Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Agent management and helm configuration #5188

Merged
merged 32 commits into from
Mar 13, 2024
Merged
Changes from 1 commit
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
2b765b3
initial agent configuration
oseoin Feb 23, 2024
6dc3f5c
Merge branch 'main' into agent-management
oseoin Feb 23, 2024
4fa0a60
Merge branch 'main' into agent-management
oseoin Feb 26, 2024
7559193
add initial tls configuration
oseoin Feb 28, 2024
42ffdae
Merge branch 'main' into agent-management
oseoin Feb 28, 2024
aff4846
helper updates for agent secrets
oseoin Feb 29, 2024
140ad70
Merge branch 'main' into agent-management
oseoin Feb 29, 2024
b7ff7e8
Merge branch 'main' into agent-management
oseoin Feb 29, 2024
19ab58c
handle missing agent
oseoin Mar 8, 2024
6953ddf
docs for new values and helper cleanup
oseoin Mar 8, 2024
83bd536
Merge branch 'main' into agent-management
oseoin Mar 8, 2024
89fba2d
add new helm args to docs
oseoin Mar 8, 2024
389b202
Merge branch 'main' into agent-management
oseoin Mar 8, 2024
df8e0d2
Merge branch 'main' into agent-management
oseoin Mar 8, 2024
5f2cb58
Merge branch 'main' into agent-management
oseoin Mar 8, 2024
17f1d24
CLI docs and helper blank line fix
oseoin Mar 12, 2024
c8d345a
Merge branch 'agent-management' of github.com:nginxinc/kubernetes-ing…
oseoin Mar 12, 2024
38acff8
Merge branch 'main' into agent-management
oseoin Mar 12, 2024
87c50d3
add examples for security monitoring
oseoin Mar 12, 2024
b00b398
remove max_request_size from examples
oseoin Mar 12, 2024
a7008fb
add missing values for agent buffers
oseoin Mar 12, 2024
96aba06
Apply docs suggestions from code review
oseoin Mar 13, 2024
9eba919
Merge branch 'main' into agent-management
oseoin Mar 13, 2024
8c5d5d3
remove redundant change
oseoin Mar 13, 2024
194398b
typo fixes, enum for agent log level
oseoin Mar 13, 2024
3c4ffc5
change default NIM connection mode to TLS enabled
oseoin Mar 13, 2024
1de48b0
add NAP symlink for agent, make agent dirs build dependent
oseoin Mar 13, 2024
457c27d
Merge branch 'main' into agent-management
oseoin Mar 13, 2024
995ccd7
only run agent NAP link when NAP installed
oseoin Mar 13, 2024
c9788bf
Merge branch 'main' into agent-management
oseoin Mar 13, 2024
61cbb9a
Merge branch 'main' into agent-management
oseoin Mar 13, 2024
b5fdc66
Merge branch 'main' into agent-management
oseoin Mar 13, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
helper updates for agent secrets
oseoin committed Feb 29, 2024
commit aff4846adfe06d8b321bc77bf7970b2568338141
71 changes: 57 additions & 14 deletions charts/nginx-ingress/templates/_helpers.tpl
Original file line number Diff line number Diff line change
@@ -58,9 +58,6 @@ helm.sh/chart: {{ include "nginx-ingress.chart" . }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- if and .Values.nginxAgent.enable (eq (.Values.nginxAgent.customConfigMap | default "") "") }}
agent-configuration-revision-hash: {{ include "nginx-ingress.agentConfiguration" . | sha1sum | trunc 8 | quote }}
{{- end }}
{{- end }}

{{/*
@@ -73,6 +70,9 @@ nsm.nginx.com/enable-ingress: "true"
nsm.nginx.com/enable-egress: "{{ .Values.nginxServiceMesh.enableEgress }}"
nsm.nginx.com/{{ .Values.controller.kind }}: {{ include "nginx-ingress.controller.fullname" . }}
{{- end }}
{{- if and .Values.nginxAgent.enable (eq (.Values.nginxAgent.customConfigMap | default "") "") }}
agent-configuration-revision-hash: {{ include "nginx-ingress.agentConfiguration" . | sha1sum | trunc 8 | quote }}
{{- end }}
{{- if .Values.controller.pod.extraLabels }}
{{ toYaml .Values.controller.pod.extraLabels }}
{{- end }}
@@ -288,10 +288,10 @@ Build the args for the service binary.
Volumes for controller.
*/}}
{{- define "nginx-ingress.volumes" -}}
{{- if or (eq (include "nginx-ingress.readOnlyRootFilesystem" .) "true" ) .Values.controller.volumes }}
{{- $volumesSet := "false" }}
volumes:
{{- end }}
{{- if eq (include "nginx-ingress.readOnlyRootFilesystem" .) "true" }}
{{- $volumesSet = "true" }}
- name: nginx-etc
emptyDir: {}
- name: nginx-cache
@@ -302,18 +302,41 @@ volumes:
emptyDir: {}
{{- end }}
{{- if .Values.controller.volumes }}
{{- $volumesSet = "true" }}
{{ toYaml .Values.controller.volumes }}
{{- end }}
{{- if .Values.nginxAgent.enable -}}
{{- $volumesSet = "true" }}
- name: agent-conf
configMap:
name: {{ include "nginx-ingress.agentConfigName" . }}
- name: agent-dynamic
emptyDir: {}
{{- if and .Values.nginxAgent.instanceManager.tls (ne (.Values.nginxAgent.instanceManager.tls.secret | default "") "") }}
- name: nginx-agent-tls
projected:
sources:
- secret:
name: {{ .Values.nginxAgent.instanceManager.tls.secret }}
{{- if .Values.nginxAgent.instanceManager.tls.caSecret }}
- secret:
name: {{ .Values.nginxAgent.instanceManager.tls.caSecret }}
{{- end }}
{{- end }}
{{- end -}}
{{- if eq $volumesSet "false" -}}
{{ toYaml list | printf " %s" }}
{{- end -}}
{{- end -}}

{{/*
Volume mounts for controller.
*/}}
{{- define "nginx-ingress.volumeMounts" -}}
{{- if or ( eq (include "nginx-ingress.readOnlyRootFilesystem" .) "true" ) .Values.controller.volumeMounts }}
{{- $volumeMountSet := "false" }}
volumeMounts:
{{- end }}
{{- if eq (include "nginx-ingress.readOnlyRootFilesystem" .) "true" }}
{{- $volumeMountSet = "true" }}
- mountPath: /etc/nginx
name: nginx-etc
- mountPath: /var/cache/nginx
@@ -323,9 +346,26 @@ volumeMounts:
- mountPath: /var/log/nginx
name: nginx-log
{{- end }}
{{- if .Values.controller.volumeMounts}}
{{- if .Values.controller.volumeMounts }}
{{- $volumeMountSet = "true" }}
{{ toYaml .Values.controller.volumeMounts }}
{{- end }}
{{- if .Values.nginxAgent.enable -}}
{{- $volumeMountSet = "true" }}
- name: agent-conf
mountPath: /etc/nginx-agent/nginx-agent.conf
subPath: nginx-agent.conf
- name: agent-dynamic
mountPath: /var/lib/nginx-agent
{{- if and .Values.nginxAgent.instanceManager.tls .Values.nginxAgent.instanceManager.tls.secret }}
- name: nginx-agent-tls
mountPath: /etc/ssl/nms
readOnly: true
{{- end }}
{{- end -}}
{{- if eq $volumeMountSet "false" -}}
{{ toYaml list | printf " %s" }}
{{- end -}}
{{- end -}}

{{- define "nginx-ingress.agentConfiguration" -}}
@@ -338,12 +378,14 @@ server:
{{- if .Values.nginxAgent.instanceManager.tls }}
tls:
enable: {{ .Values.nginxAgent.instanceManager.tls.enable | default false }}
oseoin marked this conversation as resolved.
Show resolved Hide resolved
skip_verify: {{ .Values.nginxAgent.instanceManager.tls.skipVerify | default false }}
{{- if ne .Values.nginxAgent.instanceManager.tls.caSecret "" -}}
ca: ""
skip_verify: {{ .Values.nginxAgent.instanceManager.tls.skipVerify | default false }}
{{- if ne .Values.nginxAgent.instanceManager.tls.caSecret "" }}
ca: "/etc/ssl/nms/ca.crt"
{{- end }}
{{- if ne .Values.nginxAgent.instanceManager.tls.secret "" }}
cert: "/etc/ssl/nms/tls.crt"
key: "/etc/ssl/nms/tls.key"
{{- end }}
cert: ""
key: ""
{{- end }}
features:
- registration
@@ -372,4 +414,5 @@ advanced_metrics:
staging_table_threshold: 1000
priority_table_max_size: 1000
priority_table_threshold: 1000
{{- end -}}

{{ end -}}