Skip to content

Commit

Permalink
Merge branch dev-refact-ingress-alb-12.30 into master
Browse files Browse the repository at this point in the history 
Title: feature(ingress): add alb ingress support 

Link: https://code.aone.alibaba-inc.com/acs/cloud-provider-alibaba-cloud/codereview/7419215
  • Loading branch information
@gujingit
gujingit committed Dec 31, 2021
2 parents d2fa6dd + a84a228 commit 57df4e3
Show file tree
Hide file tree
Showing 645 changed files with 55,854 additions and 924 deletions.
7 changes: 4 additions & 3 deletions cmd/manager/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@ package main
import (
"flag"
"fmt"
"net/http"
"os"
"runtime"

"github.com/spf13/pflag"
apiext "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
utilerrors "k8s.io/apimachinery/pkg/util/errors"
Expand All @@ -16,9 +20,6 @@ import (
"k8s.io/cloud-provider-alibaba-cloud/version"
"k8s.io/klog"
"k8s.io/klog/klogr"
"net/http"
"os"
"runtime"
"sigs.k8s.io/controller-runtime/pkg/client/config"
ctrl "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/manager"
Expand Down
93 changes: 84 additions & 9 deletions docs/examples/cloud-controller-manager.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,9 @@ rules:
- services
- secrets
- endpoints
- configmaps
- serviceaccounts
- pods
verbs:
- get
- list
Expand All @@ -33,6 +35,7 @@ rules:
- ""
resources:
- services/status
- pods/status
verbs:
- update
- patch
Expand Down Expand Up @@ -61,6 +64,61 @@ rules:
- update
- create
- delete
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- update
- create
- delete
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- update
- create
- patch
- delete
- apiGroups:
- alibabacloud.com
resources:
- albconfigs
verbs:
- get
- list
- watch
- update
- create
- patch
- delete
- apiGroups:
- alibabacloud.com
resources:
- albconfigs/status
verbs:
- update
- patch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- get
- list
- watch
---
apiVersion: v1
kind: ServiceAccount
Expand All @@ -81,6 +139,20 @@ subjects:
name: cloud-controller-manager
namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: cloud-config
namespace: kube-system
data:
cloud-config.conf: |-
{
"Global": {
"accessKeyID": "$your-AccessKeyID-base64",
"accessKeySecret": "$your-AccessKeySecret-base64"
}
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
Expand Down Expand Up @@ -114,16 +186,15 @@ spec:
node-role.kubernetes.io/master: ""
containers:
- command:
- /cloud-controller-manager
- /cloud-controller-manager
- --kubeconfig=/etc/kubernetes/cloud-controller-manager.conf
- --address=127.0.0.1
- --allow-untagged-cloud=true
- --leader-elect=true
- --cloud-provider=alicloud
- --use-service-account-credentials=true
- --cloud-config=/etc/kubernetes/config/cloud-config.conf
- --configure-cloud-routes=false
- --allocate-node-cidrs=false
- --controllers=node,route,service,ingress
- --metrics-bind-addr=0
- --route-reconciliation-period=3m
- --configure-cloud-routes=true
#- --cluster-cidr=172.16.0.0/16
- --cluster-cidr=${CLUSTER_CIDR}
image: registry.cn-hangzhou.aliyuncs.com/acs/cloud-controller-manager-amd64:${ImageVersion}
livenessProbe:
failureThreshold: 8
Expand All @@ -137,7 +208,11 @@ spec:
name: cloud-controller-manager
resources:
requests:
cpu: 200m
cpu: 100m
memory: 200Mi
limits:
cpu: 1000m
memory: 2Gi
volumeMounts:
- mountPath: /etc/kubernetes/
name: k8s
Expand Down
64 changes: 63 additions & 1 deletion docs/examples/master.policy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,68 @@
"*"
],
"Effect": "Allow"
}
},
{
"Action": [
"alb:TagResources",
"alb:ListServerGroups",
"alb:ListServerGroupServers",
"alb:AddServersToServerGroup",
"alb:RemoveServersFromServerGroup",
"alb:ReplaceServersInServerGroup",
"alb:CreateLoadBalancer",
"alb:DeleteLoadBalancer",
"alb:UpdateLoadBalancerAttribute",
"alb:UpdateLoadBalancerEdition",
"alb:EnableLoadBalancerAccessLog",
"alb:DisableLoadBalancerAccessLog",
"alb:EnableDeletionProtection",
"alb:DisableDeletionProtection",
"alb:ListLoadBalancers",
"alb:GetLoadBalancerAttribute",
"alb:ListListeners",
"alb:CreateListener",
"alb:GetListenerAttribute",
"alb:UpdateListenerAttribute",
"alb:ListListenerCertificates",
"alb:AssociateAdditionalCertificatesWithListener",
"alb:DissociateAdditionalCertificatesFromListener",
"alb:DeleteListener",
"alb:CreateRule",
"alb:DeleteRule",
"alb:UpdateRuleAttribute",
"alb:CreateRules",
"alb:UpdateRulesAttribute",
"alb:DeleteRules",
"alb:ListRules",
"alb:CreateServerGroup",
"alb:DeleteServerGroup",
"alb:UpdateServerGroupAttribute",
"alb:DescribeZones"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": [
"alb.aliyuncs.com",
"logdelivery.alb.aliyuncs.com"
]
}
}
},
{
"Action": [
"yundun-cert:DescribeSSLCertificateList",
"yundun-cert:DescribeSSLCertificatePublicKeyDetail"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
5 changes: 4 additions & 1 deletion docs/getting-started.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@

## Prerequisites
- Version: kubernetes version > 1.7.2 is required.
- Version: kubernetes version > 1.7.2 is required. If using alb ingress, kubernetes version > 1.19.0 is required
- CloudNetwork: Only Alibaba Cloud VPC network is supported.


Expand Down Expand Up @@ -188,3 +188,6 @@ $ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-example-svc LoadBalancer 10.96.38.24 10.x.x.x 80:30536/TCP 38s
```

## Try With Simple ALB Ingress Example
run a sample ingress: [usage-alb.md](usage-alb.md)
Loading

0 comments on commit 57df4e3

Please sign in to comment.