled: false + className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: proxy.oathkeeper.localhost - paths: ["/"] + paths: + - path: / + pathType: ImplementationSpecific # tls: [] # hosts: # - proxy.oathkeeper.local @@ -93,7 +96,7 @@ ingress: api: # En-/Disable the api ingress. enabled: false - + className: "" annotations: {} # If you do want to specify annotations, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'annotations:'. @@ -101,7 +104,9 @@ ingress: # kubernetes.io/tls-acme: "true" hosts: - host: api.oathkeeper.localhost - paths: ["/"] + paths: + - path: / + pathType: ImplementationSpecific # tls: [] # hosts: # - api.oathkeeper.local