From 322ea942428a3df1e5e2a50132628c889802d145 Mon Sep 17 00:00:00 2001 From: Vivek Singh Date: Sun, 28 Jun 2020 19:55:20 +0530 Subject: [PATCH] Create openfaas ingress operator chart Signed-off-by: Vivek Singh --- chart/ingress-operator/.helmignore | 22 ++++++++ chart/ingress-operator/Chart.yaml | 18 +++++++ chart/ingress-operator/README.md | 54 +++++++++++++++++++ chart/ingress-operator/development.md | 0 chart/ingress-operator/templates/NOTES.txt | 1 + chart/ingress-operator/templates/_helpers.tpl | 20 +++++++ .../templates/ingress-operator-crd.yaml | 24 +++++---- .../templates/ingress-operator-dep.yaml | 13 +++-- .../templates/ingress-operator-rbac.yaml | 2 +- chart/ingress-operator/values.yaml | 16 ++++++ chart/openfaas/README.md | 4 -- chart/openfaas/values-arm64.yaml | 3 -- chart/openfaas/values-armhf.yaml | 3 -- chart/openfaas/values.yaml | 48 +++++++---------- 14 files changed, 171 insertions(+), 57 deletions(-) create mode 100644 chart/ingress-operator/.helmignore create mode 100644 chart/ingress-operator/Chart.yaml create mode 100644 chart/ingress-operator/README.md create mode 100644 chart/ingress-operator/development.md create mode 100644 chart/ingress-operator/templates/NOTES.txt create mode 100644 chart/ingress-operator/templates/_helpers.tpl rename chart/{openfaas => ingress-operator}/templates/ingress-operator-crd.yaml (78%) rename chart/{openfaas => ingress-operator}/templates/ingress-operator-dep.yaml (67%) rename chart/{openfaas => ingress-operator}/templates/ingress-operator-rbac.yaml (97%) create mode 100644 chart/ingress-operator/values.yaml diff --git a/chart/ingress-operator/.helmignore b/chart/ingress-operator/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/chart/ingress-operator/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/chart/ingress-operator/Chart.yaml b/chart/ingress-operator/Chart.yaml new file mode 100644 index 000000000..3396059fe --- /dev/null +++ b/chart/ingress-operator/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +description: Get custom domains and TLS for your OpenFaaS Functions through the FunctionIngress CRD +name: ingress-operator +version: 0.1.0 +sources: + - https://github.com/openfaas-incubator/ingress-operator +home: https://www.openfaas.com +icon: https://raw.githubusercontent.com/openfaas/media/master/OpenFaaS_logo_stacked_opaque.png +keywords: + - functions + - service + - ingress + - openfaas +maintainers: + - name: alexellis + email: alex@openfaas.com + - name: viveksyngh + email: vivekkmr45@yahoo.in diff --git a/chart/ingress-operator/README.md b/chart/ingress-operator/README.md new file mode 100644 index 000000000..7f84ea555 --- /dev/null +++ b/chart/ingress-operator/README.md @@ -0,0 +1,54 @@ +# OpenFaaS Ingress Operator + +The [Ingress operator](https://github.com/openfaas-incubator/ingress-operator) gets custom domains and TLS for your OpenFaaS Functions through the FunctionIngress CRD +## Prerequisites + +- Install OpenFaaS + + You must have a working OpenFaaS installation. You can find [instructions in the docs](https://docs.openfaas.com/deployment/kubernetes/#pick-helm-or-yaml-files-for-deployment-a-or-b), including instructions to also install OpenFaaS via Helm. + + +## Install the Chart + +- Add the OpenFaaS chart repo and deploy the `ingress-operator` chart. We recommend installing it in the same namespace as the rest of OpenFaaS + +```sh +$ helm repo add openfaas https://openfaas.github.io/faas-netes/ +$ helm upgrade ingress-operator openfaas/ingress-operator \ + --install \ + --namespace openfaas +``` + +> The above command will also update your helm repo to pull in any new releases. + +## Configuration + +Additional ingress-operator options in `values.yaml`. + +| Parameter | Description | Default | +| ------------------------ | -------------------------------------------------------------------------------------- | ------------------------------ | +| `create` | Create the ingress-operator component | `false` | +| `replicas` | Replicas of the ingress-operator| `1` | +| `image` | Container image used in ingress-operator| `openfaas/ingress-operator:0.6.2` | +| `resources` | Limits and requests for memory and CPU usage | Memory Requests: 25Mi | +| `imagePullPolicy` | Image Pull Policy | `Always` | +| `functionNamespace` | Namespace for functions | `openfaas-fn` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. +See values.yaml for detailed configuration. + +## Removing the ingress-operator + +All control plane components can be cleaned up with helm: + +For Helm 2 + +```sh +$ helm delete --purge ingress-operator +``` + +For Helm 3 + +```sh +$ helm uninstall ingress-operator +``` \ No newline at end of file diff --git a/chart/ingress-operator/development.md b/chart/ingress-operator/development.md new file mode 100644 index 000000000..e69de29bb diff --git a/chart/ingress-operator/templates/NOTES.txt b/chart/ingress-operator/templates/NOTES.txt new file mode 100644 index 000000000..b86ff0655 --- /dev/null +++ b/chart/ingress-operator/templates/NOTES.txt @@ -0,0 +1 @@ +Thanks for installing ingress-operator. Please follow the instructions below to get you started. diff --git a/chart/ingress-operator/templates/_helpers.tpl b/chart/ingress-operator/templates/_helpers.tpl new file mode 100644 index 000000000..28810ad13 --- /dev/null +++ b/chart/ingress-operator/templates/_helpers.tpl @@ -0,0 +1,20 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "openfaas.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "openfaas.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} diff --git a/chart/openfaas/templates/ingress-operator-crd.yaml b/chart/ingress-operator/templates/ingress-operator-crd.yaml similarity index 78% rename from chart/openfaas/templates/ingress-operator-crd.yaml rename to chart/ingress-operator/templates/ingress-operator-crd.yaml index 2e9c3d304..d2032bd1c 100644 --- a/chart/openfaas/templates/ingress-operator-crd.yaml +++ b/chart/ingress-operator/templates/ingress-operator-crd.yaml @@ -1,4 +1,3 @@ -{{- if .Values.ingressOperator.create }} apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: @@ -18,23 +17,27 @@ spec: description: FunctionIngress describes an OpenFaaS function properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation + description: + "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: string kind: - description: 'Kind is a string value representing the REST resource this + description: + "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: string metadata: type: object spec: - description: FunctionIngressSpec is the spec for a FunctionIngress resource. + description: + FunctionIngressSpec is the spec for a FunctionIngress resource. It must be created in the same namespace as the gateway, i.e. openfaas. properties: bypassGateway: - description: BypassGateway, when true creates an Ingress record directly + description: + BypassGateway, when true creates an Ingress record directly for the Function name without using the gateway in the hot path type: boolean domain: @@ -47,7 +50,8 @@ spec: description: IngressType such as "nginx" type: string path: - description: Path such as "/v1/profiles/view/(.*)", or leave empty for + description: + Path such as "/v1/profiles/view/(.*)", or leave empty for default type: string tls: @@ -56,7 +60,8 @@ spec: enabled: type: boolean issuerRef: - description: ObjectReference is a reference to an object with a + description: + ObjectReference is a reference to an object with a given name and kind. properties: kind: @@ -83,4 +88,3 @@ spec: - name: v1alpha2 served: true storage: true -{{- end }} diff --git a/chart/openfaas/templates/ingress-operator-dep.yaml b/chart/ingress-operator/templates/ingress-operator-dep.yaml similarity index 67% rename from chart/openfaas/templates/ingress-operator-dep.yaml rename to chart/ingress-operator/templates/ingress-operator-dep.yaml index 0b4fb9614..0a368f33c 100644 --- a/chart/openfaas/templates/ingress-operator-dep.yaml +++ b/chart/ingress-operator/templates/ingress-operator-dep.yaml @@ -1,5 +1,4 @@ -{{- $functionNs := default .Release.Namespace .Values.functionNamespace }} -{{- if .Values.ingressOperator.create }} +{{- if .Values.create }} apiVersion: apps/v1 kind: Deployment metadata: @@ -12,7 +11,7 @@ metadata: name: ingress-operator namespace: {{ .Release.Namespace | quote }} spec: - replicas: {{ .Values.ingressOperator.replicas }} + replicas: {{ .Values.replicas }} selector: matchLabels: app: ingress-operator @@ -27,15 +26,15 @@ spec: containers: - name: operator resources: - {{- .Values.ingressOperator.resources | toYaml | nindent 10 }} - image: {{ .Values.ingressOperator.image }} - imagePullPolicy: {{ .Values.openfaasImagePullPolicy }} + {{- .Values.resources | toYaml | nindent 10 }} + image: {{ .Values.image }} + imagePullPolicy: {{ .Values.imagePullPolicy }} command: - ./ingress-operator - -logtostderr env: - name: function_namespace - value: {{ $functionNs | quote }} + value: {{ .Values.functionNamespace | quote }} - name: ingress_namespace value: {{ .Release.Namespace | quote }} {{- end }} diff --git a/chart/openfaas/templates/ingress-operator-rbac.yaml b/chart/ingress-operator/templates/ingress-operator-rbac.yaml similarity index 97% rename from chart/openfaas/templates/ingress-operator-rbac.yaml rename to chart/ingress-operator/templates/ingress-operator-rbac.yaml index c25f6f4d9..bea643516 100644 --- a/chart/openfaas/templates/ingress-operator-rbac.yaml +++ b/chart/ingress-operator/templates/ingress-operator-rbac.yaml @@ -1,4 +1,4 @@ -{{- if .Values.ingressOperator.create }} +{{- if .Values.create }} --- apiVersion: v1 kind: ServiceAccount diff --git a/chart/ingress-operator/values.yaml b/chart/ingress-operator/values.yaml new file mode 100644 index 000000000..6c14ada84 --- /dev/null +++ b/chart/ingress-operator/values.yaml @@ -0,0 +1,16 @@ +# https://github.com/openfaas-incubator/ingress-operator +image: openfaas/ingress-operator:0.6.2 + +replicas: 1 + +create: false + +imagePullPolicy: "Always" + +functionNamespace: "openfaas-fn" + +rbac: true + +resources: + requests: + memory: "25Mi" diff --git a/chart/openfaas/README.md b/chart/openfaas/README.md index c321f1e0c..f37ac4f51 100644 --- a/chart/openfaas/README.md +++ b/chart/openfaas/README.md @@ -380,10 +380,6 @@ Additional OpenFaaS options in `values.yaml`. | `operator.createCRD` | Create the CRD for OpenFaaS Function definition | `true` | | `ingress.enabled` | Create ingress resources | `false` | | `faasnetes.httpProbe` | Use a httpProbe instead of exec | `false` | -| `ingressOperator.create` | Create the ingress-operator component | `false` | -| `ingressOperator.replicas` | Replicas of the ingress-operator| `1` | -| `ingressOperator.image` | Container image used in ingress-operator| `openfaas/ingress-operator:0.6.2` | -| `ingressOperator.resources` | Limits and requests for memory and CPU usage | Memory Requests: 25Mi | | `faasnetes.readTimeout` | Queue worker read timeout | `60s` | | `faasnetes.writeTimeout` | Queue worker write timeout | `60s` | | `faasnetes.imagePullPolicy` | Image pull policy for deployed functions | `Always` | diff --git a/chart/openfaas/values-arm64.yaml b/chart/openfaas/values-arm64.yaml index b3ce9b606..e757a2048 100644 --- a/chart/openfaas/values-arm64.yaml +++ b/chart/openfaas/values-arm64.yaml @@ -36,9 +36,6 @@ basicAuthPlugin: image: openfaas/basic-auth-plugin:0.18.17-arm64 replicas: 1 -ingressOperator: - create: false - # Unfortunately the exporter is not multi-arch (yet) nats: metrics: diff --git a/chart/openfaas/values-armhf.yaml b/chart/openfaas/values-armhf.yaml index e7e8731fe..89beee1d1 100644 --- a/chart/openfaas/values-armhf.yaml +++ b/chart/openfaas/values-armhf.yaml @@ -36,9 +36,6 @@ basicAuthPlugin: image: openfaas/basic-auth-plugin:0.18.17-armhf replicas: 0 -ingressOperator: - create: false - # Unfortunately the exporter is not multi-arch (yet) nats: metrics: diff --git a/chart/openfaas/values.yaml b/chart/openfaas/values.yaml index d5170f1a9..0b0d83246 100644 --- a/chart/openfaas/values.yaml +++ b/chart/openfaas/values.yaml @@ -1,12 +1,12 @@ -functionNamespace: openfaas-fn # Default namespace for functions +functionNamespace: openfaas-fn # Default namespace for functions async: true exposeServices: true serviceType: NodePort -httpProbe: true # Setting to true will use HTTP for readiness and liveness probe on the OpenFaaS system Pods (incompatible with Istio < 1.1.5) +httpProbe: true # Setting to true will use HTTP for readiness and liveness probe on the OpenFaaS system Pods (incompatible with Istio < 1.1.5) rbac: true -clusterRole: false # Set to true to have OpenFaaS administrate multiple namespaces +clusterRole: false # Set to true to have OpenFaaS administrate multiple namespaces # create pod security policies for OpenFaaS control plane # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ @@ -23,9 +23,9 @@ gatewayExternal: gateway: image: openfaas/gateway:0.18.17 - readTimeout : "65s" - writeTimeout : "65s" - upstreamTimeout : "60s" # Must be smaller than read/write_timeout + readTimeout: "65s" + writeTimeout: "65s" + upstreamTimeout: "60s" # Must be smaller than read/write_timeout replicas: 1 scaleFromZero: true # change the port when creating multiple releases in the same baremetal cluster @@ -74,19 +74,19 @@ oauth2Plugin: faasnetes: image: openfaas/faas-netes:0.10.5 - readTimeout : "60s" - writeTimeout : "60s" - imagePullPolicy : "Always" # Image pull policy for deployed functions - httpProbe: true # Setting to true will use HTTP for readiness and liveness probe on Pods (incompatible with Istio < 1.1.5) + readTimeout: "60s" + writeTimeout: "60s" + imagePullPolicy: "Always" # Image pull policy for deployed functions + httpProbe: true # Setting to true will use HTTP for readiness and liveness probe on Pods (incompatible with Istio < 1.1.5) setNonRootUser: false readinessProbe: initialDelaySeconds: 2 - timeoutSeconds: 1 # Tuned-in to run checks early and quickly to support fast cold-start from zero replicas - periodSeconds: 2 # Reduce to 1 for a faster cold-start, increase higher for lower-CPU usage + timeoutSeconds: 1 # Tuned-in to run checks early and quickly to support fast cold-start from zero replicas + periodSeconds: 2 # Reduce to 1 for a faster cold-start, increase higher for lower-CPU usage livenessProbe: initialDelaySeconds: 2 timeoutSeconds: 1 - periodSeconds: 2 # Reduce to 1 for a faster cold-start, increase higher for lower-CPU usage + periodSeconds: 2 # Reduce to 1 for a faster cold-start, increase higher for lower-CPU usage resources: requests: memory: "120Mi" @@ -112,7 +112,7 @@ queueWorker: maxInflight: 1 gatewayInvoke: true queueGroup: "faas" - ackWait : "60s" + ackWait: "60s" resources: requests: memory: "120Mi" @@ -148,7 +148,7 @@ nats: enableMonitoring: false metrics: enabled: false - image: synadia/prometheus-nats-exporter:0.6.2 + image: synadia/prometheus-nats-exporter:0.6.2 resources: requests: memory: "120Mi" @@ -158,7 +158,7 @@ ingress: enabled: false # Used to create Ingress record (should be used with exposeServices: false). hosts: - - host: gateway.openfaas.local # Replace with gateway.example.com if public-facing + - host: gateway.openfaas.local # Replace with gateway.example.com if public-facing serviceName: gateway servicePort: 8080 path: / @@ -167,24 +167,14 @@ ingress: tls: # Secrets must be manually created in the namespace. -# ingressOperator (optional) – component to have specific FQDN and TLS for Functions -# https://github.com/openfaas-incubator/ingress-operator -ingressOperator: - image: openfaas/ingress-operator:0.6.2 - replicas: 1 - create: false - resources: - requests: - memory: "25Mi" - # faas-idler configuration faasIdler: image: openfaas/faas-idler:0.3.0 replicas: 1 create: true - inactivityDuration: 30m # If a function is inactive for 15 minutes, it may be scaled to zero - reconcileInterval: 2m # The interval between each attempt to scale functions to zero - dryRun: true # Set to false to enable the idler to apply changes and scale to zero + inactivityDuration: 30m # If a function is inactive for 15 minutes, it may be scaled to zero + reconcileInterval: 2m # The interval between each attempt to scale functions to zero + dryRun: true # Set to false to enable the idler to apply changes and scale to zero resources: requests: memory: "64Mi"