Skip to content

Commit

Permalink
Contour Ingress & Gateway (#468)
Browse files Browse the repository at this point in the history
* put a little note in docs on disabling network

* first draft of contour ingress and gateway

* put contour chart

* minor fixes

* put some fakes

* more wip

* helm client create ns for contour

* gateway

* testy yamls

* gateway provisioner

* ck-gateway

* more gateway

* gateway provider manifest to chart

* remove that

* add mini tls delegation chart

* some cleanup

* set use-proxy-protocol

* yamling, put shared crds in their own chart

* forgot this yaml

* some more comments

* gateway class renamed ck-gateway, some renaming

* testing adjustments & cleanup

* fix ingress class name

* fix cilium ingress class

* try improve tests

* lint

* lint2

* lint

* fix test

* change contour chart version

* update component contour

* update ingress test

* little typo

* ingressClassName patch

* typo

* cleanup cilium ingress class

* update dir

* cleanup

* make contour charts updatable

* fix gateway yamls

* comments

* lost braket,

* beautify

* comments

* move tlscertdelegation

* lint

* undo move enabled config

* update charts

* match on label my-gateway

* improve label check

* linter

* make ingress check more precise

* update helm pull for contour

* wait for contour common crds

* add missing returns

* change name in api resources await

* change chart helm pull

* missed a little name change

* comment update

Co-authored-by: eaudetcobello <[email protected]>

* update resources for group version

* rewrite wait for crds for two groups

* update wait for crds

* the rest of my comment

* maybe now I understand api group conventions

* Revert "maybe now I understand api group conventions"

This reverts commit 854f205.

* correct api-resource name

* update chart helm pull

* remove resource.group check optional param

* cleanup

* make it two loops

* add images

* comments

---------

Co-authored-by: eaudetcobello <[email protected]>
  • Loading branch information
louiseschmidtgen and eaudetcobello authored Jun 21, 2024
1 parent 488418b commit 78f406c
Show file tree
Hide file tree
Showing 25 changed files with 580 additions and 23 deletions.
14 changes: 14 additions & 0 deletions build-scripts/hack/update-component-versions.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@

DIR = Path(__file__).absolute().parent
COMPONENTS = DIR.parent / "components"
CHARTS = DIR.parent.parent / "k8s" / "manifests" / "charts"

# Version marker for latest Kubernetes version. Expected to be one of:
#
Expand All @@ -36,6 +37,9 @@
# Helm release branch to track. The most recent tag in the branch will be used.
HELM_RELEASE_BRANCH = "release-3.14"

# Contour Helm repository and chart version
CONTOUR_HELM_REPO = "https://charts.bitnami.com/bitnami"
CONTOUR_CHART_VERSION = "17.0.4"

def get_kubernetes_version() -> str:
"""Update Kubernetes version based on the specified marker file"""
Expand All @@ -59,6 +63,9 @@ def get_cni_version() -> str:

raise Exception(f"Failed to find cni dependency in {deps_file}")

def pull_contour_chart() -> None:
LOG.info("Pulling Contour Helm chart from %s with version %s", CONTOUR_HELM_REPO, CONTOUR_CHART_VERSION)
util.helm_pull("contour", CONTOUR_HELM_REPO, CONTOUR_CHART_VERSION, CHARTS)

def get_containerd_version() -> str:
"""Update containerd version using latest tag of specified branch"""
Expand Down Expand Up @@ -101,6 +108,13 @@ def update_component_versions(dry_run: bool):
if not dry_run:
Path(path).write_text(version.strip() + "\n")

for component, pull_helm_chart in [
("bitnami/contour", pull_contour_chart),
]:
LOG.info("Updating chart for %s", component)
if not dry_run:
pull_helm_chart()


def main():
parser = argparse.ArgumentParser(
Expand Down
65 changes: 65 additions & 0 deletions build-scripts/hack/update-contour-components.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
#!/bin/bash

CONTOUR_VERSION="v1.28.2"
DIR=$(realpath $(dirname "${0}"))
CHARTS_PATH="$DIR/../../k8s/components/charts"

cd "$CHARTS_PATH"
# Download the common CRDs
echo "Downloading common CRDs from Contour ${CONTOUR_VERSION}"

git clone https://github.com/projectcontour/contour --depth 1 -b "${CONTOUR_VERSION}" contour-src
# curl -s -o "${CHARTS_PATH}/contour/templates/common-crds.yaml" "${COMMON_URL}"

# Common CRDS for contour gateway and ingress
rm -rf "ck-contour-common-${CONTOUR_VERSION:1}.tgz"
helm create ck-contour-common

rm -rf ck-contour-common/templates
rm -rf ck-contour-common/charts
rm -rf ck-contour-common/values.yaml
mkdir -p ck-contour-common/crds

cp contour-src/examples/contour/01-crds.yaml ck-contour-common/crds/
sed -i 's/^\(version: \).*$/\1'"${CONTOUR_VERSION:1}"'/' ck-contour-common/Chart.yaml
sed -i 's/^\(appVersion: \).*$/\1'"${CONTOUR_VERSION:1}"'/' ck-contour-common/Chart.yaml
sed -i 's/^\(description: \).*$/\1'"A Helm Chart containing Contour common CRDs"'/' ck-contour-common/Chart.yaml

helm package ck-contour-common
rm -rf ck-contour-common

# Contour Gateway Provisioner
helm create ck-gateway-contour
rm -rf ck-gateway-contour/templates/*
rm -rf ck-gateway-contour/charts
rm -rf ck-gateway-contour/values.yaml
mkdir -p ck-gateway-contour/crds

cp contour-src/examples/gateway/00-crds.yaml ck-gateway-contour/crds/
cp contour-src/examples/gateway-provisioner/00-common.yaml ck-gateway-contour/templates/
cp contour-src/examples/gateway-provisioner/01-roles.yaml ck-gateway-contour/templates/
cp contour-src/examples/gateway-provisioner/02-rolebindings.yaml ck-gateway-contour/templates/
cp contour-src/examples/gateway-provisioner/03-gateway-provisioner.yaml ck-gateway-contour/templates/

# Add Gateway Class
cat <<EOF >ck-gateway-contour/templates/ck-gateway-class.yaml
---
kind: GatewayClass
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
name: ck-gateway
spec:
controllerName: projectcontour.io/gateway-controller
EOF
# Remove the Namespace resource from 00-common.yaml
sed -i '1,5d' ck-gateway-contour/templates/00-common.yaml

sed -i 's/^\(version: \).*$/\1'"${CONTOUR_VERSION:1}"'/' ck-gateway-contour/Chart.yaml
sed -i 's/^\(appVersion: \).*$/\1'"${CONTOUR_VERSION:1}"'/' ck-gateway-contour/Chart.yaml
sed -i 's/^\(description: \).*$/\1'"A Helm Chart containing Contour Gateway Provisioner"'/' ck-gateway-contour/Chart.yaml

helm package ck-gateway-contour
rm -rf ck-gateway-contour

# Remove the github source code
rm -rf contour-src
17 changes: 17 additions & 0 deletions build-scripts/hack/util.py
Original file line number Diff line number Diff line change
Expand Up @@ -48,3 +48,20 @@ def read_file(path: Path) -> str:

def read_url(url: str) -> str:
return urlopen(url).read().decode().strip()

def helm_pull(chart, repo_url: str, version: str, destination: Path) -> None:
parse_output(
[
"helm",
"pull",
chart,
"--repo",
repo_url,
"--version",
version,
"--destination",
destination
]
)

LOG.info("Pulled helm chart %s @ %s as %s to %s", chart, version, repo_url, destination)
6 changes: 2 additions & 4 deletions build-scripts/patches/moonray/apply
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,8 @@ git config user.name k8s-bot
rm "${DIR}/../../../tests/integration/tests/test_cilium_e2e.py"
## TODO: restore when loadbalancer is implemented
rm "${DIR}/../../../tests/integration/tests/test_loadbalancer.py"
## TODO: restore when gateway is implemented
rm "${DIR}/../../../tests/integration/tests/test_gateway.py"
## TODO: restore when ingress is implemented
rm "${DIR}/../../../tests/integration/tests/test_ingress.py"

sed -i 's/ingressClassName: cilium/ingressClassName: ck-ingress/g' "${DIR}/../../../tests/integration/templates/ingress-test.yaml"

git commit -a -m "Remove unrelated tests"

Expand Down
16 changes: 11 additions & 5 deletions docs/src/snap/howto/networking/default-network.md
Original file line number Diff line number Diff line change
Expand Up @@ -58,21 +58,27 @@ Once you have the name of the pod, run the following command to see Cilium's
status:

```sh
sudo k8s kubectl exec -it cilium-97vcw -n kube-system -c cilium-agent -- cilium status
sudo k8s kubectl exec -it cilium-97vcw -n kube-system -c cilium-agent \
-- cilium status
```

You should see a wide range of metrics and configuration values for your cluster.
You should see a wide range of metrics and configuration values for your
cluster.

## Disable Network

You can `disable` the built-in network:

``` {warning}
If you have an active cluster, disabling Network may impact external access to
services within your cluster.
Ensure that you have alternative configurations in place before disabling Network.
If you have an active cluster, disabling Network may impact external
access to services within your cluster.
Ensure that you have alternative configurations in place before
disabling Network.
```

If your underlying network is cilium you will have to run
`sudo k8s disable gateway` before disabling network.

```
sudo k8s disable network
```
Expand Down
Binary file added k8s/manifests/charts/ck-contour-common-1.28.2.tgz
Binary file not shown.
23 changes: 23 additions & 0 deletions k8s/manifests/charts/ck-gateway-cilium/.helmignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
24 changes: 24 additions & 0 deletions k8s/manifests/charts/ck-gateway-cilium/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
apiVersion: v2
name: ck-gateway-cilium
description: A Helm chart for Kubernetes

# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application

# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
kind: GatewayClass
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
name: ck-gateway
spec:
controllerName: io.cilium/gateway-controller
Binary file not shown.
23 changes: 23 additions & 0 deletions k8s/manifests/charts/ck-ingress-tls/.helmignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
24 changes: 24 additions & 0 deletions k8s/manifests/charts/ck-ingress-tls/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
apiVersion: v2
name: ck-ingress-tls
description: A Helm chart for Kubernetes

# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application

# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: projectcontour.io/v1
kind: TLSCertificateDelegation
metadata:
name: ck-ingress-tls-delegation
namespace: projectcontour-root
spec:
delegations:
- secretName: {{ .Values.defaultTLSSecret}}
targetNamespaces:
- "*"
4 changes: 4 additions & 0 deletions k8s/manifests/charts/ck-ingress-tls/values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Default values for ck-ingress.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
defaultTLSSecret: ""
Binary file added k8s/manifests/charts/contour-17.0.4.tgz
Binary file not shown.
7 changes: 7 additions & 0 deletions src/k8s/pkg/k8sd/features/cilium/chart.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,13 @@ var (
ManifestPath: path.Join("charts", "gateway-api-1.0.0.tgz"),
}

//chartGatewayClass represents a manifest to deploy a GatewayClass called ck-gateway.
chartGatewayClass = helm.InstallableChart{
Name: "ck-gateway-class",
Namespace: "default",
ManifestPath: path.Join("charts", "ck-gateway-cilium"),
}

// ciliumAgentImageRepo represents the image to use for cilium-agent.
ciliumAgentImageRepo = "ghcr.io/canonical/cilium"

Expand Down
5 changes: 5 additions & 0 deletions src/k8s/pkg/k8sd/features/cilium/gateway.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,11 @@ func ApplyGateway(ctx context.Context, snap snap.Snap, gateway types.Gateway, ne
return fmt.Errorf("failed to install Gateway API CRDs: %w", err)
}

// Apply our GatewayClass named ck-gateway
if _, err := m.Apply(ctx, chartGatewayClass, helm.StatePresentOrDeleted(gateway.GetEnabled()), nil); err != nil {
return fmt.Errorf("failed to install Gateway API GatewayClass: %w", err)
}

changed, err := m.Apply(ctx, chartCilium, helm.StateUpgradeOnlyOrDeleted(network.GetEnabled()), map[string]any{"gatewayAPI": map[string]any{"enabled": gateway.GetEnabled()}})
if err != nil {
return fmt.Errorf("failed to apply Gateway API cilium configuration: %w", err)
Expand Down
53 changes: 53 additions & 0 deletions src/k8s/pkg/k8sd/features/contour/chart.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
package contour

import (
"path"

"github.com/canonical/k8s/pkg/client/helm"
)

var (
// chartContour represents manifests to deploy Contour.
// This excludes shared CRDs.
chartContour = helm.InstallableChart{
Name: "ck-ingress",
Namespace: "projectcontour",
ManifestPath: path.Join("charts", "contour-17.0.4.tgz"),
}
// chartGateway represents manifests to deploy Contour Gateway.
// This excludes shared CRDs.
chartGateway = helm.InstallableChart{
Name: "ck-gateway",
Namespace: "projectcontour",
ManifestPath: path.Join("charts", "ck-gateway-contour-1.28.2.tgz"),
}
// chartDefaultTLS represents manifests to deploy a delegation resource for the default TLS secret.
chartDefaultTLS = helm.InstallableChart{
Name: "ck-ingress-tls",
Namespace: "projectcontour-root",
ManifestPath: path.Join("charts", "ck-ingress-tls"),
}
// chartCommonContourCRDS represents manifests to deploy common Contour CRDs.
chartCommonContourCRDS = helm.InstallableChart{
Name: "ck-contour-common",
Namespace: "projectcontour",
ManifestPath: path.Join("charts", "ck-contour-common-1.28.2.tgz"),
}
// envoyImageRepo represents the image to use for the Contour Envoy proxy.
envoyImageRepo = "docker.io/bitnami/envoy"

// envoyImageTag is the tag to use for the Contour Envoy proxy image.
envoyImageTag = "1.28.2-debian-12-r0"

// contourImageRepo represents the image to use for Contour.
contourImageRepo = "docker.io/bitnami/contour"

// contourImageTag is the tag to use for the Contour image.
contourImageTag = "1.28.2-debian-12-r4"

// contourGatewayImageRepo represents the image to use for the Contour Gateway Provisioner.
contourGatewayImageRepo = "ghcr.io/projectcontour/contour"

// contourGatewayImageTag is the tag to use for the Contour Gateway Provisioner image.
contourGatewayImageTag = "v1.28.2"
)
Loading

0 comments on commit 78f406c

Please sign in to comment.