add default annotations and possibility to use same ingress for http-…

helm/frost-server/templates/NOTES.txt

@@ -32,7 +32,7 @@ Hereafter the list of available exposed FROST-Server's resources:
 FROST-Server's resource     | Access URL
 --------------------------- | ----------------------------------------------
 HTTP - Homepage             | {{ include "frost-server.http.serviceRootUrl" . }}
-HTTP - SensorThings API     | {{ include "frost-server.http.serviceRootUrl" . }}{{ include "frost-server.http.apiVersion" . }}
+HTTP - SensorThings API     | {{ include "frost-server.http.serviceRootUrl" . }}/{{ include "frost-server.http.apiVersion" . }}
 {{- if .Values.frost.mqtt.enabled }}
 MQTT - TCP                  | {{ include "frost-server.mqtt.serviceEndpoint" . }}
 MQTT - Websocket            | {{ include "frost-server.mqtt.serviceRootUrl" . }}

helm/frost-server/templates/_helpers.tpl

@@ -12,8 +12,10 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 */}}
 {{- define "frost-server.fullName" -}}
 {{- $name := default .Chart.Name .Values.name -}}
-{{- if .tier -}}
+{{- if and .tier (not .merge) -}}
 {{- printf "%s-%s-%s" .Release.Name $name .tier | trunc 63 | trimSuffix "-" -}}
+{{- else if .merge -}}
+{{- printf "%s-%s-minion-%s" .Release.Name $name .tier | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
@@ -65,7 +67,11 @@ Get the HTTP service SubPath
 Get the MQTT serviceHost.
 */}}
 {{- define "frost-server.mqtt.serviceHost" -}}
-  {{ if not .Values.frost.mqtt.serviceHost | empty }}{{ .Values.frost.mqtt.serviceHost }}{{else}}{{ .Values.frost.http.serviceHost }}{{end}}
+  {{- if or .Values.frost.mqtt.ingress.useSameAsHttp ( .Values.frost.mqtt.serviceHost | empty ) -}}
+    {{- printf "%s" .Values.frost.http.serviceHost -}}
+  {{- else -}}
+    {{- printf "%s" .Values.frost.mqtt.serviceHost -}}
+  {{- end -}}
 {{- end -}}
 
 {{/*
@@ -104,8 +110,16 @@ Get the MQTT TCP service EndPoint
 Get the default agic rewriteAnnotations for ingress.
 */}}
 {{- define "frost-server.ingress.rewriteAnnotation" -}}
-  {{- $myannotations := dict -}}  
-  {{- if eq .scope.ingress.ingressProvider "agic" -}} {{/* Set annotations for ingress of type azure agic */}}
+  {{- $myannotations := dict -}} 
+  {{- $ingressProvider := "default" -}} 
+  {{- if and .scope.ingress.ingressProvider ( not .combine ) -}}
+    {{- $ingressProvider = .scope.ingress.ingressProvider -}}
+  {{- else if .combine -}}
+    {{- if .combine.ingress.ingressProvider -}}
+      {{- $ingressProvider = .combine.ingress.ingressProvider -}}
+    {{- end -}}
+  {{- end -}}
+  {{- if eq $ingressProvider "agic" -}} {{/* Set annotations for ingress of type azure agic */}}
     {{- if .scope.ingress.tls.enabled -}}
       {{- $_ := set $myannotations "appgw.ingress.kubernetes.io/ssl-redirect" "true" -}}
     {{- end -}}
@@ -114,25 +128,43 @@ Get the default agic rewriteAnnotations for ingress.
       {{/* put here default annotations for http-service */}}
     {{- else if eq .type "mqtt" -}}
       {{/* put here default annotations for mqtt-service */}}
+      {{/* AGIV seems to be (out of the box) able to handle websocket without additional annotations*/}}
     {{- end -}}
-  {{- else if eq .scope.ingress.ingressProvider "traefik" -}} {{/* Set annotations for ingress of type traefik */}}
+  {{- else if eq $ingressProvider "traefik" -}} {{/* Set annotations for ingress of type traefik */}}
     {{- if .scope.ingress.tls.enabled -}}
       {{- $_ := set $myannotations "traefik.ingress.kubernetes.io/router.tls" "true" -}}
     {{- end -}}
     {{- if eq .type "http" -}}
       {{/* put here default annotations for http-service */}}
     {{- else if eq .type "mqtt" -}}
       {{/* put here default annotations for mqtt-service */}}
+      {{/* TRAEFIK seems to be (out of the box) able to handle websockets without additional annotations*/}}
+    {{- end -}}
+  {{- else if eq $ingressProvider "nginx-nginx" -}} {{/* Set annotations for ingress of type nginx.nginx */}}
+    {{- if .scope.ingress.tls.enabled -}}
+      {{- $_ := set $myannotations "nginx.ingress.kubernetes.io/ssl-redirect" "true" -}}
+    {{- end -}}
+    {{- if eq .type "http" -}}
+      {{- $_ := set $myannotations "nginx.org/rewrites" (printf "serviceName=%s rewrite=/FROST-Server" .fullName ) -}}
+      {{- $_ := set $myannotations "nginx.org/proxy-set-headers" (printf "X-Forwarded-Path: %s" .path ) -}}
+      {{/* put here default annotations for http-service */}}
+    {{- else if eq .type "mqtt" -}}
+      {{- $_ := set $myannotations "nginx.org/websocket-services" .fullName -}}
+      {{- $_ := set $myannotations "nginx.org/location-snippets" (printf "proxy_cache_bypass $http_upgrade" ) -}}
+      {{- $_ := set $myannotations "nginx.org/proxy-read-timeout" "3600" -}}
+      {{- $_ := set $myannotations "nginx.org/proxy-send-timeout" "3600" -}}
+      {{/* put here default annotations for mqtt-service */}}
     {{- end -}}
-  {{- else if eq .scope.ingress.ingressProvider "nginx" -}} {{/* Set annotations for ingress of type kubernetes.nginx */}}
+  {{- else if or (eq $ingressProvider "kubernetes-nginx") (eq $ingressProvider "default") -}} {{/* Set annotations for ingress of type kubernetes.nginx */}}
     {{- if .scope.ingress.tls.enabled -}}
       {{- $_ := set $myannotations "nginx.ingress.kubernetes.io/ssl-redirect" "true" -}}
     {{- end -}}
     {{- if eq .type "http" -}}
       {{- $_ := set $myannotations "nginx.ingress.kubernetes.io/rewrite-target" "/FROST-Server/$1" -}}
       {{/* put here default annotations for http-service */}}
     {{- else if eq .type "mqtt" -}}
-      {{- $_ := set $myannotations "nginx.mqtt.hamel.test" "true" -}}
+      {{- $_ := set $myannotations "nginx.ingress.kubernetes.io/proxy-read-timeout" "3600" -}}
+      {{- $_ := set $myannotations "nginx.ingress.kubernetes.io/proxy-send-timeout" "3600" -}}
       {{/* put here default annotations for mqtt-service */}}
     {{- end -}}
   {{- end -}}

helm/frost-server/templates/http-ingress.yaml

@@ -1,10 +1,13 @@
 {{- if .Values.frost.http.ingress.enabled -}}
 {{- $tier := "http" -}}
-{{- $fullName := include "frost-server.fullName" (merge (dict "tier" $tier) .) -}}
-{{- $defaultRewriteAnnotations := include "frost-server.ingress.rewriteAnnotation" (dict "scope" .Values.frost.http "type" "http") -}}
-{{- if and .Values.frost.http.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+{{- $fullName := include "frost-server.fullName" (merge (dict "tier" $tier "merge" .Values.frost.mqtt.ingress.useSameAsHttp ) .) -}}
+{{- $defaultRewriteAnnotations := include "frost-server.ingress.rewriteAnnotation" (dict "scope" .Values.frost.http "type" $tier "fullName" $fullName "path" ( include "frost-server.http.serviceSubPath" . ) ) -}}
+{{- /*BEGIN Predefine empty variables*/ -}}
+{{- $annotations := dict -}}
+{{- /*END Predefine empty variables*/ -}}
+{{- if and .Values.frost.http.ingress.ingressClassName (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
   {{- if not (hasKey .Values.frost.http.ingress.annotations "kubernetes.io/ingress.class") }}
-  {{- $_ := set .Values.frost.http.ingress.annotations "kubernetes.io/ingress.class" .Values.frost.http.ingress.className}}
+  {{- $_ := set .Values.frost.http.ingress.annotations "kubernetes.io/ingress.class" .Values.frost.http.ingress.ingressClassName}}
   {{- end }}
 {{- end }}
 {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
@@ -18,31 +21,32 @@ kind: Ingress
 metadata:
   name: {{ $fullName }}
   namespace: {{ .Release.Namespace }}
-  {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.frost.http.ingress.annotations $defaultRewriteAnnotations ) "context" . ) }}
+  {{- $annotations = include "common.tplvalues.merge" ( dict "values" ( list .Values.frost.http.ingress.annotations $defaultRewriteAnnotations ) "context" . ) }}
   annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+  {{- if .Values.frost.mqtt.ingress.useSameAsHttp }}
+    nginx.org/mergeable-ingress-type: "minion"
+  {{- end }}
   labels:
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     helm.sh/chart: {{ include "frost-server.chart" . }}
     app: {{ include "frost-server.name" . }}
     component: {{ $tier }}
 spec:
-  {{- if and .Values.frost.http.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
-  ingressClassName: {{ .Values.frost.http.ingress.className }}
+  {{- if and .Values.frost.http.ingress.ingressClassName (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.frost.http.ingress.ingressClassName }}
   {{- end }}
-  {{- if .Values.frost.http.ingress.tls.enabled }}
+  {{- if and .Values.frost.http.ingress.tls.enabled (not .Values.frost.mqtt.ingress.useSameAsHttp)}}
   tls:
     - hosts: 
         - {{ include "frost-server.http.serviceHost" . }}
-    {{- if .Values.frost.http.ingress.tls.secretName }}
       secretName: {{ .Values.frost.http.ingress.tls.secretName }}
-    {{- end -}}
   {{- end }}
   rules:
   - host: {{ include "frost-server.http.serviceHost" . }}
     http:
       paths:
-      - path:  {{ template "frost-server.http.serviceSubPath" . }}
+      - path: {{ template "frost-server.http.serviceSubPath" . }}
         pathType: Prefix
         backend:
           service:

helm/frost-server/templates/master-ingress.yaml

@@ -0,0 +1,45 @@
+{{- if and .Values.frost.http.ingress.enabled .Values.frost.mqtt.ingress.useSameAsHttp -}}
+{{- $tier := "master" -}}
+{{- $fullName := include "frost-server.fullName" (merge (dict "tier" $tier) .) -}}
+{{- $defaultRewriteAnnotations := include "frost-server.ingress.rewriteAnnotation" (dict "scope" .Values.frost.http "type" $tier "fullName" $fullName "path" ( include "frost-server.http.serviceSubPath" . ) ) -}}
+{{- /*BEGIN Predefine empty variables*/ -}}
+{{- $annotations := dict -}}
+{{- /*END Predefine empty variables*/ -}}
+{{- if and .Values.frost.http.ingress.ingressClassName (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.frost.http.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.frost.http.ingress.annotations "kubernetes.io/ingress.class" .Values.frost.http.ingress.ingressClassName}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  namespace: {{ .Release.Namespace }}
+  {{- $annotations = include "common.tplvalues.merge" ( dict "values" ( list .Values.frost.http.ingress.annotations $defaultRewriteAnnotations ) "context" . ) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+    nginx.org/mergeable-ingress-type: "master"
+  labels:
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    helm.sh/chart: {{ include "frost-server.chart" . }}
+    app: {{ include "frost-server.name" . }}
+    component: {{ $tier }}
+spec:
+  {{- if and .Values.frost.http.ingress.ingressClassName (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.frost.http.ingress.ingressClassName }}
+  {{- end }}
+  {{- if .Values.frost.http.ingress.tls.enabled }}
+  tls:
+    - hosts: 
+        - {{ include "frost-server.http.serviceHost" . }}
+      secretName: {{ .Values.frost.http.ingress.tls.secretName }}
+  {{- end }}
+  rules:
+  - host: {{ include "frost-server.http.serviceHost" . }}
+{{- end -}}

helm/frost-server/templates/mqtt-ingress.yaml

@@ -1,10 +1,14 @@
-{{- if .Values.frost.mqtt.ingress.enabled -}}
+{{- if and .Values.frost.mqtt.ingress.enabled -}}
 {{- $tier := "mqtt" -}}
-{{- $fullName := include "frost-server.fullName" (merge (dict "tier" $tier) .) -}}
-{{- $defaultRewriteAnnotations := include "frost-server.ingress.rewriteAnnotation" (dict "scope" .Values.frost.mqtt "type" "mqtt") -}}
-{{- if and .Values.frost.mqtt.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+{{- $fullName := include "frost-server.fullName" (merge (dict "tier" $tier "merge" .Values.frost.mqtt.ingress.useSameAsHttp ) .) -}}
+{{- $combine := false -}}
+{{- if .Values.frost.mqtt.ingress.useSameAsHttp -}}
+  {{- $combine = .Values.frost.http -}}
+{{- end -}}
+{{- $defaultRewriteAnnotations := include "frost-server.ingress.rewriteAnnotation" (dict "scope" .Values.frost.mqtt "type" $tier "fullName" $fullName "path" ( include "frost-server.mqtt.websockPath" . ) "combine"  $combine ) -}}
+{{- if and .Values.frost.mqtt.ingress.ingressClassName (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
   {{- if not (hasKey .Values.frost.mqtt.ingress.annotations "kubernetes.io/ingress.class") }}
-  {{- $_ := set .Values.frost.mqtt.ingress.annotations "kubernetes.io/ingress.class" .Values.frost.mqtt.ingress.className}}
+  {{- $_ := set .Values.frost.mqtt.ingress.annotations "kubernetes.io/ingress.class" .Values.frost.mqtt.ingress.ingressClassName}}
   {{- end }}
 {{- end }}
 {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
@@ -17,22 +21,36 @@ apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
   name: {{ $fullName }}
-  {{- if not (hasKey .Values.frost.mqtt.ingress.annotations "nginx.org/websocket-services") -}}
-  {{- $_ := set .Values.frost.mqtt.ingress.annotations "nginx.org/websocket-services" $fullName -}}
-  {{- end -}}
   {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.frost.mqtt.ingress.annotations $defaultRewriteAnnotations ) "context" . ) }}
   annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+  {{- if .Values.frost.mqtt.ingress.useSameAsHttp }}
+    nginx.org/mergeable-ingress-type: "minion"
+  {{- end }}
+  {{- /*Following annotation can't be described in the _helpers.tpl, so actually it has to stay here*/ -}}
+  {{- if and (not .Values.frost.mqtt.ingress.useSameAsHttp) (or (eq .Values.frost.mqtt.ingress.ingressProvider "kubernetes-nginx") (not .Values.frost.mqtt.ingress.ingressProvider)) }}
+    nginx.ingress.kubernetes.io/server-snippets: |
+        location {{ template "frost-server.mqtt.websockPath" . }} {
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_http_version 1.1;
+          proxy_set_header X-Forwarded-Host $http_host;
+          proxy_set_header X-Forwarded-Proto $scheme;
+          proxy_set_header X-Forwarded-For $remote_addr;
+          proxy_set_header Host $host;
+          proxy_set_header Connection "upgrade";
+          proxy_cache_bypass $http_upgrade;
+        }
+  {{- end }}
   labels:
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     helm.sh/chart: {{ include "frost-server.chart" . }}
     app: {{ include "frost-server.name" . }}
     component: {{ $tier }}
 spec:
-  {{- if and .Values.frost.mqtt.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
-  ingressClassName: {{ .Values.frost.mqtt.ingress.className | default "nginx" }}
+  {{- if and .Values.frost.mqtt.ingress.ingressClassName (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.frost.mqtt.ingress.ingressClassName | default "nginx" }}
   {{- end }}
-  {{- if .Values.frost.mqtt.ingress.tls.enabled }}
+  {{- if and .Values.frost.mqtt.ingress.tls.enabled (not .Values.frost.mqtt.ingress.useSameAsHttp) }}
   tls:
     - hosts:
         - {{ include "frost-server.mqtt.serviceHost" . }}

helm/frost-server/values.yaml

@@ -75,7 +75,7 @@ frost:
       enable:
 
   auth:
-    provider:
+    provider: 
     allowAnonymousRead: false
     authenticateOnly:
     role:
@@ -126,18 +126,19 @@ frost:
         nodePort:
         servicePort: 80
     ingress:
-      enabled: true      
+      enabled: true     
       ## Set a specific ingress-class for the ingress ([default] not set)
-      # className: nginx-hamel
-      ## Defines the type of ingress-Controller in use (nginx [default], agic ) 
-      # ingressProvider: agic
+      ingressClassName: regioit-private-ingress
+      ## Defines the type of ingress-Controller in use (kubernetes-nginx [default], nginx-nginx, agic, none ) 
+      ## Use "none" to disable render predefined annotations for this service
+      ingressProvider: "nginx-nginx"
       ## Additional annotations
-      # annotations:
-      #   cert-manager.io/cluster-issuer: letsencrypt
-      #   cert-manager.io/issue-temporary-certificate: "true"
+      annotations:
+        cert-manager.io/cluster-issuer: letsencrypt
+        cert-manager.io/issue-temporary-certificate: "true"
       tls:
-        enabled: false
-        secretName: []
+        enabled: true
+        secretName: hamel-test-frost-server-http-tls
 
     # FROST-Server HTTP deployment resource option. An empty resources field will default to the limits of the namespace.
     resources:
@@ -160,8 +161,8 @@ frost:
     securityContext:
 
     # FROST-Server HTTP business settings
-    serviceHost: frost-server
-    urlSubPath: ""
+    serviceHost: frost.hameltest.intern.cnaphci.regioit.cloud
+    urlSubPath: "meinFrost"
     serviceProtocol: http
     servicePort:
     defaultCount: false
@@ -245,23 +246,25 @@ frost:
         message_size: 8092
 
     ingress:
-      enabled: true      
+      enabled: true
+      ## Set to true to use the same ingress as the HTTP service, otherwise set to false
+      ## no dedicated ingress will be created for the MQTT service
+      useSameAsHttp: false
       ## Set a specific ingress-class for the ingress ([default] not set)
-      # className: azure-application-gateway
-      ## Defines the type of ingress-Controller in use (nginx [default], agic or traefik) 
-      # ingressProvider: agic
+      ingressClassName: regioit-private-ingress
+      ## Defines the type of ingress-Controller in use (kubernetes-nginx [default], nginx-nginx, agic, none) 
+      ## Use "none" to disable render predefined annotations for this service
+      ingressProvider: "nginx-nginx"
       ## Additional annotations
       annotations:
-        nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
-        nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
-        # cert-manager.io/cluster-issuer: letsencrypt
-        # cert-manager.io/issue-temporary-certificate: "true"
+        cert-manager.io/cluster-issuer: letsencrypt
+        cert-manager.io/issue-temporary-certificate: "true"
       tls:
-        enabled: false
-        secretName: []
+        enabled: true
+        secretName: hamel-test-frost-server-mqtt-tls
 
     # FROST-Server MQTT business settings
-    serviceHost: "" # default URI is the same then frost.http.serviceHost"
+    serviceHost: "mqtt.hameltest.intern.cnaphci.regioit.cloud" # default URI is the same then frost.http.serviceHost"
     urlSubPath: "" # default is mqtt 
     serviceProtocol: http
     qos: 2