Update the "multiple controller" example.

46ca05b2 · Geoff Simmons · ed5adcdb · 46ca05b2 · 46ca05b2 · 46ca05b2
Commit 46ca05b2 authored Apr 30, 2020 by Geoff Simmons
13 changed files
--- a/examples/architectures/multi-controller/adm-secret-coffee.yaml
+++ b/examples/architectures/multi-controller/adm-secret-coffee.yaml
@@ -8,3 +8,4 @@ metadata:
 type: Opaque
 data:
  admin: BhjBhxjqrbCnW2eYLoUL+C2TN51a8sWQIfL9oRWPY2E=
+  dataplaneapi: OWVjYmNlZjItMzA3MC00NjhlLTkzMGEtM2NhMTliNGJkMWM0
--- a/examples/architectures/multi-controller/adm-secret-tea.yaml
+++ b/examples/architectures/multi-controller/adm-secret-tea.yaml
@@ -8,3 +8,4 @@ metadata:
 type: Opaque
 data:
  admin: IZqtwnccuVoCblGaTq8yK8mOk8gtLwWmbZq17tpcdwo=
+  dataplaneapi: MzllNDZhNWQtZjVkMy00YzYwLWJjODEtMmJlOGVjYzkwNjM2
--- a/examples/architectures/multi-controller/admin-svc-coffee.yaml
+++ b/examples/architectures/multi-controller/admin-svc-coffee.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: varnish-coffee-admin
+  namespace: cafe
+  labels:
+    app: varnish-ingress
+spec:
+  clusterIP: None
+  ports:
+  - port: 6081
+    targetPort: 6081
+    protocol: TCP
+    name: varnishadm
+  - port: 5555
+    targetPort: 5555
+    protocol: TCP
+    name: dataplane
+  - port: 5556
+    targetPort: 5556
+    protocol: TCP
+    name: faccess
+  - port: 9443
+    targetPort: 9443
+    protocol: TCP
+    name: stats
+  selector:
+    app: varnish-ingress
+    ingress: coffee
--- a/examples/architectures/multi-controller/admin-svc-tea.yaml
+++ b/examples/architectures/multi-controller/admin-svc-tea.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: varnish-tea-admin
+  namespace: cafe
+  labels:
+    app: varnish-ingress
+spec:
+  clusterIP: None
+  ports:
+  - port: 6081
+    targetPort: 6081
+    protocol: TCP
+    name: varnishadm
+  - port: 5555
+    targetPort: 5555
+    protocol: TCP
+    name: dataplane
+  - port: 5556
+    targetPort: 5556
+    protocol: TCP
+    name: faccess
+  - port: 9443
+    targetPort: 9443
+    protocol: TCP
+    name: stats
+  selector:
+    app: varnish-ingress
+    ingress: tea
--- a/examples/architectures/multi-controller/coffee-ingress.yaml
+++ b/examples/architectures/multi-controller/coffee-ingress.yaml
@@ -5,7 +5,7 @@ metadata:
  namespace: cafe
  annotations:
    kubernetes.io/ingress.class: "varnish-coffee"
-    ingress.varnish-cache.org/varnish-svc: "varnish-coffee"
+    ingress.varnish-cache.org/varnish-svc: "varnish-coffee-admin"
 spec:
  rules:
  - host: coffee.example.com

--- a/examples/architectures/multi-controller/deploy.sh
+++ b/examples/architectures/multi-controller/deploy.sh
@@ -11,14 +11,20 @@ kubectl apply -f coffee.yaml
 kubectl apply -f tea.yaml
+kubectl apply -f tls-cert-secret.yaml
 kubectl apply -f adm-secret-tea.yaml
 kubectl apply -f nodeport-tea.yaml
+kubectl apply -f admin-svc-tea.yaml
 kubectl apply -f varnish-tea.yaml
 kubectl apply -f adm-secret-coffee.yaml
+kubectl apply -f admin-svc-coffee.yaml
 kubectl apply -f nodeport-coffee.yaml
 kubectl apply -f varnish-coffee.yaml

--- a/examples/architectures/multi-controller/nodeport-coffee.yaml
+++ b/examples/architectures/multi-controller/nodeport-coffee.yaml
@@ -10,14 +10,14 @@ metadata:
 spec:
  type: NodePort 
  ports:
-  - port: 6081
-    targetPort: 6081
-    protocol: TCP
-    name: varnishadm
  - port: 80
    targetPort: 80
    protocol: TCP
    name: http
+  - port: 443
+    targetPort: 443
+    protocol: TCP
+    name: tls
  selector:
    app: varnish-ingress
    ingress: coffee

--- a/examples/architectures/multi-controller/nodeport-tea.yaml
+++ b/examples/architectures/multi-controller/nodeport-tea.yaml
@@ -10,14 +10,14 @@ metadata:
 spec:
  type: NodePort 
  ports:
-  - port: 6081
-    targetPort: 6081
-    protocol: TCP
-    name: varnishadm
  - port: 80
    targetPort: 80
    protocol: TCP
    name: http
+  - port: 443
+    targetPort: 443
+    protocol: TCP
+    name: tls
  selector:
    app: varnish-ingress
    ingress: tea

--- a/examples/architectures/multi-controller/tea-ingress.yaml
+++ b/examples/architectures/multi-controller/tea-ingress.yaml
@@ -5,7 +5,7 @@ metadata:
  namespace: cafe
  annotations:
    kubernetes.io/ingress.class: "varnish"
-    ingress.varnish-cache.org/varnish-svc: "varnish-tea"
+    ingress.varnish-cache.org/varnish-svc: "varnish-tea-admin"
 spec:
  rules:
  - host: tea.example.com

--- a/examples/architectures/multi-controller/tls-cert-secret.yaml
+++ b/examples/architectures/multi-controller/tls-cert-secret.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: tls-cert
+  namespace: cafe
+  labels:
+    app: varnish-ingress
+type: Opaque
--- a/examples/architectures/multi-controller/undeploy.sh
+++ b/examples/architectures/multi-controller/undeploy.sh
@@ -8,14 +8,20 @@ kubectl delete -f varnish-coffee.yaml
 kubectl delete -f nodeport-coffee.yaml
+kubectl delete -f admin-svc-coffee.yaml
 kubectl delete -f adm-secret-coffee.yaml
 kubectl delete -f varnish-tea.yaml
 kubectl delete -f nodeport-tea.yaml
+kubectl delete -f admin-svc-tea.yaml
 kubectl delete -f adm-secret-tea.yaml
+kubectl delete -f tls-cert-secret.yaml
 kubectl delete -f tea.yaml
 kubectl delete -f coffee.yaml

--- a/examples/architectures/multi-controller/varnish-coffee.yaml
+++ b/examples/architectures/multi-controller/varnish-coffee.yaml
@@ -15,6 +15,8 @@ spec:
        app: varnish-ingress
        ingress: coffee
    spec:
+      securityContext:
+        fsGroup: 998
      containers:
      - image: varnish-ingress/varnish
        imagePullPolicy: IfNotPresent
@@ -24,14 +26,14 @@ spec:
          containerPort: 80
        - name: k8s
          containerPort: 8080
-        - name: varnishadm
-          containerPort: 6081
        volumeMounts:
        - name: adm-secret
          mountPath: "/var/run/varnish"
          readOnly: true
        - name: varnish-home
          mountPath: "/var/run/varnish-home"
+        - name: offload
+          mountPath: "/var/run/offload"
        livenessProbe:
          exec:
            command:
@@ -46,6 +48,37 @@ spec:
        args:
          - -n
          - /var/run/varnish-home
+      - image: varnish-ingress/haproxy
+        imagePullPolicy: IfNotPresent
+        name: varnish-ingress-offloader
+        ports:
+        - name: tls
+          containerPort: 443
+        - name: k8s
+          containerPort: 8443
+        volumeMounts:
+        - name: tls-cert
+          mountPath: "/etc/ssl/private"
+          readOnly: true
+        - name: offload
+          mountPath: "/var/run/offload"
+        env:
+          - name: SECRET_DATAPLANEAPI
+            valueFrom:
+              secretKeyRef:
+                name: coffee-secret
+                key: dataplaneapi
+        livenessProbe:
+          exec:
+            command:
+            - /usr/bin/pgrep
+            - -P
+            - "0"
+            - haproxy
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: k8s
      volumes:
      - name: adm-secret
        secret:
@@ -53,6 +86,12 @@ spec:
          items:
          - key: admin
            path: _.secret
+      - name: tls-cert
+        secret:
+          secretName: tls-cert
+          defaultMode: 0440
      - name: varnish-home
        emptyDir:
          medium: "Memory"
+      - name: offload
+        emptyDir: {}
--- a/examples/architectures/multi-controller/varnish-tea.yaml
+++ b/examples/architectures/multi-controller/varnish-tea.yaml
@@ -15,6 +15,8 @@ spec:
        app: varnish-ingress
        ingress: tea
    spec:
+      securityContext:
+        fsGroup: 998
      containers:
      - image: varnish-ingress/varnish
        imagePullPolicy: IfNotPresent
@@ -24,14 +26,14 @@ spec:
          containerPort: 80
        - name: k8s
          containerPort: 8080
-        - name: varnishadm
-          containerPort: 6081
        volumeMounts:
        - name: adm-secret
          mountPath: "/var/run/varnish"
          readOnly: true
        - name: varnish-home
          mountPath: "/var/run/varnish-home"
+        - name: offload
+          mountPath: "/var/run/offload"
        livenessProbe:
          exec:
            command:
@@ -46,6 +48,37 @@ spec:
        args:
          - -n
          - /var/run/varnish-home
+      - image: varnish-ingress/haproxy
+        imagePullPolicy: IfNotPresent
+        name: varnish-ingress-offloader
+        ports:
+        - name: tls
+          containerPort: 443
+        - name: k8s
+          containerPort: 8443
+        volumeMounts:
+        - name: tls-cert
+          mountPath: "/etc/ssl/private"
+          readOnly: true
+        - name: offload
+          mountPath: "/var/run/offload"
+        env:
+          - name: SECRET_DATAPLANEAPI
+            valueFrom:
+              secretKeyRef:
+                name: tea-secret
+                key: dataplaneapi
+        livenessProbe:
+          exec:
+            command:
+            - /usr/bin/pgrep
+            - -P
+            - "0"
+            - haproxy
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: k8s
      volumes:
      - name: adm-secret
        secret:
@@ -53,6 +86,12 @@ spec:
          items:
          - key: admin
            path: _.secret
+      - name: tls-cert
+        secret:
+          secretName: tls-cert
+          defaultMode: 0440
      - name: varnish-home
        emptyDir:
          medium: "Memory"
+      - name: offload
+        emptyDir: {}