Merge pull request #104 from becitsthere/master

Add host option for route

charts/core/Chart.yaml

@@ -1,7 +1,7 @@
 name: core
 apiVersion: v1
 version: 1.8.2
-appVersion: 4.3.0
+appVersion: 4.3.1
 description: Helm chart for NeuVector's core services
 home: https://neuvector.com
 icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4

charts/core/README.md

@@ -74,18 +74,21 @@ Parameter | Description | Default | Notes
 `controller.azureFileShare.secretName` | The name of the secret containing the Azure file share storage account name and key | `nil` |
 `controller.azureFileShare.shareName` | The name of the Azure file share to use | `nil` |
 `controller.apisvc.type` | Controller REST API service type | `nil` |
-`controller.svc.annotations` | Add annotations to controller REST API service | `{}` |
+`controller.apisvc.annotations` | Add annotations to controller REST API service | `{}` |
 `controller.apisvc.route.enabled` | If true, create a OpenShift route to expose the Controller REST API service | `false` |
 `controller.apisvc.route.termination` | Specify TLS termination for OpenShift route for Controller REST API service. Possible passthrough, edge, reencrypt | `passthrough` |
+`controller.apisvc.route.host` | Set controller REST API service hostname | `nil` |
 `controller.certificate.secret` | Replace controller REST API certificate using secret if secret name is specified | `nil` |
 `controller.certificate.keyFile` | Replace controller REST API certificate key file | `tls.key` |
 `controller.certificate.pemFile` | Replace controller REST API certificate pem file | `tls.pem` |
-`controller.federation.mastersvc.type` | Multi-cluster master cluster service type. If specified, the deployment will be used to manage other clusters. Possible values include NodePort, LoadBalancer and Ingress.  | `nil` |
-`controller.federation.mastersvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster master cluster service | `false` |
-`controller.federation.mastersvc.route.termination` | Specify TLS termination for OpenShift route for Multi-cluster master cluster service. Possible passthrough, edge, reencrypt | `passthrough` |
-`controller.federation.managedsvc.type` | Multi-cluster managed cluster service type. If specified, the deployment will be managed by the master clsuter. Possible values include NodePort, LoadBalancer and Ingress. | `nil` |
-`controller.federation.mastersvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster managed cluster service | `false` |
-`controller.federation.mastersvc.route.termination` | Specify TLS termination for OpenShift route for Multi-cluster managed cluster service. Possible passthrough, edge, reencrypt | `passthrough` |
+`controller.federation.mastersvc.type` | Multi-cluster primary cluster service type. If specified, the deployment will be used to manage other clusters. Possible values include NodePort, LoadBalancer and Ingress.  | `nil` |
+`controller.federation.mastersvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster primary cluster service | `false` |
+`controller.federation.mastersvc.route.host` | Set OpenShift route host for primary cluster service | `nil` |
+`controller.federation.mastersvc.route.termination` | Specify TLS termination for OpenShift route for Multi-cluster primary cluster service. Possible passthrough, edge, reencrypt | `passthrough` |
+`controller.federation.managedsvc.type` | Multi-cluster managed cluster service type. If specified, the deployment will be managed by the managed clsuter. Possible values include NodePort, LoadBalancer and Ingress. | `nil` |
+`controller.federation.managedsvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster managed cluster service | `false` |
+`controller.federation.managedsvc.route.host` | Set OpenShift route host for manageed service | `nil` |
+`controller.federation.managedsvc.route.termination` | Specify TLS termination for OpenShift route for Multi-cluster managed cluster service. Possible passthrough, edge, reencrypt | `passthrough` |
 `controller.ingress.enabled` | If true, create ingress for rest api, must also set ingress host value | `false` | enable this if ingress controller is installed
 `controller.ingress.host` | Must set this host value if ingress is enabled | `nil` |
 `controller.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
@@ -117,6 +120,7 @@ Parameter | Description | Default | Notes
 `manager.svc.loadBalancerIP` | if manager service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` |
 `manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](values.yaml)
 `manager.route.enabled` | If true, create a OpenShift route to expose the management consol service | `true` |
+`manager.route.host` | Set OpenShift route host for management consol service | `nil` |
 `manager.route.termination` | Specify TLS termination for OpenShift route for management consol service. Possible passthrough, edge, reencrypt | `passthrough` |
 `manager.certificate.secret` | Replace manager UI certificate using secret if secret name is specified | `nil` |
 `manager.certificate.keyFile` | Replace manager UI certificate key file | `tls.key` |

charts/core/templates/controller-ingress.yaml

@@ -178,7 +178,7 @@ spec:
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
-  name: neuvector-fedmanaged-ingress
+  name: neuvector-managedsvc-ingress
   namespace: {{ .Release.Namespace }}
 {{- with .Values.controller.federation.managedsvc.ingress.annotations }}
   annotations:
@@ -207,4 +207,4 @@ spec:
           servicePort: 10443
 {{- end }}
 {{- end }}
-{{- end -}}
+{{- end -}}

charts/core/templates/controller-route.yaml

@@ -14,6 +14,9 @@ metadata:
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 spec:
+{{- if .Values.controller.apisvc.route.host }}
+  host: {{ .Values.controller.apisvc.route.host }}
+{{- end }}
   to:
     kind: Service
     name: neuvector-svc-controller-api
@@ -38,6 +41,9 @@ metadata:
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 spec:
+{{- if .Values.controller.federation.mastersvc.route.host }}
+  host: {{ .Values.controller.federation.mastersvc.route.host }}
+{{- end }}
   to:
     kind: Service
     name: neuvector-svc-controller-fed-master
@@ -62,6 +68,9 @@ metadata:
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 spec:
+{{- if .Values.controller.federation.managedsvc.route.host }}
+  host: {{ .Values.controller.federation.managedsvc.route.host }}
+{{- end }}
   to:
     kind: Service
     name: neuvector-svc-controller-fed-managed

charts/core/templates/manager-route.yaml

@@ -14,6 +14,9 @@ metadata:
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 spec:
+{{- if .Values.manager.route.host }}
+  host: {{ .Values.manager.route.host }}
+{{- end }}
   to:
     kind: Service
     name: neuvector-service-webui

charts/core/values.yaml

@@ -31,7 +31,7 @@ controller:
     route:
       enabled: false
       termination: passthrough
-      # API Ingress
+      host:
   pvc:
     enabled: false
     accessModes:
@@ -63,6 +63,7 @@ controller:
       route:
         enabled: false
         termination: passthrough
+        host:
     managedsvc:
       type:
       # Federation Managed Ingress
@@ -79,6 +80,7 @@ controller:
       route:
         enabled: false
         termination: passthrough
+        host:
   ingress:
     enabled: false
     host:  # MUST be set, if ingress is enabled
@@ -147,6 +149,7 @@ manager:
   route:
     enabled: true
     termination: passthrough
+    host:
   certificate:
     secret:
     keyFile: tls.key

test/ingress_test.go

@@ -7,21 +7,22 @@ import (
 	extv1beta1 "k8s.io/api/extensions/v1beta1"
 )
 
-func TestIngress(t *testing.T) {
+func TestIngressController(t *testing.T) {
 	helmChartPath := "../charts/core"
 
 	options := &helm.Options{
 		SetValues: map[string]string{
-			"controller.ingress.enabled": "true",
-			"manager.ingress.enabled":    "true",
+			"controller.ingress.enabled":                       "true",
+			"controller.federation.mastersvc.ingress.enabled":  "true",
+			"controller.federation.managedsvc.ingress.enabled": "true",
 		},
 	}
 
 	// Test ingress
-	out := helm.RenderTemplate(t, options, helmChartPath, []string{"templates/ingress.yaml"})
+	out := helm.RenderTemplate(t, options, helmChartPath, []string{"templates/controller-ingress.yaml"})
 	outs := splitYaml(out)
 
-	if len(outs) != 2 {
+	if len(outs) != 3 {
 		t.Errorf("Resource count is wrong. count=%v\n", len(outs))
 	}
 
@@ -31,18 +32,22 @@ func TestIngress(t *testing.T) {
 
 		switch i {
 		case 0:
-			if ing.Name != "neuvector-webui-ingress" {
+			if ing.Name != "neuvector-restapi-ingress" {
 				t.Errorf("Ingress name is wrong. name=%v\n", ing.Name)
 			}
 		case 1:
-			if ing.Name != "neuvector-restapi-ingress" {
+			if ing.Name != "neuvector-mastersvc-ingress" {
+				t.Errorf("Ingress name is wrong. name=%v\n", ing.Name)
+			}
+		case 2:
+			if ing.Name != "neuvector-managedsvc-ingress" {
 				t.Errorf("Ingress name is wrong. name=%v\n", ing.Name)
 			}
 		}
 	}
 }
 
-func TestIngressManagerOnly(t *testing.T) {
+func TestIngressManager(t *testing.T) {
 	helmChartPath := "../charts/core"
 
 	options := &helm.Options{
@@ -52,7 +57,7 @@ func TestIngressManagerOnly(t *testing.T) {
 	}
 
 	// Test ingress
-	out := helm.RenderTemplate(t, options, helmChartPath, []string{"templates/ingress.yaml"})
+	out := helm.RenderTemplate(t, options, helmChartPath, []string{"templates/manager-ingress.yaml"})
 	outs := splitYaml(out)
 
 	if len(outs) != 1 {