Implement Nginx-Ingress and Cert-Manager (using Helm) as Optional Add…

…-ons

pillar/cluster_config.sls

@@ -66,3 +66,10 @@ kubernetes:
       version: v0.8.1
       protocol: layer2
       addresses: 10.100.0.0/24
+    nginx-ingress:
+      enable: false 
+      version: 0.26.1
+      service-type: LoadBalancer
+    cert-manager:
+      enable: false
+      version: v0.11.0

post_install/setup.sh

@@ -13,30 +13,58 @@ sleep 15
 # CoreDNS
 kubectl create -f coredns.yaml
 sleep 5
+
 # Kubernetes Dashboard
 kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/{{ DASHBOARD_VERSION }}/aio/deploy/recommended.yaml
 
+# Helm 
+wget https://kubernetes-helm.storage.googleapis.com/helm-{{ HELM_VERSION }}-linux-amd64.tar.gz
+tar -zxvf helm-{{ HELM_VERSION }}-linux-amd64.tar.gz
+mv linux-amd64/helm /usr/local/bin/helm
+rm -r linux-amd64/ && rm -r helm-{{ HELM_VERSION }}-linux-amd64.tar.gz
+
+kubectl create serviceaccount tiller --namespace kube-system
+kubectl apply -f rbac-tiller.yaml
+helm init --service-account tiller --output yaml | sed 's@apiVersion: extensions/v1beta1@apiVersion: apps/v1@' | sed 's@  replicas: 1@  replicas: 1\n  selector: {"matchLabels": {"app": "helm", "name": "tiller"}}@' | kubectl apply -f -
+sleep 10
+
+# MetalLB
 {% set METALLB_ENABLE = salt['pillar.get']('kubernetes:global:metallb:enable') -%}
 {% set METALLB_VERSION = salt['pillar.get']('kubernetes:global:metallb:version') -%}
 {% if METALLB_ENABLE == true -%}
-# MetalLB
 kubectl apply -f https://raw.githubusercontent.com/google/metallb/{{ METALLB_VERSION }}/manifests/metallb.yaml
 kubectl apply -f metallb-configmap.yaml
 {% endif %}
 
-#kubectl create -f heapster-rbac.yaml
-#kubectl create -f influxdb.yaml
-#kubectl create -f grafana.yaml
-#kubectl create -f heapster.yaml
+# Nginx-Ingress
+{% set NGINX_ENABLE = salt['pillar.get']('kubernetes:global:nginx-ingress:enable') -%}
+{% set NGINX_VERSION = salt['pillar.get']('kubernetes:global:nginx-ingress:version') -%}
+{% set NGINX_SVC = salt['pillar.get']('kubernetes:global:nginx-ingress:service-type') -%}
 
-wget https://kubernetes-helm.storage.googleapis.com/helm-{{ HELM_VERSION }}-linux-amd64.tar.gz
-tar -zxvf helm-{{ HELM_VERSION }}-linux-amd64.tar.gz
-mv linux-amd64/helm /usr/local/bin/helm
-rm -r linux-amd64/ && rm -r helm-{{ HELM_VERSION }}-linux-amd64.tar.gz
+{% if NGINX_ENABLE == true -%}
+helm install \
+  --namespace nginx-ingress \
+  --name nginx-ingress \
+  --set controller.image.tag={{NGINX_VERSION}} \
+  --set controller.service.type={{NGINX_VERSION}} \  
+  stable/nginx-ingress
+{% endif %}
+
+#Cert-Manager (Helm)
+{% set CERT_MANAGER_ENABLE = salt['pillar.get']('kubernetes:global:cert-manager:enable') -%}
+{% set CERT_MANAGER_VERSION = salt['pillar.get']('kubernetes:global:cert-manager:version') -%}
+{% if CERT_MANAGER_ENABLE == true -%}
+kubectl apply --validate=false -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.11/deploy/manifests/00-crds.yaml
+kubectl create namespace cert-manager
+helm repo add jetstack https://charts.jetstack.io
+helm repo update
+helm install \
+  --name cert-manager \
+  --namespace cert-manager \
+  --version {{ CERT_MANAGER_VERSION }} \
+  jetstack/cert-manager
+{% endif %}
 
-kubectl create serviceaccount tiller --namespace kube-system
-kubectl apply -f rbac-tiller.yaml
-helm init --service-account tiller --output yaml | sed 's@apiVersion: extensions/v1beta1@apiVersion: apps/v1@' | sed 's@  replicas: 1@  replicas: 1\n  selector: {"matchLabels": {"app": "helm", "name": "tiller"}}@' | kubectl apply -f -
 
 sleep 2
 echo ""