Merge pull request #270 from junior/ingress_options

Ingress options for complete

deploy/complete/helm-chart/mushop/templates/NOTES.txt

@@ -33,7 +33,7 @@ Access the application on your ingress controller service IP address:
 (Will be a self-signed SSL certificate)
 
   Local: https://localhost
-  Cloud: https://xxx.xx.xx.xxx
+  Cloud: https://<EXTERNAL-IP>
 
 {{ end }}
 

deploy/complete/helm-chart/mushop/templates/cluster-issuers.yaml

@@ -1,9 +1,8 @@
-# Copyright (c) 2019, 2020 Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2019-2021 Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
 # 
-
 {{- if .Values.ingress.clusterIssuer }}
-apiVersion: cert-manager.io/v1alpha2
+apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
   name: {{ include "mushop.fullname" . }}-letsencrypt-prod
@@ -21,7 +20,7 @@ spec:
         ingress:
           class: nginx
 ---
-apiVersion: cert-manager.io/v1alpha2
+apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
   name: {{ include "mushop.fullname" . }}-letsencrypt-staging
@@ -39,10 +38,10 @@ spec:
         ingress:
           class: nginx
 ---
-apiVersion: cert-manager.io/v1alpha2
+apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: {{ include "mushop.fullname" . }}-selfsigning
+  name: {{ include "mushop.fullname" . }}-selfsigned
 spec:
   selfSigned: {}
 {{- end -}}

deploy/complete/helm-chart/mushop/templates/ingress-edge.yaml

@@ -1,5 +1,5 @@
 {{- if .Values.ingress.enabled }}
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: {{ include "mushop.fullname" . }}
@@ -21,19 +21,25 @@ spec:
       http:
         paths:
         - path: /
+          pathType: Prefix
           backend:
             # intentionally w/o .Release.Name for metrics workshop
-            serviceName: edge
-            servicePort: {{ $.Values.edge.service.port }}
+            service:
+              name: edge
+              port:
+                number: {{ $.Values.edge.service.port }}
     {{- end -}}
     {{ else }}
     - http:
         paths:
         - path: /
+          pathType: Prefix
           backend:
             # intentionally w/o .Release.Name for metrics workshop
-            serviceName: edge
-            servicePort: {{ .Values.edge.service.port }}
+            service:
+              name: edge
+              port:
+                number: {{ $.Values.edge.service.port }}
     {{- end -}}
   {{- if .Values.ingress.tls }}
   tls:

deploy/complete/helm-chart/mushop/templates/ingress-grafana.yaml

@@ -13,7 +13,7 @@ spec:
   type: ExternalName
   externalName: mushop-utils-grafana.mushop-utilities
 ---
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: {{ include "mushop.fullname" . }}-grafana
@@ -36,19 +36,25 @@ spec:
       http:
         paths:
         - path: /grafana(/|$)(.*)
+          pathType: Prefix
           backend:
             # intentionally w/o .Release.Name for metrics workshop
-            serviceName: mushop-grafana-ingress
-            servicePort: 80
+            service:
+              name: mushop-grafana-ingress
+              port:
+                number: 80
     {{- end -}}
     {{ else }}
     - http:
         paths:
         - path: /grafana(/|$)(.*)
+          pathType: Prefix
           backend:
             # intentionally w/o .Release.Name for metrics workshop
-            serviceName: mushop-grafana-ingress
-            servicePort: 80
+            service:
+              name: mushop-grafana-ingress
+              port:
+                number: 80
     {{- end -}}
   {{- if .Values.ingress.tls }}
   tls:

deploy/complete/helm-chart/mushop/values-test.yaml

@@ -15,7 +15,7 @@ ingress:
 
   # Value can be either prod or staging
   # This controls the cluster issuer what's used in Ingress
-  clusterIssuer: prod
+  clusterIssuer: letsencrypt-staging
 
   # Used for ACME registration (if TLS is set)
   email: "[email protected]"

deploy/complete/helm-chart/setup/requirements.yaml

@@ -5,12 +5,12 @@
 dependencies:
   # Prometheus
   - name: prometheus
-    version: 13.6.0
+    version: 14.0.0
     condition: prometheus.enabled
     repository: https://prometheus-community.github.io/helm-charts
   # Grafana
   - name: grafana
-    version: 6.7.3
+    version: 6.9.1
     condition: grafana.enabled
     repository: https://grafana.github.io/helm-charts
   # HPA Metrics
@@ -20,7 +20,7 @@ dependencies:
     repository: https://charts.helm.sh/stable
   # Ingress Controller
   - name: ingress-nginx
-    version: 3.29.0
+    version: 3.30.0
     condition: ingress-nginx.enabled
     repository: https://kubernetes.github.io/ingress-nginx
   # Service Catalog
@@ -30,7 +30,7 @@ dependencies:
     repository: https://kubernetes-sigs.github.io/service-catalog 
   # cert-manager
   - name: cert-manager
-    version: 1.3.0
+    version: 1.3.1
     condition: cert-manager.enabled
     repository: https://charts.jetstack.io
   # jenkins

deploy/complete/helm-chart/setup/templates/NOTES.txt

@@ -10,6 +10,26 @@
     Made with ♥ by Oracle Developers
 ########################################
 
+{{- $ingressConfig := index $.Values "ingress-nginx" -}}
+{{- if $ingressConfig.enabled }}
+
+## Ingress
+
+An nginx ingress controller has been installed, which includes a LoadBalancer
+resource in this namespace.
+
+- Locate the ingress controller EXTERNAL-IP address
+
+  kubectl get svc -n {{ .Release.Namespace }} {{ .Release.Name }}-ingress-nginx-controller
+
+No ingress has been deployed yet. If you access the EXTERNAL-IP now, it will direct you to 
+the default backend page.
+
+If you plan to use a hostname, you can update your DNS now, associating the EXTERNAL-IP
+address to the domain name you included on the values.yaml on the mushop chart.
+
+{{- end }}
+
 {{- if .Values.grafana.enabled }}
 
 ## Grafana
@@ -30,20 +50,6 @@ how to access the Grafana application.
 
 {{- end }}
 
-{{- $ingressConfig := index $.Values "ingress-nginx" -}}
-{{- if $ingressConfig.enabled }}
-
-## Ingress
-
-An nginx ingress controller has been installed, which includes a LoadBalancer
-resource in this namespace.
-
-- Locate the ingress controller EXTERNAL-IP address
-
-  kubectl get svc -n {{ .Release.Namespace }} {{ .Release.Name }}-ingress-nginx-controller
-
-{{- end }}
-
 {{- if .Values.jenkins.enabled }}
 
 ## Jenkins

deploy/complete/terraform/CHANGELOG.md

@@ -1,5 +1,15 @@
 # CHANGELOG
 
+2021-05-18 (v2.3.0)
+
+- Support for flexible Load Balancer annotations on Ingress-Nginx
+- Support for domain name (FQDN) for ingress
+- Better variables and schema for Certificate management
+- Cert-manager updates
+- Schema updates for Ingress new features
+- Cluster Utilities version updates
+- apiVersion and manifest updates on deprecated items
+
 2021-04-08 (v2.2.0)
 
 - OKE Cluster Autoscaler support

deploy/complete/terraform/VERSION

@@ -1 +1 @@
-2.2.0
+2.3.0

deploy/complete/terraform/mushop-utilities.tf

@@ -18,7 +18,7 @@ resource "helm_release" "prometheus" {
   name       = "prometheus"
   repository = local.helm_repository.prometheus
   chart      = "prometheus"
-  version    = "13.6.0"
+  version    = "14.0.0"
   namespace  = kubernetes_namespace.cluster_utilities_namespace.id
   wait       = false
 
@@ -37,7 +37,7 @@ resource "helm_release" "grafana" {
   name       = "mushop-utils-grafana" # mushop-utils included to be backwards compatible to the docs and setup chart install
   repository = local.helm_repository.grafana
   chart      = "grafana"
-  version    = "6.7.3"
+  version    = "6.9.1"
   namespace  = kubernetes_namespace.cluster_utilities_namespace.id
   wait       = false
 
@@ -109,19 +109,26 @@ resource "helm_release" "ingress_nginx" {
   name       = "mushop-utils-ingress-nginx" # mushop-utils included to be backwards compatible to the docs and setup chart install
   repository = local.helm_repository.ingress_nginx
   chart      = "ingress-nginx"
-  version    = "3.29.0"
+  version    = "3.31.0"
   namespace  = kubernetes_namespace.cluster_utilities_namespace.id
   wait       = true
 
   set {
     name  = "controller.metrics.enabled"
     value = true
   }
-
   set {
     name  = "controller.service.annotations.service\\.beta\\.kubernetes\\.io/oci-load-balancer-shape"
     value = var.ingress_load_balancer_shape
   }
+  set {
+    name  = "controller.service.annotations.service\\.beta\\.kubernetes\\.io/oci-load-balancer-shape-flex-min"
+    value = var.ingress_load_balancer_shape_flex_min
+  }
+  set {
+    name  = "controller.service.annotations.service\\.beta\\.kubernetes\\.io/oci-load-balancer-shape-flex-max"
+    value = var.ingress_load_balancer_shape_flex_max
+  }
 
   timeout = 1800 # workaround to wait the node be active for other charts
 
@@ -145,20 +152,24 @@ resource "helm_release" "svc-cat" {
 }
 
 ## https://github.com/jetstack/cert-manager/blob/master/README.md
-## https://artifacthub.io/packages/helm/jetstack/cert-manager
+## https://artifacthub.io/packages/helm/cert-manager/cert-manager
 resource "helm_release" "cert_manager" {
   name       = "cert-manager"
   repository = local.helm_repository.jetstack
   chart      = "cert-manager"
-  version    = "1.3.0"
+  version    = "1.3.1"
   namespace  = kubernetes_namespace.cluster_utilities_namespace.id
-  wait       = false
+  wait       = true # wait to allow the webhook be properly configured
 
   set {
     name  = "installCRDs"
     value = true
   }
 
+  set {
+    name  = "webhook.timeoutSeconds"
+    value = "30"
+  }
   depends_on = [helm_release.ingress_nginx] # Ugly workaround because of the oci pvc provisioner not be able to wait for the node be active and retry.
 
   count = var.cert_manager_enabled ? 1 : 0