Last active
January 22, 2019 16:24
-
-
Save so0k/2cb93c405cf05fcb8ecb73fa665efbd0 to your computer and use it in GitHub Desktop.
Dual Contour Ingress configuration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: heptio-contour | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: envoy-external | |
| namespace: heptio-contour | |
| annotations: | |
| service.beta.kubernetes.io/aws-load-balancer-type: nlb | |
| spec: | |
| externalTrafficPolicy: Local | |
| ports: | |
| - port: 80 | |
| name: http | |
| protocol: TCP | |
| - port: 443 | |
| name: https | |
| protocol: TCP | |
| selector: | |
| app: envoy-external | |
| type: LoadBalancer | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: contour-external | |
| namespace: heptio-contour | |
| spec: | |
| ports: | |
| - port: 8001 | |
| name: xds | |
| protocol: TCP | |
| targetPort: 8001 | |
| selector: | |
| app: contour-external | |
| type: ClusterIP | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: contour-external | |
| namespace: heptio-contour | |
| labels: | |
| app: contour-external | |
| spec: | |
| replicas: 2 | |
| selector: | |
| matchLabels: | |
| app: contour-external | |
| template: | |
| metadata: | |
| annotations: | |
| ad.datadoghq.com/contour.check_names: | | |
| [ | |
| "contour" | |
| ] | |
| ad.datadoghq.com/contour.init_configs: | | |
| [ | |
| {} | |
| ] | |
| ad.datadoghq.com/contour.instances: | | |
| [ | |
| { | |
| "stats_url": "http://%%host%%:8000/stats" | |
| } | |
| ] | |
| ad.datadoghq.com/contour.logs: | | |
| [ | |
| { | |
| "source":"contour", # used for pipeline filter | |
| "service":"ingress" # used for log exploration | |
| } | |
| ] | |
| labels: | |
| app: contour-external | |
| spec: | |
| affinity: | |
| podAntiAffinity: | |
| preferredDuringSchedulingIgnoredDuringExecution: | |
| - podAffinityTerm: | |
| labelSelector: | |
| matchLabels: | |
| app: contour-external | |
| topologyKey: kubernetes.io/hostname | |
| weight: 100 | |
| containers: | |
| - args: | |
| - serve | |
| - --incluster | |
| - --xds-address | |
| - 0.0.0.0 | |
| - --xds-port | |
| - $(CONTOUR_EXTERNAL_SERVICE_PORT) | |
| - --envoy-http-port | |
| - "80" | |
| - --envoy-https-port | |
| - "443" | |
| - --ingress-class-name=contour-external # only manage ingress.class=contour-external | |
| command: ["contour"] | |
| image: gcr.io/heptio-images/contour:v0.8.1 | |
| imagePullPolicy: Always | |
| name: contour | |
| ports: | |
| - containerPort: 8001 | |
| name: xds | |
| protocol: TCP | |
| - containerPort: 8000 | |
| name: debug | |
| protocol: TCP | |
| dnsPolicy: ClusterFirst | |
| serviceAccountName: contour | |
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: DaemonSet | |
| metadata: | |
| labels: | |
| app: envoy-external | |
| name: envoy-external | |
| namespace: heptio-contour | |
| spec: | |
| updateStrategy: | |
| type: RollingUpdate | |
| rollingUpdate: | |
| maxUnavailable: 10% | |
| selector: | |
| matchLabels: | |
| app: envoy-external | |
| template: | |
| metadata: | |
| annotations: | |
| ad.datadoghq.com/envoy.check_names: | | |
| [ | |
| "envoy" | |
| ] | |
| ad.datadoghq.com/envoy.init_configs: | | |
| [ | |
| {} | |
| ] | |
| ad.datadoghq.com/envoy.instances: | | |
| [ | |
| { | |
| "stats_url": "http://%%host%%:8002/stats" # Ensure internal and external statsports differ | |
| } | |
| ] | |
| ad.datadoghq.com/envoy.logs: | | |
| [ | |
| { | |
| "source":"envoy", # used for pipeline filter | |
| "service":"ingress" # used for log exploration | |
| } | |
| ] | |
| labels: | |
| app: envoy-external | |
| spec: | |
| containers: | |
| - env: | |
| - name: NODE_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: spec.nodeName | |
| args: | |
| - -c | |
| - /config/contour.yaml | |
| - --service-cluster | |
| - envoy-external-cluster | |
| - --service-node | |
| - $(NODE_NAME) | |
| command: | |
| - envoy | |
| image: docker.io/envoyproxy/envoy-alpine:v1.7.0 | |
| imagePullPolicy: IfNotPresent | |
| name: envoy | |
| ports: | |
| - containerPort: 80 | |
| hostPort: 80 | |
| name: http | |
| protocol: TCP | |
| - containerPort: 443 | |
| hostPort: 443 | |
| name: https | |
| protocol: TCP | |
| readinessProbe: | |
| httpGet: | |
| path: /healthz | |
| port: 8002 | |
| initialDelaySeconds: 3 | |
| periodSeconds: 3 | |
| volumeMounts: | |
| - name: contour-config | |
| mountPath: /config | |
| lifecycle: | |
| preStop: | |
| exec: | |
| command: ["wget", "-qO-", "http://localhost:9001/healthcheck/fail"] | |
| dnsPolicy: ClusterFirstWithHostNet | |
| hostNetwork: true | |
| initContainers: | |
| - args: | |
| - bootstrap | |
| - /config/contour.yaml | |
| - --xds-address | |
| - $(CONTOUR_EXTERNAL_SERVICE_HOST) | |
| - --xds-port | |
| - $(CONTOUR_EXTERNAL_SERVICE_PORT) | |
| - --stats-port # stats-port and admin-port on hostNetwork must not conflict with internal envoy | |
| - "8002" | |
| - --admin-port | |
| - "9001" | |
| command: | |
| - contour | |
| image: gcr.io/heptio-images/contour:v0.8.1 | |
| imagePullPolicy: Always | |
| name: envoy-initconfig | |
| volumeMounts: | |
| - name: contour-config | |
| mountPath: /config | |
| automountServiceAccountToken: false | |
| volumes: | |
| - name: contour-config | |
| emptyDir: {} | |
| restartPolicy: Always | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: envoy-internal | |
| namespace: heptio-contour | |
| annotations: | |
| service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 | |
| service.beta.kubernetes.io/aws-load-balancer-type: nlb | |
| spec: | |
| externalTrafficPolicy: Local | |
| ports: | |
| - port: 80 | |
| name: http | |
| protocol: TCP | |
| targetPort: 8080 | |
| - port: 443 | |
| name: https | |
| protocol: TCP | |
| targetPort: 8443 | |
| selector: | |
| app: envoy-internal | |
| type: LoadBalancer | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: contour-internal | |
| namespace: heptio-contour | |
| spec: | |
| ports: | |
| - port: 8001 | |
| name: xds | |
| protocol: TCP | |
| targetPort: 8001 | |
| selector: | |
| app: contour-internal | |
| type: ClusterIP | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: contour-internal | |
| namespace: heptio-contour | |
| labels: | |
| app: contour-internal | |
| spec: | |
| replicas: 2 | |
| selector: | |
| matchLabels: | |
| app: contour-internal | |
| template: | |
| metadata: | |
| annotations: | |
| ad.datadoghq.com/contour.check_names: | | |
| [ | |
| "contour" | |
| ] | |
| ad.datadoghq.com/contour.init_configs: | | |
| [ | |
| {} | |
| ] | |
| ad.datadoghq.com/contour.instances: | | |
| [ | |
| { | |
| "stats_url": "http://%%host%%:8000/stats" | |
| } | |
| ] | |
| ad.datadoghq.com/contour.logs: | | |
| [ | |
| { | |
| "source":"contour", # used for pipeline filter | |
| "service":"ingress" # used for log exploration | |
| } | |
| ] | |
| labels: | |
| app: contour-internal | |
| spec: | |
| affinity: | |
| podAntiAffinity: | |
| preferredDuringSchedulingIgnoredDuringExecution: | |
| - podAffinityTerm: | |
| labelSelector: | |
| matchLabels: | |
| app: contour-internal | |
| topologyKey: kubernetes.io/hostname | |
| weight: 100 | |
| containers: | |
| - args: | |
| - serve | |
| - --incluster | |
| - --xds-address | |
| - 0.0.0.0 | |
| - --xds-port | |
| - $(CONTOUR_INTERNAL_SERVICE_PORT) | |
| - --envoy-http-port | |
| - "8080" | |
| - --envoy-https-port | |
| - "8443" | |
| - --ingress-class-name=contour-internal # only manage ingress.class=contour-internal | |
| command: ["contour"] | |
| image: gcr.io/heptio-images/contour:v0.8.1 | |
| imagePullPolicy: Always | |
| name: contour | |
| ports: | |
| - containerPort: 8001 | |
| name: xds | |
| protocol: TCP | |
| - containerPort: 8000 | |
| name: debug | |
| protocol: TCP | |
| dnsPolicy: ClusterFirst | |
| serviceAccountName: contour | |
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: DaemonSet | |
| metadata: | |
| labels: | |
| app: envoy-internal | |
| name: envoy-internal | |
| namespace: heptio-contour | |
| spec: | |
| updateStrategy: | |
| type: RollingUpdate | |
| rollingUpdate: | |
| maxUnavailable: 10% | |
| selector: | |
| matchLabels: | |
| app: envoy-internal | |
| template: | |
| metadata: | |
| annotations: | |
| ad.datadoghq.com/envoy.check_names: | | |
| [ | |
| "envoy" | |
| ] | |
| ad.datadoghq.com/envoy.init_configs: | | |
| [ | |
| {} | |
| ] | |
| ad.datadoghq.com/envoy.instances: | | |
| [ | |
| { | |
| "stats_url": "http://%%host%%:8004/stats" # Ensure internal and external statsports differ | |
| } | |
| ] | |
| ad.datadoghq.com/envoy.logs: | | |
| [ | |
| { | |
| "source":"envoy", # used for pipeline filter | |
| "service":"ingress" # used for log exploration | |
| } | |
| ] | |
| labels: | |
| app: envoy-internal | |
| spec: | |
| containers: | |
| - env: | |
| - name: NODE_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: spec.nodeName | |
| args: | |
| - -c | |
| - /config/contour.yaml | |
| - --service-cluster | |
| - envoy-internal-cluster | |
| - --service-node | |
| - $(NODE_NAME) | |
| command: | |
| - envoy | |
| image: docker.io/envoyproxy/envoy-alpine:v1.7.0 | |
| imagePullPolicy: IfNotPresent | |
| name: envoy | |
| ports: | |
| - containerPort: 8080 | |
| hostPort: 8080 | |
| name: http | |
| protocol: TCP | |
| - containerPort: 8443 | |
| hostPort: 8443 | |
| name: https | |
| protocol: TCP | |
| readinessProbe: | |
| httpGet: | |
| path: /healthz | |
| port: 8004 | |
| initialDelaySeconds: 3 | |
| periodSeconds: 3 | |
| volumeMounts: | |
| - name: contour-config | |
| mountPath: /config | |
| lifecycle: | |
| preStop: | |
| exec: | |
| command: ["wget", "-qO-", "http://localhost:9002/healthcheck/fail"] | |
| dnsPolicy: ClusterFirstWithHostNet | |
| hostNetwork: true | |
| initContainers: | |
| - args: | |
| - bootstrap | |
| - /config/contour.yaml | |
| - --xds-address | |
| - $(CONTOUR_INTERNAL_SERVICE_HOST) | |
| - --xds-port | |
| - $(CONTOUR_INTERNAL_SERVICE_PORT) | |
| - --stats-port # stats-port and admin-port on hostNetwork must not conflict with external envoy | |
| - "8004" | |
| - --admin-port | |
| - "9002" | |
| command: | |
| - contour | |
| image: gcr.io/heptio-images/contour:v0.8.1 | |
| imagePullPolicy: Always | |
| name: envoy-initconfig | |
| volumeMounts: | |
| - name: contour-config | |
| mountPath: /config | |
| automountServiceAccountToken: false | |
| volumes: | |
| - name: contour-config | |
| emptyDir: {} | |
| restartPolicy: Always | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: contour | |
| namespace: heptio-contour | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: ingressroutes.contour.heptio.com | |
| labels: | |
| component: ingressroute | |
| spec: | |
| group: contour.heptio.com | |
| version: v1beta1 | |
| scope: Namespaced | |
| names: | |
| plural: ingressroutes | |
| kind: IngressRoute | |
| additionalPrinterColumns: | |
| - name: FQDN | |
| type: string | |
| description: Fully qualified domain name | |
| JSONPath: .spec.virtualhost.fqdn | |
| - name: TLS Secret | |
| type: string | |
| description: Secret with TLS credentials | |
| JSONPath: .spec.virtualhost.tls.secretName | |
| - name: First route | |
| type: string | |
| description: First routes defined | |
| JSONPath: .spec.routes[0].match | |
| - name: Status | |
| type: string | |
| description: The current status of the IngressRoute | |
| JSONPath: .status.currentStatus | |
| - name: Status Description | |
| type: string | |
| description: Description of the current status | |
| JSONPath: .status.description | |
| validation: | |
| openAPIV3Schema: | |
| properties: | |
| spec: | |
| properties: | |
| virtualhost: | |
| properties: | |
| fqdn: | |
| type: string | |
| pattern: ^([a-zA-Z0-9]+(-[a-zA-Z0-9]+)*\.)+[a-z]{2,}$ | |
| tls: | |
| properties: | |
| secretName: | |
| type: string | |
| pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ # DNS-1123 subdomain | |
| minimumProtocolVersion: | |
| type: string | |
| enum: | |
| - "1.3" | |
| - "1.2" | |
| - "1.1" | |
| strategy: | |
| type: string | |
| enum: | |
| - RoundRobin | |
| - WeightedLeastRequest | |
| - Random | |
| - RingHash | |
| - Maglev | |
| healthCheck: | |
| type: object | |
| required: | |
| - path | |
| properties: | |
| path: | |
| type: string | |
| pattern: ^\/.*$ | |
| intervalSeconds: | |
| type: integer | |
| timeoutSeconds: | |
| type: integer | |
| unhealthyThresholdCount: | |
| type: integer | |
| healthyThresholdCount: | |
| type: integer | |
| routes: | |
| type: array | |
| items: | |
| required: | |
| - match | |
| properties: | |
| match: | |
| type: string | |
| pattern: ^\/.*$ | |
| delegate: | |
| type: object | |
| required: | |
| - name | |
| properties: | |
| name: | |
| type: string | |
| pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ # DNS-1123 subdomain | |
| namespace: | |
| type: string | |
| pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ # DNS-1123 label | |
| services: | |
| type: array | |
| items: | |
| type: object | |
| required: | |
| - name | |
| - port | |
| properties: | |
| name: | |
| type: string | |
| pattern: ^[a-z]([-a-z0-9]*[a-z0-9])?$ # DNS-1035 label | |
| port: | |
| type: integer | |
| weight: | |
| type: integer | |
| strategy: | |
| type: string | |
| enum: | |
| - RoundRobin | |
| - WeightedLeastRequest | |
| - Random | |
| - RingHash | |
| - Maglev | |
| healthCheck: | |
| type: object | |
| required: | |
| - path | |
| properties: | |
| path: | |
| type: string | |
| pattern: ^\/.*$ | |
| intervalSeconds: | |
| type: integer | |
| timeoutSeconds: | |
| type: integer | |
| unhealthyThresholdCount: | |
| type: integer | |
| healthyThresholdCount: | |
| type: integer | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: contour | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: contour | |
| subjects: | |
| - kind: ServiceAccount | |
| name: contour | |
| namespace: heptio-contour | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| kind: ClusterRole | |
| metadata: | |
| name: contour | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - configmaps | |
| - endpoints | |
| - nodes | |
| - pods | |
| - secrets | |
| verbs: | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - nodes | |
| verbs: | |
| - get | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - services | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - extensions | |
| resources: | |
| - ingresses | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: ["contour.heptio.com"] | |
| resources: ["ingressroutes"] | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - put | |
| - post | |
| - patch |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment