added traefik and utility to create ingress functions

Author: pilillo

infrastructure/components/ambassador/README.md

@@ -0,0 +1,69 @@
+# Ambassador
+Ambassador is an open source API gateway for Kubernetes, built on the Envoy proxy.  
+
+## 1. Installation
+This component uses Helm to install Ambassador.
+Ambassador is exposed by default as LoadBalancer service. While this resource can be requested on a cloud-provided cluster, this is generally not available on bare metal clusters (since LoadBalancers are lower-level network resources), such as minikube and 
+microk8s. For those, Ambassador can be set to use NodePort. Alternatively, the component [metallb](https://github.com/data-mill-cloud/data-mill/tree/master/infrastructure/components/metallb) can be installed to allocate a local IP and a load balancer as requested 
+by Ambassador.
+
+## 2. Getting started
+A getting started guide to Ambassador is provided [here](https://www.getambassador.io/user-guide/getting-started/).
+As mentioned in the example, every service that wants to be accessible through Ambassador from outside the cluster needs to define an annotation of kind:
+```
+apiVersion: v1
+kind: Service
+metadata:
+  name: qotm
+  annotations:
+    getambassador.io/config: |
+      ---
+      apiVersion: ambassador/v0
+      kind:  Mapping
+      name:  qotm_mapping
+      prefix: /qotm/
+      service: qotm
+spec:
+  selector:
+    app: qotm
+  ports:
+  - port: 80
+    name: http-qotm
+    targetPort: http-api
+```
+Ambassador continuously monitors the cluster for those annotations and is able to add or change routing rules for annotated services.  
+
+## 3. Ingress controllers Vs. Ambassador
+Distributing routing rules on the individual components as opposed to a centralised configuration, is in fact similar to the concept of [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/), where a central [Ingress 
+controller](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-controllers) seeks for Ingress Resources, i.e. a Kubernetes resource that wraps a Service to specify its routing information.
+Although still in Beta, Ingress is a core Kubernetes concept, and as such it can benefit of kubectl and all other typical K8s resource management tools.
+In addition, certain cloud providers such as GCE/GKE deploy an Ingress controller on the master, while on on-premise clusters a controller should be explicitly deployed.  
+
+There exist multiple Ingress controllers, such as based on [Istio](https://istio.io/docs/tasks/traffic-management/ingress/), [nginx](https://www.nginx.com/products/nginx/kubernetes-ingress-controller) and [Traefik](https://docs.traefik.io/user-guide/kubernetes/).
+As mentioned in the Ingress documentation, we can easily add an Ingress resource for a Service:
+```
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: test-ingress
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+  rules:
+  - http:
+      paths:
+      - path: /testpath
+        backend:
+          serviceName: test
+          servicePort: 80
+```
+
+A cluster can simultaneously run multiple ingress controllers. In this case, when creating an ingress the target ingress controller has to be specified using the specific `ingress.class`, or a default one may be used otherwise.
+Ideally, all Ingress controllers should respect the basic ingress resource definition, though they may operate slightly differently for certain functionalities.  
+
+If you are looking for an Ingress controller, mind that Ambassador provides a superset of a typical controller's functionalities.
+[This blog post](https://blog.getambassador.io/kubernetes-ingress-nodeport-load-balancers-and-ingress-controllers-6e29f1c44f2d) explains differences, while [this section](https://www.getambassador.io/concepts/developers/#ingress-resources) of Ambassador 
+documentation explains why Ambassador does not support Ingress resources.
+
+Among others, Ambassador is [used in the Kubeflow project](https://kubernetes.io/blog/2018/06/07/dynamic-ingress-in-kubernetes/) to manage routing with Kubernetes annotations. This way, Kubeflow redirects all external traffic to Ambassador that does forward to the 
+individual service for each request.

infrastructure/components/ambassador/ambassador_config.yaml

@@ -40,9 +40,6 @@ service:
          diagnostics:
            # NB. set to false to remove diagnostic on a production setup
            enabled: true
-           # added for test
-           redirect_cleartext_from: 80
-           service_port: 443
   # loadBalancerSourceRanges:
   #   - YOUR_IP_RANGE
 

…nts/grafana/grafana_config_template.yaml …e/components/grafana/grafana_config.yamlinfrastructure/components/grafana/grafana_config_template.yaml renamed to infrastructure/components/grafana/grafana_config.yaml infrastructure/components/grafana/grafana_config_template.yaml renamed to infrastructure/components/grafana/grafana_config.yaml

@@ -74,15 +74,15 @@ chownDataImage:
 service:
   type: ClusterIP
   port: 80
-  annotations:
-    getambassador.io/config: |
-      ---
-      apiVersion: ambassador/v0
-      kind:  Mapping
-      name:  release-name_mapping
-      prefix: /release-name
-      service: release-name
-      #.k8s-namespace:80
+  annotations: {}
+  #  getambassador.io/config: |
+  #    ---
+  #    apiVersion: ambassador/v1
+  #    kind: Mapping
+  #    name: release-name_mapping
+  #    #host: release-name.k8s-namespace.local
+  #    prefix: /release-name
+  #    service: release-name
   # {}
   labels: {}
 
@@ -92,7 +92,7 @@ ingress:
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
   labels: {}
-  path: /
+  path: /release-name
   hosts:
     - chart-example.local
   tls: []

infrastructure/components/grafana/setup.sh

@@ -15,15 +15,16 @@ if [ -z "$ACTION" ] || [ "$ACTION" != "install" ] && [ "$ACTION" != "delete" ];t
         echo "usage: $0 {'install' | 'delete'}";
         exit 1
 elif [ "$ACTION" = "install" ]; then
-	# replace release name to map to the right service
-	sed -e "s/release-name/${cfg__grafana__release}/g" -e "s/k8s-namespace/${cfg__project__k8s_namespace}/g" $file_folder/${cfg__grafana__config_file/.yaml/_template.yaml} > $file_folder/$cfg__grafana__config_file
+	#sed -e "s/release-name/${cfg__grafana__release}/g" \
+	# -e "s/k8s-namespace/${cfg__project__k8s_namespace}/g" \
+	#$file_folder/${cfg__grafana__config_file/.yaml/_template.yaml} > $file_folder/$cfg__grafana__config_file
 
 	helm upgrade $cfg__grafana__release stable/grafana \
 	 --namespace $cfg__project__k8s_namespace \
 	 --values $file_folder/$cfg__grafana__config_file \
 	 --install --force
 
-	rm $file_folder/$cfg__grafana__config_file
+	#rm $file_folder/$cfg__grafana__config_file
 else
 	helm delete $cfg__grafana__release --purge
 fi

…nents/kibana/kibana_config_template.yaml …ure/components/kibana/kibana_config.yamlinfrastructure/components/kibana/kibana_config_template.yaml renamed to infrastructure/components/kibana/kibana_config.yaml infrastructure/components/kibana/kibana_config_template.yaml renamed to infrastructure/components/kibana/kibana_config.yaml

@@ -48,17 +48,16 @@ service:
   ## Default: nil
   ##
   # loadBalancerIP: 10.2.2.2
-  annotations:
+  annotations: {}
     # Annotation example: setup ssl with aws cert when service.type is LoadBalancer
     # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-1:EXAMPLE_CERT
-    getambassador.io/config: |
-      ---
-      apiVersion: ambassador/v0
-      kind:  Mapping
-      name:  release-name_mapping
-      prefix: /release-name
-      service: release-name
-      #.k8s-namespace:443
+    #getambassador.io/config: |
+    #  ---
+    #  apiVersion: ambassador/v1
+    #  kind:  Mapping
+    #  name:  release-name_mapping
+    #  prefix: /release-name
+    #  service: release-name:443
   labels: {}
     ## Label example: show service URL in `kubectl cluster-info`
     # kubernetes.io/cluster-service: "true"

infrastructure/components/kibana/setup.sh

@@ -15,15 +15,18 @@ if [ -z "$ACTION" ] || [ "$ACTION" != "install" ] && [ "$ACTION" != "delete" ];t
         echo "usage: $0 {'install' | 'delete'}";
         exit 1
 elif [ "$ACTION" = "install" ]; then
-	# installing a standalone kibana component
-	sed -e "s/release-name/${cfg__kibana__release}/g" -e "s/k8s-namespace/${cfg__project__k8s_namespace}/g" $file_folder/${cfg__kibana__config_file/.yaml/_template.yaml} > $file_folder/$cfg__kibana__config_file
+	# to be used to define an annotation for Ambassador
+	#sed -e "s/release-name/${cfg__kibana__release}/g" \
+	#-e "s/k8s-namespace/${cfg__project__k8s_namespace}/g" \
+	#$file_folder/${cfg__kibana__config_file/.yaml/_template.yaml} > $file_folder/$cfg__kibana__config_file
 
+	# installing a standalone kibana component
 	helm upgrade $cfg__kibana__release stable/kibana \
 	 --namespace $cfg__project__k8s_namespace \
 	 --values $file_folder/$cfg__kibana__config_file \
 	 --install --force
 
-	rm $file_folder/$cfg__kibana__config_file
+	#rm $file_folder/$cfg__kibana__config_file
 else
 	helm delete --purge $cfg__kibana__release
 fi

infrastructure/components/traefik/README.md

@@ -0,0 +1,52 @@
+# Traefik 
+[Traefik](https://docs.traefik.io/) is an HTTP reverse proxy, load balancer and Ingress Controller for Kubernetes.
+
+![](https://docs.traefik.io/img/architecture.png)
+
+# 1. Installation
+This component installs Traefik using the community provided [Helm chart](https://github.com/helm/charts/tree/master/stable/traefik).
+
+# 2. Writing an Ingress
+Traefik can be used as Ingress controller to expose cluster services (typically HTTP and HTTPS) to the outside.
+
+As defined in the [official Traefik documentation](https://docs.traefik.io/user-guide/kubernetes/),
+ a basic Ingress can be defined for a Service as:
+```
+apiVersion: v1
+kind: Service
+metadata:
+  name: traefik-web-ui
+  namespace: kube-system
+spec:
+  selector:
+    k8s-app: traefik-ingress-lb
+  ports:
+  - name: web
+    port: 80
+    targetPort: 8080
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: traefik-web-ui
+  namespace: kube-system
+  annotations:
+    kubernetes.io/ingress.class: traefik
+spec:
+  rules:
+  - host: traefik-ui.minikube
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: traefik-web-ui
+          servicePort: 80
+```
+The example exposes the traefik web UI adding a route for `/`.
+For it is possible to run multiple ingress controllers on the same cluster, the annotation `kubernetes.io/ingress.class: traefik` specifies which one to use.
+
+Also, if you restrict access to the resource from a specific host, i.e. traefik-ui.minikube, you have to make sure the host is reachable from DNS.
+For a local cluster such as minikube and microk8s one can do:
+* *minikube* - `echo "$(minikube ip) traefik-ui.minikube" | sudo tee -a /etc/hosts`
+* *microk8s* - `microk8s.kubectl config view | grep server: | awk 'print $2' | sudo tee -a /etc/hosts`
+* *any* - `kubectl config view | grep server: | awk 'print $2' | sudo tee -a /etc/hosts`

infrastructure/components/traefik/config.yaml

@@ -0,0 +1,7 @@
+traefik:
+  release: traefik
+  config_file: traefik_config.yaml
+  # if set use this namespace instead of the application default one
+  #k8s_namespace: kube-system
+  # if no host is set, then $(hostname --long) is used
+  #host:

infrastructure/components/traefik/setup.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+fullpath=$(readlink --canonicalize --no-newline $BASH_SOURCE)
+file_folder=$(dirname $fullpath)
+
+# load local yaml config
+# if -f was given and the file exists use it, otherwise fallback to the specified component default config
+COMPONENT_CONFIG=$(file_exists "$file_folder/$CONFIG_FILE" "$file_folder/$cfg__project__component_default_config")
+eval $(parse_yaml $COMPONENT_CONFIG "cfg__")
+
+# use if set or a string argument otherwise
+ACTION=${ACTION:=$1}
+
+if [ -z "$ACTION" ] || [ "$ACTION" != "install" ] && [ "$ACTION" != "delete" ];then
+        echo "usage: $0 {'install' | 'delete'}";
+        exit 1
+elif [ "$ACTION" = "install" ]; then
+	helm repo update
+
+	# use the global namespace if no specific one is set
+	traefik_ns=${cfg__traefik__k8s_namespace:=$cfg__project__k8s_namespace}
+
+	# use the local hostname if no host is set
+	app_host=$(hostname --long)
+	app_host=${cfg__traefik__host:=$app_host}
+
+	# install traefik chart
+	helm upgrade $cfg__traefik__release stable/traefik \
+	 --namespace $traefik_ns \
+	 --values $file_folder/$cfg__traefik__config_file \
+	 --install --force
+
+	# unset vars
+	unset traefik_ns
+	unset app_host
+else
+	helm delete $cfg__traefik__release --purge
+fi