feat: add support for multi-server installation

gravitee-io · Mar 25, 2024 · 41bc1ac · 41bc1ac
1 parent 86f0de0
commit 41bc1ac
Show file tree

Hide file tree

Showing 11 changed files with 375 additions and 7 deletions.
diff --git a/helm/CHANGELOG.md b/helm/CHANGELOG.md
@@ -3,6 +3,10 @@
 
 This file documents all notable changes to [Gravitee.io API Management 3.x](https://github.com/gravitee-io/helm-charts/tree/master/apim/3.x) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
 
+### 4.4.0
+
+- Add support for multi-server installation
+
 ### 4.3.0
 
 - Added "gateway.services.core.http.ssl.keystore.password"

diff --git a/helm/Chart.yaml b/helm/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
 name: apim
 # Also update CHANGELOG.md
-version: 4.3.0
-appVersion: 4.3.0
+version: 4.4.0
+appVersion: 4.4.0
 description: Official Gravitee.io Helm chart for API Management
 home: https://gravitee.io
 sources:

diff --git a/helm/templates/gateway/gateway-configmap.yaml b/helm/templates/gateway/gateway-configmap.yaml
@@ -25,6 +25,83 @@ data:
   {{- if not (include "gateway.externalConfig" .)}}
   gravitee.yml: |
     # Gateway HTTP server
+    {{- if .Values.gateway.servers }}
+    # add support for multi-servers (both http and tcp)
+    servers:
+      {{- range $i, $server := .Values.gateway.servers }}
+      - type: {{ $server.type }}
+        port: {{ $server.port }}
+        host: 0.0.0.0
+        {{- if $server.idleTimeout }}
+        idleTimeout: {{ $server.idleTimeout }}
+        {{- end }}
+        {{- if $server.tcpKeepAlive }}
+        tcpKeepAlive: {{ $server.tcpKeepAlive }}
+        {{- end }}
+        {{- if $server.compressionSupported }}
+        compressionSupported: {{ $server.compressionSupported }}
+        {{- end }}
+        {{- if $server.instances }}
+        instances: {{ $server.instances }}
+        {{- end }}
+        {{- if $server.requestTimeout }}
+        requestTimeout: {{ $server.requestTimeout }}
+        {{- end }}
+        {{- if $server.requestTimeoutGraceDelay }}
+        requestTimeoutGraceDelay: {{ $server.requestTimeoutGraceDelay }}
+        {{- end }}
+        {{- if $server.maxHeaderSize }}
+        maxHeaderSize: {{ $server.maxHeaderSize }}
+        {{- end }}
+        {{- if $server.maxChunkSize }}
+        maxChunkSize: {{ $server.maxChunkSize }}
+        {{- end }}
+        {{- if $server.maxInitialLineLength }}
+        maxInitialLineLength: {{ $server.maxInitialLineLength }}
+        {{- end }}
+        {{- if $server.maxFormAttributeSize }}
+        maxFormAttributeSize: {{ $server.maxFormAttributeSize }}
+        {{- end }}
+        {{- if $server.alpn }}
+        alpn: {{ $server.alpn | default "true" }}
+        {{- end }}
+        {{- if $server.ssl }}
+        secured: true
+        ssl:
+          keystore:
+            {{- if $server.ssl.keystore.type }}
+            type: {{ $server.ssl.keystore.type }}
+            {{- end }}
+            {{- if $server.ssl.keystore.path }}
+            path: {{ $server.ssl.keystore.path }}
+            {{- end }}
+            {{- if $server.ssl.keystore.password }}
+            password: {{ $server.ssl.keystore.password | quote }}
+            {{- end }}
+            {{- if $server.ssl.keystore.kubernetes }}
+            kubernetes: {{ $server.ssl.keystore.kubernetes }}
+            {{- end }}
+            {{- if hasKey $server.ssl.keystore "watch" }}
+            watch: {{ $server.ssl.keystore.watch }}
+            {{- end }}
+          clientAuth: {{ $server.ssl.clientAuth }}
+          {{- if $server.ssl.truststore }}
+          truststore:
+            {{- if $server.ssl.truststore.type }}
+            type: {{ $server.ssl.truststore.type }}
+            {{- end }}
+            path: {{ $server.ssl.truststore.path }}
+            password: {{ $server.ssl.truststore.password | quote }}
+          {{- end }}
+          {{- if $server.ssl.sni }}
+          sni: true
+          {{- end }}
+        {{- end }}
+        {{- if $server.websocket }}
+        websocket: {{ toYaml $server.websocket | nindent 10 }}
+        {{- end }}
+    {{- end }}
+    {{- else }}
     http:
       port: {{ .Values.gateway.service.internalPort }}
       host: 0.0.0.0
@@ -73,6 +150,7 @@ data:
       {{- end }}
       websocket:
         enabled: {{ .Values.gateway.websocket }}
+    {{- end }}
     management:
     {{- if .Values.gateway.dbLess }}
       type: {{ "none" }}

diff --git a/helm/templates/gateway/gateway-deployment.yaml b/helm/templates/gateway/gateway-deployment.yaml
@@ -128,8 +128,15 @@ spec:
           imagePullPolicy: {{ .Values.gateway.image.pullPolicy }}
           securityContext: {{ toYaml .Values.gateway.deployment.securityContext | nindent 12 }}
           ports:
+            {{- if .Values.gateway.servers }}
+            {{- range $i, $server := .Values.gateway.servers }}
+            - name: {{ printf "%s-%d" $server.type $i}}
+              containerPort: {{ $server.port }}
+            {{- end }}
+            {{- else }}
             - name: {{ .Values.gateway.service.internalPortName }}
               containerPort: {{ .Values.gateway.service.internalPort }}
+            {{- end }}
             {{- if .Values.gateway.services.bridge.enabled }}
             - name: {{ printf "%s-%s" (.Values.gateway.name | trunc 8 | trimSuffix "-") "bridge" }}
               containerPort: {{ .Values.gateway.services.bridge.service.internalPort }}

diff --git a/helm/templates/gateway/gateway-ingress.yaml b/helm/templates/gateway/gateway-ingress.yaml
@@ -1,10 +1,70 @@
-{{- if .Values.gateway.enabled -}}
-{{- if .Values.gateway.ingress.enabled -}}
+{{- if and .Values.gateway.enabled (not .Values.gateway.ingressController.enabled) -}}
 {{- $serviceGWName := include "gravitee.gateway.fullname" . -}}
+{{- $graviteeName := include "gravitee.name" . -}}
 {{- $serviceGWPort := .Values.gateway.service.externalPort -}}
 {{- $ingressPath   := .Values.gateway.ingress.path -}}
 {{- $ingressPathType   := .Values.gateway.ingress.pathType -}}
 {{- $apiVersion := include "common.capabilities.ingress.apiVersion" . -}}
+{{- $supportsIngressClassname := include "common.ingress.supportsIngressClassname" . -}}
+{{- if .Values.gateway.servers }}
+{{- range $i, $server := .Values.gateway.servers }}
+{{- if and $server.ingress $server.ingress.enabled }}
+---
+apiVersion: {{ $apiVersion }}
+kind: Ingress
+metadata:
+  name: {{ printf "%s-%d" $serviceGWName $i }}
+  labels:
+    app.kubernetes.io/name: {{ $graviteeName }}
+    app.kubernetes.io/instance: {{ $.Release.Name }}
+    app.kubernetes.io/version: {{ $.Values.gateway.image.tag | default $.Chart.AppVersion | quote }}
+    app.kubernetes.io/component: "{{ $.Values.gateway.name }}"
+    app.kubernetes.io/managed-by: {{ $.Release.Service }}
+    helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }}
+    {{- if and $.Values.common $.Values.common.labels }}
+    {{- range $key, $value := $.Values.common.labels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+    {{- end }}
+  annotations:
+    {{- if $server.ingress.annotations }}
+    {{- include "common.ingress.annotations.render" (dict "annotations" $server.ingress.annotations "ingressClassName" $server.ingress.ingressClassName "openshift" $.Values.openshift "context" $) | nindent 4 }}
+    {{- end }}
+    {{- if and $.Values.common $.Values.common.annotations }}
+    {{- range $key, $value := $.Values.common.annotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+    {{- end }}
+spec:
+  {{- if and (eq $supportsIngressClassname "true") ($server.ingress.ingressClassName) (ne $server.ingress.ingressClassName "none") }}
+  ingressClassName: {{ $server.ingress.ingressClassName | quote }}
+  {{- end }}
+  rules:
+  {{- range $host := $server.ingress.hosts }}
+  - host: {{ $host | quote }}
+    http:
+      paths:
+      - pathType: {{ $server.ingress.pathType }}
+        path: {{ $server.ingress.path }}
+        backend:
+      {{- if (eq $apiVersion "networking.k8s.io/v1") }}
+          service:
+            name: {{ $serviceGWName }}
+            port:
+              number: {{ $server.port }}
+      {{ else }}
+          serviceName: {{ $serviceGWName }}
+          servicePort: {{ $server.port }}
+      {{- end -}}
+  {{- end -}}
+  {{- if $server.ingress.tls }}
+  tls:
+{{ toYaml $server.ingress.tls | indent 4 }}
+{{- end -}}
+{{- end }}
+{{- end }}
+{{- else }}
+{{- if .Values.gateway.ingress.enabled -}}
 apiVersion: {{ $apiVersion }}
 kind: Ingress
 metadata:
@@ -57,4 +117,5 @@ spec:
 {{ toYaml .Values.gateway.ingress.tls | indent 4 }}
   {{- end -}}
 {{- end -}}
+{{- end }}
 {{- end -}}
diff --git a/helm/templates/gateway/gateway-service.yaml b/helm/templates/gateway/gateway-service.yaml
@@ -1,4 +1,6 @@
 {{- if .Values.gateway.enabled -}}
+{{- $gatewayName := .Values.gateway.name | trunc 63 | trimSuffix "-"}}
+{{- $appPrototcolSupported := (include "common.service.supportsAppProtocol" .)}}
 apiVersion: v1
 kind: Service
 metadata:
@@ -35,6 +37,24 @@ spec:
   externalTrafficPolicy: {{ .Values.gateway.service.externalTrafficPolicy }}
   {{- end }}
   ports:
+    {{- if .Values.gateway.servers }}
+    {{- range $i, $server := .Values.gateway.servers }}
+    - port: {{ $server.service.externalPort }}
+      targetPort: {{ $server.port }}
+      {{- if eq $server.service.type "NodePort" }}
+      {{- if $server.service.nodePort }}
+      nodePort: {{ $server.service.nodePort }}
+      {{- end }}
+      {{- end }}
+      protocol: TCP
+      {{- if $appPrototcolSupported }}
+      {{ if $server.service.appProtocol }}
+      appProtocol: {{ $server.service.appProtocol }}
+      {{ end }}
+      {{- end }}
+      name: {{ printf "%s-%d" ($gatewayName | trunc 60 | trimSuffix "-") $i}}
+    {{- end }}
+    {{- else }}
     - port: {{ .Values.gateway.service.externalPort }}
       targetPort: {{ .Values.gateway.service.internalPort }}
       {{- if eq .Values.gateway.service.type "NodePort" }}
@@ -43,7 +63,7 @@ spec:
       {{- end }}
       {{- end }}
       protocol: TCP
-      {{- if (include "common.service.supportsAppProtocol" .) }}
+      {{- if $appPrototcolSupported }}
       {{ if .Values.gateway.service.appProtocol }}
       appProtocol: {{ .Values.gateway.service.appProtocol }}
       {{ else if .Values.gateway.ssl.enabled }}
@@ -52,7 +72,8 @@ spec:
       appProtocol: http
       {{ end }}
       {{- end }}
-      name: {{ .Values.gateway.name | trunc 63 | trimSuffix "-" }}
+      name: {{ $gatewayName }}
+    {{- end }}
     {{- if .Values.gateway.services.bridge.enabled }}
     - port: {{ .Values.gateway.services.bridge.service.externalPort }}
       targetPort: {{ .Values.gateway.services.bridge.service.internalPort }}

diff --git a/helm/tests/gateway/configmap_test.yaml b/helm/tests/gateway/configmap_test.yaml
@@ -21,3 +21,28 @@ tests:
                      *   type: PKCS12\n
                      *   path: /p12/keystore\n
                      *   password: password\n"
+
+  - it: Check multi server support
+    template: gateway/gateway-configmap.yaml
+    set:
+      gateway:
+        servers:
+          - type: http
+            port: 8082
+          - type: http
+            port: 8083
+          - type: tcp
+            port: 9092
+    asserts:
+      - matchRegex:
+          path: data.[gravitee.yml]
+          pattern: " *servers:\n
+                     * - type: http\n
+                     *   port: 8082\n
+                     *   host: 0.0.0.0\n
+                     * - type: http\n
+                     *   port: 8083\n
+                     *   host: 0.0.0.0\n
+                     * - type: tcp\n
+                     *   port: 9092\n
+                     *   host: 0.0.0.0\n"
diff --git a/helm/tests/gateway/deployment_test.yaml b/helm/tests/gateway/deployment_test.yaml
@@ -287,4 +287,31 @@ tests:
           value: 1002
       - equal:
           path: spec.template.spec.containers[0].securityContext.runAsNonRoot
-          value: true
+          value: true
+
+  - it: Multi-server setup
+    template: gateway/gateway-deployment.yaml
+    set:
+      gateway:
+        servers:
+          - type: http
+            port: 8080
+          - type: tcp
+            port: 9090
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: Deployment
+      - equal:
+          path: spec.template.spec.containers[0].ports[0].name
+          value: http-0
+      - equal:
+          path: spec.template.spec.containers[0].ports[0].containerPort
+          value: 8080
+      - equal:
+          path: spec.template.spec.containers[0].ports[1].name
+          value: tcp-1
+      - equal:
+          path: spec.template.spec.containers[0].ports[1].containerPort
+          value: 9090
diff --git a/helm/tests/gateway/ingress_test.yaml b/helm/tests/gateway/ingress_test.yaml
@@ -16,6 +16,15 @@ tests:
       - isEmpty:
           path: spec.ingressClassName
 
+  - it: Check Ingress not enabled if gateway is an Ingress Controller
+    set:
+      gateway:
+        ingressController:
+          enabled: true
+    asserts:
+      - hasDocuments:
+          count: 0
+
   - it: Check Ingress networking.k8s.io/v1beta1
     set:
       global:
@@ -144,3 +153,29 @@ tests:
       - equal:
           path: spec.rules[0].host
           value: "*.apim.example.com"
+
+  - it: Check multi-server, multi-service settings
+    set:
+      gateway:
+        servers:
+          - type: http
+            port: 8080
+            ingress:
+              enabled: true
+              pathType: Prefix
+              path: /test-gateway
+              hosts:
+                - apim.example.com
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: Ingress
+      - isAPIVersion:
+          of: networking.k8s.io/v1
+      - equal:
+          path: spec.rules[0].http.paths[0].pathType
+          value: Prefix
+      - equal:
+          path: spec.rules[0].http.paths[0].path
+          value: /test-gateway