Created
January 22, 2019 17:05
-
-
Save so0k/37740c16bf44f28ba3508e389e838e9c to your computer and use it in GitHub Desktop.
Dual contour ingress without host network
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: Namespace | |
metadata: | |
name: heptio-contour | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: envoy-external | |
namespace: heptio-contour | |
annotations: | |
service.beta.kubernetes.io/aws-load-balancer-type: nlb | |
spec: | |
externalTrafficPolicy: Local | |
ports: | |
- port: 80 | |
name: http | |
protocol: TCP | |
targetPort: 8080 | |
- port: 443 | |
name: https | |
protocol: TCP | |
targetPort: 8443 | |
selector: | |
app: envoy-external | |
type: LoadBalancer | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: contour-external | |
namespace: heptio-contour | |
spec: | |
ports: | |
- port: 8001 | |
name: xds | |
protocol: TCP | |
targetPort: 8001 | |
selector: | |
app: contour-external | |
type: ClusterIP | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: contour-external | |
namespace: heptio-contour | |
labels: | |
app: contour-external | |
spec: | |
replicas: 2 | |
selector: | |
matchLabels: | |
app: contour-external | |
template: | |
metadata: | |
annotations: | |
ad.datadoghq.com/contour.check_names: | | |
[ | |
"contour" | |
] | |
ad.datadoghq.com/contour.init_configs: | | |
[ | |
{} | |
] | |
ad.datadoghq.com/contour.instances: | | |
[ | |
{ | |
"stats_url": "http://%%host%%:8000/stats" | |
} | |
] | |
ad.datadoghq.com/contour.logs: | | |
[ | |
{ | |
"source":"contour", # used for pipeline filter | |
"service":"ingress" # used for log exploration | |
} | |
] | |
labels: | |
app: contour-external | |
spec: | |
affinity: | |
podAntiAffinity: | |
preferredDuringSchedulingIgnoredDuringExecution: | |
- podAffinityTerm: | |
labelSelector: | |
matchLabels: | |
app: contour-external | |
topologyKey: kubernetes.io/hostname | |
weight: 100 | |
containers: | |
- args: | |
- serve | |
- --incluster | |
- --xds-address | |
- 0.0.0.0 | |
- --xds-port | |
- $(CONTOUR_EXTERNAL_SERVICE_PORT) | |
- --ingress-class-name=contour-external # only manage ingress.class=contour-external | |
command: ["contour"] | |
image: gcr.io/heptio-images/contour:v0.8.1 | |
imagePullPolicy: Always | |
name: contour | |
ports: | |
- containerPort: 8001 | |
name: xds | |
protocol: TCP | |
- containerPort: 8000 | |
name: debug | |
protocol: TCP | |
dnsPolicy: ClusterFirst | |
serviceAccountName: contour | |
--- | |
apiVersion: extensions/v1beta1 | |
kind: DaemonSet | |
metadata: | |
labels: | |
app: envoy-external | |
name: envoy-external | |
namespace: heptio-contour | |
spec: | |
updateStrategy: | |
type: RollingUpdate | |
rollingUpdate: | |
maxUnavailable: 10% | |
selector: | |
matchLabels: | |
app: envoy-external | |
template: | |
metadata: | |
annotations: | |
ad.datadoghq.com/envoy.check_names: | | |
[ | |
"envoy" | |
] | |
ad.datadoghq.com/envoy.init_configs: | | |
[ | |
{} | |
] | |
ad.datadoghq.com/envoy.instances: | | |
[ | |
{ | |
"stats_url": "http://%%host%%:8002/stats" # Ensure internal and external statsports differ | |
} | |
] | |
ad.datadoghq.com/envoy.logs: | | |
[ | |
{ | |
"source":"envoy", # used for pipeline filter | |
"service":"ingress" # used for log exploration | |
} | |
] | |
labels: | |
app: envoy-external | |
spec: | |
containers: | |
- env: | |
- name: NODE_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: spec.nodeName | |
args: | |
- -c | |
- /config/contour.yaml | |
- --service-cluster | |
- envoy-external-cluster | |
- --service-node | |
- $(NODE_NAME) | |
command: | |
- envoy | |
image: docker.io/envoyproxy/envoy-alpine:v1.7.0 | |
imagePullPolicy: IfNotPresent | |
name: envoy | |
ports: | |
- containerPort: 8080 | |
name: http | |
protocol: TCP | |
- containerPort: 8443 | |
name: https | |
protocol: TCP | |
readinessProbe: | |
httpGet: | |
path: /healthz | |
port: 8002 | |
initialDelaySeconds: 3 | |
periodSeconds: 3 | |
volumeMounts: | |
- name: contour-config | |
mountPath: /config | |
lifecycle: | |
preStop: | |
exec: | |
command: ["wget", "-qO-", "http://localhost:9001/healthcheck/fail"] | |
dnsPolicy: ClusterFirst | |
initContainers: | |
- args: | |
- bootstrap | |
- /config/contour.yaml | |
- --xds-address | |
- $(CONTOUR_EXTERNAL_SERVICE_HOST) | |
- --xds-port | |
- $(CONTOUR_EXTERNAL_SERVICE_PORT) | |
command: | |
- contour | |
image: gcr.io/heptio-images/contour:v0.8.1 | |
imagePullPolicy: Always | |
name: envoy-initconfig | |
volumeMounts: | |
- name: contour-config | |
mountPath: /config | |
automountServiceAccountToken: false | |
volumes: | |
- name: contour-config | |
emptyDir: {} | |
restartPolicy: Always | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: envoy-internal | |
namespace: heptio-contour | |
annotations: | |
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 | |
service.beta.kubernetes.io/aws-load-balancer-type: nlb | |
spec: | |
externalTrafficPolicy: Local | |
ports: | |
- port: 80 | |
name: http | |
protocol: TCP | |
targetPort: 8080 | |
- port: 443 | |
name: https | |
protocol: TCP | |
targetPort: 8443 | |
selector: | |
app: envoy-internal | |
type: LoadBalancer | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: contour-internal | |
namespace: heptio-contour | |
spec: | |
ports: | |
- port: 8001 | |
name: xds | |
protocol: TCP | |
targetPort: 8001 | |
selector: | |
app: contour-internal | |
type: ClusterIP | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: contour-internal | |
namespace: heptio-contour | |
labels: | |
app: contour-internal | |
spec: | |
replicas: 2 | |
selector: | |
matchLabels: | |
app: contour-internal | |
template: | |
metadata: | |
annotations: | |
ad.datadoghq.com/contour.check_names: | | |
[ | |
"contour" | |
] | |
ad.datadoghq.com/contour.init_configs: | | |
[ | |
{} | |
] | |
ad.datadoghq.com/contour.instances: | | |
[ | |
{ | |
"stats_url": "http://%%host%%:8000/stats" | |
} | |
] | |
ad.datadoghq.com/contour.logs: | | |
[ | |
{ | |
"source":"contour", # used for pipeline filter | |
"service":"ingress" # used for log exploration | |
} | |
] | |
labels: | |
app: contour-internal | |
spec: | |
affinity: | |
podAntiAffinity: | |
preferredDuringSchedulingIgnoredDuringExecution: | |
- podAffinityTerm: | |
labelSelector: | |
matchLabels: | |
app: contour-internal | |
topologyKey: kubernetes.io/hostname | |
weight: 100 | |
containers: | |
- args: | |
- serve | |
- --incluster | |
- --xds-address | |
- 0.0.0.0 | |
- --xds-port | |
- $(CONTOUR_INTERNAL_SERVICE_PORT) | |
- --ingress-class-name=contour-internal # only manage ingress.class=contour-internal | |
command: ["contour"] | |
image: gcr.io/heptio-images/contour:v0.8.1 | |
imagePullPolicy: Always | |
name: contour | |
ports: | |
- containerPort: 8001 | |
name: xds | |
protocol: TCP | |
- containerPort: 8000 | |
name: debug | |
protocol: TCP | |
dnsPolicy: ClusterFirst | |
serviceAccountName: contour | |
--- | |
apiVersion: extensions/v1beta1 | |
kind: DaemonSet | |
metadata: | |
labels: | |
app: envoy-internal | |
name: envoy-internal | |
namespace: heptio-contour | |
spec: | |
updateStrategy: | |
type: RollingUpdate | |
rollingUpdate: | |
maxUnavailable: 10% | |
selector: | |
matchLabels: | |
app: envoy-internal | |
template: | |
metadata: | |
annotations: | |
ad.datadoghq.com/envoy.check_names: | | |
[ | |
"envoy" | |
] | |
ad.datadoghq.com/envoy.init_configs: | | |
[ | |
{} | |
] | |
ad.datadoghq.com/envoy.instances: | | |
[ | |
{ | |
"stats_url": "http://%%host%%:8002/stats" # Ensure internal and external statsports differ | |
} | |
] | |
ad.datadoghq.com/envoy.logs: | | |
[ | |
{ | |
"source":"envoy", # used for pipeline filter | |
"service":"ingress" # used for log exploration | |
} | |
] | |
labels: | |
app: envoy-internal | |
spec: | |
containers: | |
- env: | |
- name: NODE_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: spec.nodeName | |
args: | |
- -c | |
- /config/contour.yaml | |
- --service-cluster | |
- envoy-internal-cluster | |
- --service-node | |
- $(NODE_NAME) | |
command: | |
- envoy | |
image: docker.io/envoyproxy/envoy-alpine:v1.7.0 | |
imagePullPolicy: IfNotPresent | |
name: envoy | |
ports: | |
- containerPort: 8080 | |
name: http | |
protocol: TCP | |
- containerPort: 8443 | |
name: https | |
protocol: TCP | |
readinessProbe: | |
httpGet: | |
path: /healthz | |
port: 8002 | |
initialDelaySeconds: 3 | |
periodSeconds: 3 | |
volumeMounts: | |
- name: contour-config | |
mountPath: /config | |
lifecycle: | |
preStop: | |
exec: | |
command: ["wget", "-qO-", "http://localhost:9001/healthcheck/fail"] | |
dnsPolicy: ClusterFirst | |
initContainers: | |
- args: | |
- bootstrap | |
- /config/contour.yaml | |
- --xds-address | |
- $(CONTOUR_INTERNAL_SERVICE_HOST) | |
- --xds-port | |
- $(CONTOUR_INTERNAL_SERVICE_PORT) | |
command: | |
- contour | |
image: gcr.io/heptio-images/contour:v0.8.1 | |
imagePullPolicy: Always | |
name: envoy-initconfig | |
volumeMounts: | |
- name: contour-config | |
mountPath: /config | |
automountServiceAccountToken: false | |
volumes: | |
- name: contour-config | |
emptyDir: {} | |
restartPolicy: Always | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: contour | |
namespace: heptio-contour | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
name: ingressroutes.contour.heptio.com | |
labels: | |
component: ingressroute | |
spec: | |
group: contour.heptio.com | |
version: v1beta1 | |
scope: Namespaced | |
names: | |
plural: ingressroutes | |
kind: IngressRoute | |
additionalPrinterColumns: | |
- name: FQDN | |
type: string | |
description: Fully qualified domain name | |
JSONPath: .spec.virtualhost.fqdn | |
- name: TLS Secret | |
type: string | |
description: Secret with TLS credentials | |
JSONPath: .spec.virtualhost.tls.secretName | |
- name: First route | |
type: string | |
description: First routes defined | |
JSONPath: .spec.routes[0].match | |
- name: Status | |
type: string | |
description: The current status of the IngressRoute | |
JSONPath: .status.currentStatus | |
- name: Status Description | |
type: string | |
description: Description of the current status | |
JSONPath: .status.description | |
validation: | |
openAPIV3Schema: | |
properties: | |
spec: | |
properties: | |
virtualhost: | |
properties: | |
fqdn: | |
type: string | |
pattern: ^([a-zA-Z0-9]+(-[a-zA-Z0-9]+)*\.)+[a-z]{2,}$ | |
tls: | |
properties: | |
secretName: | |
type: string | |
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ # DNS-1123 subdomain | |
minimumProtocolVersion: | |
type: string | |
enum: | |
- "1.3" | |
- "1.2" | |
- "1.1" | |
strategy: | |
type: string | |
enum: | |
- RoundRobin | |
- WeightedLeastRequest | |
- Random | |
- RingHash | |
- Maglev | |
healthCheck: | |
type: object | |
required: | |
- path | |
properties: | |
path: | |
type: string | |
pattern: ^\/.*$ | |
intervalSeconds: | |
type: integer | |
timeoutSeconds: | |
type: integer | |
unhealthyThresholdCount: | |
type: integer | |
healthyThresholdCount: | |
type: integer | |
routes: | |
type: array | |
items: | |
required: | |
- match | |
properties: | |
match: | |
type: string | |
pattern: ^\/.*$ | |
delegate: | |
type: object | |
required: | |
- name | |
properties: | |
name: | |
type: string | |
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ # DNS-1123 subdomain | |
namespace: | |
type: string | |
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ # DNS-1123 label | |
services: | |
type: array | |
items: | |
type: object | |
required: | |
- name | |
- port | |
properties: | |
name: | |
type: string | |
pattern: ^[a-z]([-a-z0-9]*[a-z0-9])?$ # DNS-1035 label | |
port: | |
type: integer | |
weight: | |
type: integer | |
strategy: | |
type: string | |
enum: | |
- RoundRobin | |
- WeightedLeastRequest | |
- Random | |
- RingHash | |
- Maglev | |
healthCheck: | |
type: object | |
required: | |
- path | |
properties: | |
path: | |
type: string | |
pattern: ^\/.*$ | |
intervalSeconds: | |
type: integer | |
timeoutSeconds: | |
type: integer | |
unhealthyThresholdCount: | |
type: integer | |
healthyThresholdCount: | |
type: integer | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: contour | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: contour | |
subjects: | |
- kind: ServiceAccount | |
name: contour | |
namespace: heptio-contour | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRole | |
metadata: | |
name: contour | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- configmaps | |
- endpoints | |
- nodes | |
- pods | |
- secrets | |
verbs: | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
resources: | |
- nodes | |
verbs: | |
- get | |
- apiGroups: | |
- "" | |
resources: | |
- services | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- extensions | |
resources: | |
- ingresses | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: ["contour.heptio.com"] | |
resources: ["ingressroutes"] | |
verbs: | |
- get | |
- list | |
- watch | |
- put | |
- post | |
- patch |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment