diff --git a/Dockerfile b/Dockerfile index ba5d2b3eb1e8315a8ddd796dcd3741c8f6d726da..7efa6c8875954d7b71d384646fc2e58a5b0df89d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,8 @@ RUN apt-get -y update && \ openvpn \ supervisor -COPY supervisor.conf /etc/supervisor/conf.d/k8s-linkup.conf +RUN mkdir -p /etc/k8s-linkup/supervisor +COPY supervisor.conf.d/*.conf /etc/k8s-linkup/supervisor/ COPY entrypoint.sh /usr/local/sbin/entrypoint.sh ENTRYPOINT ["/usr/local/sbin/entrypoint.sh"] diff --git a/charts/k8s-linkup/Chart.yaml b/charts/k8s-linkup/Chart.yaml index 234fb719d90d5765927ec1115254568376d00a73..9b9610b373d0786144a73abbb99408625ce02b62 100644 --- a/charts/k8s-linkup/Chart.yaml +++ b/charts/k8s-linkup/Chart.yaml @@ -15,9 +15,9 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.0 +version: 2.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 1.0.0 +appVersion: 2.0.0 diff --git a/charts/k8s-linkup/templates/configmap.yaml b/charts/k8s-linkup/templates/configmap.yaml index 65ba3f9776320d32c2d6ca7febcf9297b8cf8781..308e1d6ef46adafa305b35dc8f98c36cede0df00 100644 --- a/charts/k8s-linkup/templates/configmap.yaml +++ b/charts/k8s-linkup/templates/configmap.yaml @@ -1,9 +1,10 @@ +{{- range .Values.linkups }} apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "k8s-linkup.fullname" . }}-haproxy + name: {{ template "k8s-linkup.fullname" $ }}-{{ .name }}-haproxy labels: - {{- include "k8s-linkup.labels" . | nindent 4 }} + {{- include "k8s-linkup.labels" $ | nindent 4 }} data: haproxy.cfg: | global @@ -18,28 +19,30 @@ data: frontend _monitor mode http - bind *:{{ .Values.healthCheckPort }} + bind *:{{ .healthCheckPort }} stats enable stats uri /stats stats refresh 10s stats admin if LOCALHOST monitor-uri /health - {{- range .Values.portMappings }} + {{- range .portMappings }} {{- if ( .monitored | default true ) }} acl {{ .name }}_down nbsrv({{ .name}}_back) lt 1 monitor fail if {{ .name }}_down {{- end }} {{- end }} - {{- range .Values.portMappings }} + {{- range .portMappings }} frontend {{ .name }} bind *:{{ .local.port }} maxconn {{ .maxconn | default 20 }} default_backend {{ .name }}_back {{- end }} - {{- range .Values.portMappings }} + {{- range .portMappings }} backend {{ .name }}_back balance roundrobin server {{ .remote.host | replace "." "_" }}_{{ .remote.port }} {{ .remote.host }}:{{ .remote.port }} {{- if ( .monitored | default true ) }} check{{- end}} {{- end }} +--- +{{- end }} diff --git a/charts/k8s-linkup/templates/deployment.yaml b/charts/k8s-linkup/templates/deployment.yaml index 1d216e7b3e26e381c0653d35383f1f27c1082ba3..c0a9e6ffb834e606b0474092cfb52bb57a823d6b 100644 --- a/charts/k8s-linkup/templates/deployment.yaml +++ b/charts/k8s-linkup/templates/deployment.yaml @@ -1,95 +1,93 @@ +{{- range .Values.linkups }} apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "k8s-linkup.fullname" . }} + name: {{ include "k8s-linkup.fullname" $ }} labels: - {{- include "k8s-linkup.labels" . | nindent 4 }} + {{- include "k8s-linkup.labels" $ | nindent 4 }} spec: -{{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} -{{- end }} + replicas: {{ .replicaCount | default $.Values.replicaCount }} selector: matchLabels: - {{- include "k8s-linkup.selectorLabels" . | nindent 6 }} + {{- include "k8s-linkup.selectorLabels" $ | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} + {{- with $.Values.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "k8s-linkup.selectorLabels" . | nindent 8 }} + {{- include "k8s-linkup.selectorLabels" $ | nindent 8 }} spec: - {{- with .Values.imagePullSecrets }} + {{- with $.Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "k8s-linkup.serviceAccountName" . }} + serviceAccountName: {{ include "k8s-linkup.serviceAccountName" $ }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- toYaml $.Values.podSecurityContext | nindent 8 }} containers: - - name: {{ .Chart.Name }} + - name: {{ $.Chart.Name }}-{{ .name }} securityContext: capabilities: add: - NET_ADMIN - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}" + imagePullPolicy: {{ $.Values.image.pullPolicy }} + env: + - name: LINKUP_CONNECTION + value: {{ .connection }} + - name: LINKUP_CONFIG_FILE + value: {{ .configMap.file }} ports: - name: haproxy-stats - containerPort: {{ .Values.healthCheckPort }} + containerPort: {{ .healthCheckPort }} protocol: TCP - {{- range .Values.portMappings }} + {{- range .portMappings }} - name: {{ .name }} containerPort: {{ .local.port }} protocol: {{ .protocol | default "TCP" }} {{- end }} volumeMounts: - - mountPath: /etc/k8s-linkup/config/haproxy - name: {{ template "k8s-linkup.fullname" . }}-haproxy - {{- range .Values.existingConfigs.configMaps }} - - mountPath: /etc/k8s-linkup/config/{{ . }} - name: {{ template "k8s-linkup.fullname" $ }}-config-existing-{{ . }} + - mountPath: /etc/k8s-linkup/haproxy + name: {{ template "k8s-linkup.fullname" $ }}-{{ .name }}-haproxy + - mountPath: /etc/k8s-linkup/{{ .connection }} + name: {{ template "k8s-linkup.fullname" $ }}-{{ .name }}-{{ .connection }}-config readOnly: true - {{- end }} - {{- range .Values.existingConfigs.secrets }} - - mountPath: /etc/k8s-linkup/secret/{{ . }} - name: {{ template "k8s-linkup.fullname" $ }}-secret-existing-{{ . }} + - mountPath: /etc/k8s-linkup/{{ .connection }}/secret + name: {{ template "k8s-linkup.fullname" $ }}-{{ .name }}-{{ .connection }}-secret readOnly: true - {{- end }} livenessProbe: httpGet: path: /health - port: {{ .Values.healthCheckPort }} + port: {{ .healthCheckPort }} readinessProbe: httpGet: path: /health - port: {{ .Values.healthCheckPort }} + port: {{ .healthCheckPort }} resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml $.Values.resources | nindent 12 }} volumes: - - name: {{ template "k8s-linkup.fullname" . }}-haproxy + - name: {{ template "k8s-linkup.fullname" $ }}-{{ .name }}-haproxy configMap: - name: {{ template "k8s-linkup.fullname" . }}-haproxy - {{- range .Values.existingConfigs.configMaps }} - - name: {{ template "k8s-linkup.fullname" $ }}-config-existing-{{ . }} + name: {{ template "k8s-linkup.fullname" $ }}-{{ .name }}-haproxy + - name: {{ template "k8s-linkup.fullname" $ }}-{{ .name }}-{{ .connection }}-config configMap: - name: {{ . }} - {{- end }} - {{- range .Values.existingConfigs.secrets }} - - name: {{ template "k8s-linkup.fullname" $ }}-secret-existing-{{ . }} + name: {{ .configMap.name }} + - name: {{ template "k8s-linkup.fullname" $ }}-{{ .name }}-{{ .connection }}-secret secret: - secretName: {{ . }} - {{- end }} - {{- with .Values.nodeSelector }} + secretName: {{ .secret.name }} + {{- with $.Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with $.Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with $.Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} +--- +{{- end }} diff --git a/charts/k8s-linkup/templates/hpa.yaml b/charts/k8s-linkup/templates/hpa.yaml deleted file mode 100644 index 7619d7281596952806e65dfd5569865dc6fbc1f0..0000000000000000000000000000000000000000 --- a/charts/k8s-linkup/templates/hpa.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "k8s-linkup.fullname" . }} - labels: - {{- include "k8s-linkup.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "k8s-linkup.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/k8s-linkup/templates/service.yaml b/charts/k8s-linkup/templates/service.yaml index 26863667e13cbe20308e465b324e64b52e2637ac..29a8bf5b7333c2661ce6c7f1e2acd9d42072d7b2 100644 --- a/charts/k8s-linkup/templates/service.yaml +++ b/charts/k8s-linkup/templates/service.yaml @@ -1,17 +1,19 @@ -{{- range .Values.portMappings }} +{{- range .Values.linkups }} apiVersion: v1 kind: Service metadata: - name: {{ include "k8s-linkup.fullname" $ }} + name: {{ include "k8s-linkup.fullname" $ }}-{{ .name }} labels: {{- include "k8s-linkup.labels" $ | nindent 4 }} spec: - type: {{ .local.type | default "ClusterIP" }} + type: {{ .serviceType | default "ClusterIP" }} ports: + {{- range .portMappings }} - port: {{ .local.port }} targetPort: {{ .local.port }} protocol: {{ .protocol | default "TCP" }} name: {{ .name }} + {{- end }} selector: {{- include "k8s-linkup.selectorLabels" $ | nindent 4 }} --- diff --git a/charts/k8s-linkup/values.yaml b/charts/k8s-linkup/values.yaml index 265804c200b0fad1456a6736793e670a6dcf41ba..1d73d40638eec7ee3b86bb4f93e125cf8160eead 100644 --- a/charts/k8s-linkup/values.yaml +++ b/charts/k8s-linkup/values.yaml @@ -10,22 +10,27 @@ image: # Overrides the image tag whose default is the chart appVersion. tag: "" -existingConfigs: - configMaps: [] - secrets: [] - -healthCheckPort: 9000 - -portMappings: - # - name: ldap - # local: - # port: 389 - # remote: - # host: 172.17.0.5 - # port: 389 - # maxconn: 20 - # type: TCP - # monitored: true +linkups: [] +# - name: linkup1 +# connection: openvpn +# serviceType: ClusterIP +# replicaCount: 1 +# configMap: +# name: openvpn-config +# file: openvpn.conf +# secret: +# name: openvpn-secret +# healthCheckPort: 9000 +# portMappings: +# - name: ldap +# local: +# port: 389 +# remote: +# host: 172.17.0.5 +# port: 389 +# maxconn: 20 +# type: TCP +# monitored: true imagePullSecrets: [] nameOverride: "" @@ -46,13 +51,6 @@ podSecurityContext: {} resources: {} -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - nodeSelector: {} tolerations: [] diff --git a/entrypoint.sh b/entrypoint.sh index 69cbb48ee26bd920c22d5c229c899e4d7521d2d7..4cd687211b08053a8fd5a526bfaa2b8a9173a4cb 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,20 +1,30 @@ #!/bin/sh +die() { + echo "$@" >&2 + exit 1 +} + +: ${LINKUP_CONFIG_PATH:=/etc/k8s-linkup} + +# Verify connection type and set default config file name +case "$LINKUP_CONNECTION" in + openvpn) : ${LINKUP_CONFIG_FILE:=openvpn.conf} ;; + *) die "Unknown connection $LINKUP_CONNECTION" ;; +esac + # Check for TUN/TAP availability and device node if capsh --has-p=cap_net_admin; then mkdir -p /dev/net mknod /dev/net/tun c 10 200 fi -# Merge config files -mkdir -p /etc/k8s-linkup/merged -for file in /etc/k8s-linkup/config/*/* /etc/k8s-linkup/secret/*/*; do - if [ ! -f "$file" ]; then - continue - fi - ln -sf "$file" /etc/k8s-linkup/merged/ -done +# Link supervisor config files to supervisor config space +ln -s $LINKUP_CONFIG_PATH/supervisor/haproxy.conf /etc/supervisor/conf.d/ +ln -s $LINKUP_CONFIG_PATH/supervisor/$LINKUP_CONNECTION.conf /etc/supervisor/conf.d/ # Hand over to supervisord -export CONFIG_PATH=/etc/k8s-linkup/merged +export LINKUP_CONFIG_FILE +export LINKUP_CONFIG_PATH +export LINKUP_CONNECTION exec /usr/bin/supervisord -n -e info -c /etc/supervisor/supervisord.conf diff --git a/supervisor.conf b/supervisor.conf deleted file mode 100644 index 38c397c90c172cc7102d0fdbb68c90f38277e9f2..0000000000000000000000000000000000000000 --- a/supervisor.conf +++ /dev/null @@ -1,17 +0,0 @@ -[program:openvpn] -command = sh -c '[ -e "%(ENV_CONFIG_PATH)s/openvpn.conf" ] && /usr/sbin/openvpn "%(ENV_CONFIG_PATH)s/openvpn.conf"' -stdout_logfile=/dev/stdout -stdout_logfile_maxbytes=0 - -[program:haproxy] -command = sh -c '[ -e "%(ENV_CONFIG_PATH)s/haproxy.cfg" ] && /usr/sbin/haproxy -f "%(ENV_CONFIG_PATH)s/haproxy.cfg"' -stdout_logfile=/dev/stdout -stdout_logfile_maxbytes=0 - -[group:routers] -programs = openvpn -priority = 100 - -[group:proxies] -programs = haproxy -priority = 200 diff --git a/supervisor.conf.d/haproxy.conf b/supervisor.conf.d/haproxy.conf new file mode 100644 index 0000000000000000000000000000000000000000..a05b03a01b53cc47e5119e87d8dd0f4b9612d72c --- /dev/null +++ b/supervisor.conf.d/haproxy.conf @@ -0,0 +1,5 @@ +[program:haproxy] +command = /usr/sbin/haproxy -f "%(ENV_LINKUP_CONFIG_PATH)s/haproxy/haproxy.cfg" +stdout_logfile = /dev/stdout +stdout_logfile_maxbytes = 0 +priority = 200 diff --git a/supervisor.conf.d/openvpn.conf b/supervisor.conf.d/openvpn.conf new file mode 100644 index 0000000000000000000000000000000000000000..55219710de0b550d0e6398511193f10735633d7f --- /dev/null +++ b/supervisor.conf.d/openvpn.conf @@ -0,0 +1,5 @@ +[program:openvpn] +command = /usr/sbin/openvpn --cd "%(ENV_LINKUP_CONFIG_PATH)s/%(ENV_LINKUP_CONNECTION)s" --config "%(ENV_LINKUP_CONFIG_FILE)s" +stdout_logfile = /dev/stdout +stdout_logfile_maxbytes = 0 +priority = 100