From 00792cd545715fa165333714532d3e8ea6d7d04a Mon Sep 17 00:00:00 2001 From: John Matthews Date: Wed, 26 Apr 2023 06:29:33 -0400 Subject: [PATCH] :sparkles: Support for Amazon Load Balancer Ingress controller (#197) Fixes #184 Fixes #167 (confirmed working with `feature_auth_required: true`) Relates to #170 These changes allow us to deploy Konveyor onto an Amazon EKS cluster that uses the Amazon recommended Amazon Load Balancer ingress opposed to 'nginx'. I deployed the EKS cluster for testing using this newly developed automation: https://github.com/konveyor/hack_env_helpers/tree/main/aws/eks I captured notes while exploring ALB Ingress here for debugging purposes: https://gist.github.com/jwmatthews/d492a4944c83dc3f2d016187d53d13b2 --------- Signed-off-by: John Matthews --- hack/install-tackle.sh | 1 + roles/tackle/defaults/main.yml | 6 ++++++ roles/tackle/tasks/main.yml | 1 + roles/tackle/templates/ingress-ui.yml.j2 | 14 +++++++++++++- tools/tackle-opdev.sh | 2 +- 5 files changed, 22 insertions(+), 2 deletions(-) diff --git a/hack/install-tackle.sh b/hack/install-tackle.sh index 0711e5f..37dc59a 100755 --- a/hack/install-tackle.sh +++ b/hack/install-tackle.sh @@ -66,6 +66,7 @@ spec: source: konveyor-tackle sourceNamespace: konveyor-tackle EOF +# If on MacOS, need to install `brew install coreutils` to get `timeout` timeout 600s bash -c 'until kubectl get customresourcedefinitions.apiextensions.k8s.io tackles.tackle.konveyor.io; do sleep 30; done' # Create, and wait for, tackle diff --git a/roles/tackle/defaults/main.yml b/roles/tackle/defaults/main.yml index 023c6ad..49bfd2a 100644 --- a/roles/tackle/defaults/main.yml +++ b/roles/tackle/defaults/main.yml @@ -147,6 +147,8 @@ ui_container_limits_memory: "800Mi" ui_container_requests_cpu: "100m" ui_container_requests_memory: "350Mi" ui_ingress_name: "{{ app_name }}" +# Ingress class names of "nginx" and "alb" are expected +ui_ingress_class_name: "nginx" ui_ingress_proxy_body_size: "500m" ui_route_name: "{{ app_name }}" ui_tls_enabled: false @@ -156,6 +158,10 @@ ui_proto: "{{ 'https' if ui_tls_enabled | bool else 'http' }}" ui_node_extra_ca_certs: "/opt/app-root/src/ca.crt" ui_route_tls_termination: "edge" ui_route_tls_insecure_termination_policy: "Redirect" +# ui_ingress_path_type should only be defined if you need to override +# the default value for the ingress controller you are using +# ui_ingress_path_type: + oauth_provider: openshift oauth_default_openshift_sar: --openshift-sar={"namespace":"{{ app_namespace }}","resource":"services","resourceName":"{{ ui_service_name }}","verb":"get"} diff --git a/roles/tackle/tasks/main.yml b/roles/tackle/tasks/main.yml index f695d45..2253e3f 100644 --- a/roles/tackle/tasks/main.yml +++ b/roles/tackle/tasks/main.yml @@ -427,6 +427,7 @@ k8s: state: present definition: "{{ lookup('template', 'ingress-ui.yml.j2') }}" + merge_type: merge when: not openshift_cluster|bool - name: "Setup UI Route" diff --git a/roles/tackle/templates/ingress-ui.yml.j2 b/roles/tackle/templates/ingress-ui.yml.j2 index 0904a88..35d5caf 100644 --- a/roles/tackle/templates/ingress-ui.yml.j2 +++ b/roles/tackle/templates/ingress-ui.yml.j2 @@ -3,7 +3,12 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: +{% if ui_ingress_class_name == 'nginx' %} nginx.ingress.kubernetes.io/proxy-body-size: {{ ui_ingress_proxy_body_size }} +{% elif ui_ingress_class_name == 'alb' %} + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/scheme: internet-facing +{% endif %} name: {{ ui_ingress_name }} namespace: {{ app_namespace }} labels: @@ -12,14 +17,21 @@ metadata: app.kubernetes.io/part-of: {{ app_name }} app: {{ app_name }} spec: - ingressClassName: nginx + ingressClassName: {{ ui_ingress_class_name }} + tls: - {} rules: - http: paths: - path: / +{% if ui_ingress_path_type is defined %} + pathType: {{ ui_ingress_path_type }} +{% elif ui_ingress_class_name == 'alb' %} + pathType: Prefix +{% else %} pathType: ImplementationSpecific +{% endif %} backend: service: name: {{ ui_service_name }} diff --git a/tools/tackle-opdev.sh b/tools/tackle-opdev.sh index 4c2af1e..2706e0e 100755 --- a/tools/tackle-opdev.sh +++ b/tools/tackle-opdev.sh @@ -13,7 +13,7 @@ INDEX_REPO="tackle2-operator-index" CATALOG_NS="konveyor-tackle" PROJECT_NS="konveyor-tackle" TAG="latest" -NAME="Tackle" +NAME="Konveyor" function usage () {