├── .gitignore
├── .pre-commit-config.yaml
├── .yamllint.yaml
├── Dockerfile
├── Jenkinsfile
├── README.md
├── demo.ipynb
├── docker-compose.yaml
├── helm
├── app_wo_ingress
│ ├── .helmignore
│ ├── Chart.yaml
│ ├── README.md
│ ├── templates
│ │ ├── NOTES.txt
│ │ ├── deployment.yaml
│ │ └── service.yaml
│ └── values.yaml
├── nginx-ingress
│ ├── .helmignore
│ ├── Chart.yaml
│ ├── README.md
│ ├── crds
│ │ ├── appprotect.f5.com_aplogconfs.yaml
│ │ ├── appprotect.f5.com_appolicies.yaml
│ │ ├── appprotect.f5.com_apusersigs.yaml
│ │ ├── appprotectdos.f5.com_apdoslogconfs.yaml
│ │ ├── appprotectdos.f5.com_apdospolicy.yaml
│ │ ├── appprotectdos.f5.com_dosprotectedresources.yaml
│ │ ├── externaldns.nginx.org_dnsendpoints.yaml
│ │ ├── k8s.nginx.org_globalconfigurations.yaml
│ │ ├── k8s.nginx.org_policies.yaml
│ │ ├── k8s.nginx.org_transportservers.yaml
│ │ ├── k8s.nginx.org_virtualserverroutes.yaml
│ │ └── k8s.nginx.org_virtualservers.yaml
│ ├── templates
│ │ ├── NOTES.txt
│ │ ├── _helpers.tpl
│ │ ├── controller-configmap.yaml
│ │ ├── controller-daemonset.yaml
│ │ ├── controller-deployment.yaml
│ │ ├── controller-globalconfiguration.yaml
│ │ ├── controller-hpa.yaml
│ │ ├── controller-ingress-class.yaml
│ │ ├── controller-leader-election-configmap.yaml
│ │ ├── controller-pdb.yaml
│ │ ├── controller-secret.yaml
│ │ ├── controller-service.yaml
│ │ ├── controller-serviceaccount.yaml
│ │ ├── controller-servicemonitor.yaml
│ │ ├── controller-wildcard-secret.yaml
│ │ └── rbac.yaml
│ ├── values-icp.yaml
│ ├── values-nsm.yaml
│ ├── values-plus.yaml
│ ├── values.schema.json
│ └── values.yaml
└── txtsum_chart
│ ├── .helmignore
│ ├── Chart.yaml
│ ├── Dockerfile-jenkins-k8s
│ ├── README.md
│ ├── templates
│ ├── NOTES.txt
│ ├── deployment.yaml
│ ├── gateway.yaml
│ ├── service.yaml
│ └── virtualservice.yaml
│ └── values.yaml
├── images
├── Ansibl2.png
├── Ansible.png
├── Cloud.png
├── DemoCICD.png
├── DeployGKE.png
├── ELK.png
├── GCE.png
├── GCE2.png
├── GCE4.png
├── GKE1.png
├── GKE2.png
├── GKE3.png
├── JenkinsGCE.png
├── Local.png
├── Run container app.png
├── aaa.png
├── ansible4.png
├── app run in container.png
├── demo with fastapi.png
├── demo with gradio.png
├── deploy on K8s.png
└── gafanademo.png
├── jenkins
├── Dockerfile
└── docker-compose.yaml
├── local
└── ansible
│ ├── custom_jenkins
│ └── Dockerfile
│ ├── deploy_jenkins
│ ├── create_compute_instance.yaml
│ └── deploy_jenkins.yml
│ ├── docker-compose.yaml
│ ├── inventory
│ └── requirements.txt
├── main.py
├── monitor
├── README.md
├── client.py
├── elk
│ ├── .env
│ ├── elasticsearch
│ │ ├── .dockerignore
│ │ ├── Dockerfile
│ │ └── config
│ │ │ └── elasticsearch.yml
│ ├── elk-docker-compose.yml
│ ├── extensions
│ │ ├── README.md
│ │ └── filebeat
│ │ │ ├── .dockerignore
│ │ │ ├── Dockerfile
│ │ │ ├── README.md
│ │ │ ├── config
│ │ │ └── filebeat.yml
│ │ │ └── filebeat-compose.yml
│ ├── kibana
│ │ ├── .dockerignore
│ │ ├── Dockerfile
│ │ └── config
│ │ │ └── kibana.yml
│ ├── run_env
│ │ └── .gitkeep
│ └── setup
│ │ ├── .dockerignore
│ │ ├── .gitignore
│ │ ├── Dockerfile
│ │ ├── entrypoint.sh
│ │ ├── helpers.sh
│ │ └── roles
│ │ └── logstash_writer.json
├── grafana
│ ├── config
│ │ ├── dashboards.yaml
│ │ └── datasources.yaml
│ └── dashboards
│ │ └── 1860_rev31.json
├── metric.py
├── prom-graf-docker-compose.yaml
├── prometheus
│ └── config
│ │ ├── alert-rules.yml
│ │ └── prometheus.yml
└── requirements.txt
├── requirements.txt
└── terraform
├── .terraform
└── providers
│ └── registry.terraform.io
│ └── hashicorp
│ └── google
│ └── 4.80.0
│ └── linux_amd64
│ └── terraform-provider-google_v4.80.0_x5
├── main.tf
├── outputs.tf
└── variables.tf
/.gitignore:
--------------------------------------------------------------------------------
1 | env/
2 | model/
3 |
4 | local/ansible/secrets/
5 |
--------------------------------------------------------------------------------
/.pre-commit-config.yaml:
--------------------------------------------------------------------------------
1 | # See https://pre-commit.com for more information
2 | # See https://pre-commit.com/hooks.html for more hooks
3 |
4 | # Don't run pre-commit on files under third-party/
5 | exclude: "^\
6 | (third-party/.*)\
7 | "
8 |
9 | repos:
10 | - repo: https://github.com/pre-commit/pre-commit-hooks
11 | rev: v4.1.0
12 | hooks:
13 | - id: check-added-large-files # prevents giant files from being committed.
14 | - id: check-merge-conflict # checks for some markers such as "<<<<<<<", "=======", and ">>>>>>>".
15 | - id: detect-private-key # detects the presence of private keys.
16 | - id: end-of-file-fixer # ensures that a file is either empty, or ends with one newline.
17 | - id: requirements-txt-fixer # sorts entries in requirements.txt.
18 | - id: trailing-whitespace # trims trailing whitespace at the end of lines.
19 |
20 | # # Format YAML and other files
21 | # - repo: https://github.com/pre-commit/mirrors-prettier
22 | # rev: v2.5.1
23 | # hooks:
24 | # - id: prettier
25 | # files: \.(js|ts|jsx|tsx|css|less|html|json|markdown|md|yaml|yml)$
26 |
27 | # Format Python files
28 | - repo: https://github.com/psf/black
29 | rev: 23.7.0
30 | hooks:
31 | - id: black
32 |
33 | # Sort the order of importing libs
34 | - repo: https://github.com/PyCQA/isort
35 | rev: 5.12.0
36 | hooks:
37 | - id: isort
38 | args: [--profile=black]
39 |
--------------------------------------------------------------------------------
/.yamllint.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # Look at the default configuration here
3 | # https://yamllint.readthedocs.io/en/stable/configuration.html#default-configuration
4 | # extends: default
5 |
6 | yaml-files:
7 | - "*.yaml"
8 | - "*.yml"
9 | - ".yamllint"
10 |
11 | rules:
12 | # 80 chars should be enough, but don't fail if a line is longer
13 | line-length:
14 | max: 80
15 | level: warning
16 | # https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.comments
17 | comments:
18 | require-starting-space: true # this comment will failed
19 | ignore-shebangs: true # ignore shebangs when using require-starting-space
20 | min-spaces-from-content: 2 # Two spaces from the number 2
21 |
--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:3.11
2 |
3 |
4 | WORKDIR /app
5 |
6 | RUN mkdir /app/mode
7 |
8 | COPY ./requirements.txt /app
9 |
10 | RUN pip install -r requirements.txt --no-cache-dir
11 |
12 | COPY ./model /app/model
13 |
14 | COPY ./main.py /app
15 |
16 | EXPOSE 30000
17 |
18 |
19 | CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "30000"]
20 |
--------------------------------------------------------------------------------
/Jenkinsfile:
--------------------------------------------------------------------------------
1 | pipeline {
2 | agent any
3 |
4 | options{
5 | buildDiscarder(logRotator(numToKeepStr: '5', daysToKeepStr: '5'))
6 | timestamps()
7 | }
8 |
9 | environment{
10 | registry = 'datdt185/app'
11 | registryCredential = 'dockerhub'
12 | }
13 |
14 | stages {
15 | stage('Build') {
16 | steps {
17 | script {
18 | echo 'Building image for deployment..'
19 | dockerImage = docker.build registry + ":$BUILD_NUMBER"
20 | echo 'Pushing image to dockerhub..'
21 | docker.withRegistry( '', registryCredential ) {
22 | dockerImage.push()
23 | dockerImage.push('latest')
24 | }
25 | }
26 | }
27 | }
28 | stage('Deploy') {
29 | agent {
30 | kubernetes {
31 | containerTemplate {
32 | name 'helm' // Name of the container to be used for helm upgrade
33 | image 'fullstackdatascience/jenkins-k8s:lts' // The image containing helm
34 | imagePullPolicy 'Always' // Always pull image in case of using the same tag
35 | }
36 | }
37 | }
38 | steps {
39 | script {
40 | container('helm') {
41 | sh("helm upgrade --install txtapp ./helm --namespace model-serving")
42 | }
43 | }
44 | }
45 | }
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Text Summarization
2 | ## Introduction
3 | Our project focuses on implementing text summarization using BART (Bidirectional and Auto-Regressive Transformers), a powerful model developed by Facebook. BART excels in generating coherent and concise summaries by combining both auto-regressive and bidirectional pretraining techniques. Leveraging its state-of-the-art capabilities, our text summarization system aims to distill essential information from lengthy documents, articles, or paragraphs, providing users with succinct and meaningful summaries. This project not only showcases the effectiveness of BART in natural language understanding but also contributes to the advancement of text summarization technology, making information extraction more efficient and accessible.
4 |
5 |
6 |
7 | # Table of Contents
8 | 1. [Text Summarization](#text-summarization)
9 | 1. [Introduction](#introduction)
10 | 2. [Project Structure](#structure)
11 | 2. [Local](#local)
12 | 1. [Demo](#demo)
13 | 2. [Running in Docker](#running-in-docker)
14 | 3. [Monitoring](#monitoring)
15 | 4. [CI/CD](#cicd)
16 | 3. [Cloud](#cloud)
17 | 1. [Deploying to GCP](#deploying-to-gcp)
18 | 2. [CICD with Jenkins for GCE](#cicd-with-jenkins-for-gce)
19 |
20 |
21 |
22 |
23 | ## Project Structure
24 | ```txt
25 | ├── demo.ipynb - Jupyter notebook for running the demo
26 | ├── docker-compose.yaml - Docker Compose configuration file
27 | ├── Dockerfile - Dockerfile for building the image
28 | ├── env - Directory for environment variables
29 | ├── helm - Directory for Helm chart to deploy the application
30 | ├── images - Directory for image files
31 | ├── jenkins - Directory for Jenkins configuration files
32 | ├── Jenkinsfile - Jenkins pipeline script to describe the CI/CD process
33 | ├── local - Directory for local contain Ansible to build GCE
34 | ├── main.py - Main Python script for the application
35 | ├── model - Directory for model files
36 | ├── monitor - Directory for monitoring such as Elasticsearch, Kibana, Prometheus, Grafana
37 | ├── README.md - This README file
38 | ├── requirements.txt - Python requirements file
39 | └── terraform - Directory for Terraform to build GKE
40 | ```
41 |
42 |
43 | # Local
44 | ![image alt text]()
45 | ### Demo
46 | First, install the required packages by running the following command:\
47 | Python Version: 3.11.6
48 | ```bash
49 | pip install -r requirements.txt
50 | ```
51 |
52 | After installing the required packages, you can run the demo by executing the file demo.ipynb:
53 |
54 | The result will be displayed in the gradio interface, where you can input the text you want to summarize and get the summarized text as the output.
55 |
56 | ![image alt text]()
57 |
58 | ### Running in Docker
59 | To run the demo in a Docker container, you can build the Docker image using the following command:
60 | ```bash
61 | docker build -t name_image .
62 | ```
63 |
64 | After building the Docker image, you can run the Docker container using the following command:
65 | ```bash
66 | docker run -p 30001:30000 name_image
67 | ```
68 |
69 | ![image alt text]()
70 |
71 | Model with deploy in FastAPI with localhost:30001/docs
72 |
73 | ![image alt text]()
74 |
75 | ### Monitoring
76 | To monitor the system, you can use Prometheus and Grafana. First, start the Prometheus and Grafana services by running the following command:
77 | ```bash
78 | cd monitor
79 | docker compose -f prom-graf-docker-compose.yaml up -d
80 | ```
81 |
82 | Access the Prometheus dashboard at localhost:9090 and Grafana dashboard at localhost:3000. The default username and password for Grafana are admin and admin, respectively.
83 |
84 | ![image alt text]()
85 |
86 | ## CI/CD
87 | We have two stages, build and deploy, in our CI/CD pipeline. The build stage is responsible for building the Docker image, while the deploy stage is responsible for deploying the Docker image to the cloud. We use GitHub Actions to automate the CI/CD pipeline. The pipeline is triggered whenever a new commit is pushed to the main branch.
88 | ```bash
89 | cd jenkins
90 | docker build -t yourname/jenkins . # create image
91 | docker compose -f dokcer-compose.yaml up -d # remember to change the name of image in docker-compose.yaml
92 | ```
93 | Access the Jenkins dashboard at localhost:8080. The default username is admin. You can get the password by running the following command:
94 | ```bash
95 | docker logs jenkins
96 | ```
97 | After logging in, you have to install some plugins
98 |
99 | * Docker
100 | * Docker Pipeline
101 | * Docker API
102 |
103 | More over use have to set the credentials for Docker Hub
104 | * Docker Credentials
105 | * Git Credentials (using ngrok to expose the local server to the internet)
106 |
107 |
108 | ![image alt text]()
109 |
110 | # Cloud
111 | ![image alt text]()
112 | ## Deploying to GCP
113 | Now, we will deploy the model to the cloud using GCP. First, you need to create a project and enable the Compute Engine and Kubernetes Engine APIs. Then, you can deploy the model to GKE using the following command:
114 |
115 | * [Install gcloud CLI](https://cloud.google.com/sdk/docs/install#deb)
116 |
117 | * Install gke-gcloud-auth-plugin
118 |
119 | ```bash
120 | sudo apt-get install google-cloud-cli-gke-gcloud-auth-plugin
121 | ```
122 | * Set GCloud Project
123 |
124 | Authorizes gcloud and other SDK tools to access Google Cloud and setup configuration
125 | ```bash
126 | gcloud init
127 | ```
128 | * Login to GCP
129 | ```bash
130 | gcloud auth application-default login
131 | ```
132 | * Deploy model to Google Kubernetes Engine (GKE)
133 | * Using terraform to create a GKE cluster
134 | ```bash
135 | cd terraform
136 | terraform init
137 | terraform plan # please check the plan before applying
138 | terraform apply
139 | ```
140 |
141 |
142 | * Connect to GKE
143 |
144 | ![image alt text]()
145 |
146 | Copy the command and run it in the terminal
147 | ```bash
148 | gcloud container clusters get-credentials mlops-414313-gke --region us-central1 --project mlops-414313
149 | ```
150 | Using command kubectx to check right context, if it is not right, you can change it by using command kubectx
151 |
152 |
153 | ![image alt text]()
154 |
155 | * Create necessary namespaces
156 | ```bash
157 | kubectl create ns model-serving
158 | kubectl create ns monitoring
159 | kubectl create ns nginx-ingress
160 | ```
161 |
162 | * Deploy nginx ingress controller
163 | ```bash
164 | cd helm/nginx-ingress
165 | helm upgrade --install nginx-ingress helm_charts/nginx-ingress -n nginx-ingress
166 | ```
167 | * Deploy application to GKE
168 | ```bash
169 | helm upgrade --install txtapp helm_charts/txtapp -n model-serving
170 | ```
171 | * Update Domain Name
172 | ```bash
173 | sudo nano /etc/hosts
174 | external_ip txtapp.example.com # external_ip is the external ip of nginx-ingress-controller)
175 | ```
176 | ![image alt text]()
177 |
178 |
179 | ## CICD with Jenkins for GCE
180 | To automate the CI/CD pipeline for deploying the model to GKE with Jenkins, we will have some setup steps as follows:
181 | First, we should enable the Google Compute Engine and Google Kubernetes Engine APIs in the GCP console.
182 |
183 | ![image alt text]()
184 |
185 | ![image alt text]()
186 |
187 |
188 | We will use Ansible to create GCE.
189 | First, we will set up the environment for Ansible and connect to GCE.
190 | Access to here to generate the key to connect to GCE
191 | ![image alt text]()
192 | Access to project which you want to connect to GCE
193 | Then click the manage key and select JSON
194 |
195 | ![image alt text]()
196 |
197 | Remember keep the key in the safe place and do not share it with anyone. (In my project I keep it in the folder ansible/secretes/)
198 | Then we will use the key to connect to GCE.
199 | ### Create the Compute Engine
200 | ```bash
201 | ansible-playbook create_compute_instance.yaml
202 | ```
203 | Copy the external ip of the GCE and put it in file inventory
204 |
205 | ### Create the key
206 | ```bash
207 | ssh-keygen
208 | cat ~/.ssh/id_rsa.pub # copy the key and add it to the GCE
209 | ```
210 | ![image alt text]()
211 |
212 | Alright, now we have the GCE, we will use Ansible to install Jenkins and Docker in the VM.
213 |
214 | ```bash
215 | ansible-playbook -i ../inventory deploy_jenkins.yaml
216 | ```
217 |
218 | ![image alt text]()
219 |
220 | Now, we can access the Jenkins dashboard at the
221 |
222 | external ip:8081
223 |
224 | * Install the necessary plugins
225 | Same plugins as we did in the local Jenkins. More over, we have to install:
226 | * Kubernetes Client API plugin
227 | * Kubernetes Credentials plugin
228 | * Kubernets Plugin
229 | * GCloud SDK plugin
230 |
231 | And few settings in Jenkins
232 | Manage Jenkins -> Node and Cloud -> Configure Clouds -> Add a new cloud -> Kubernetes
233 |
234 | Fill the information as below
235 | * Kubernetes URL: https://external_ip
236 | * Kubernetes server certificate key get from
237 | ```bash
238 | cat ~/.kube/config
239 | ```
240 | ![image alt text]()
241 |
242 | * Jenkins URL: http://external_ip:8081
243 |
244 | Then click test connection to check the connection
245 | It will show error, we will fix it with
246 | ```bash
247 | kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin --user $(gcloud config get-value account)
248 | ```
249 |
250 | ![image alt text]()
251 |
252 | Save it and build the pipeline.
253 | ![image alt text]()
254 |
--------------------------------------------------------------------------------
/demo.ipynb:
--------------------------------------------------------------------------------
1 | {
2 | "cells": [
3 | {
4 | "cell_type": "code",
5 | "execution_count": 1,
6 | "metadata": {},
7 | "outputs": [
8 | {
9 | "name": "stderr",
10 | "output_type": "stream",
11 | "text": [
12 | "/home/datdt/Desktop/Text-Summarization-/env/lib/python3.11/site-packages/tqdm/auto.py:21: TqdmWarning: IProgress not found. Please update jupyter and ipywidgets. See https://ipywidgets.readthedocs.io/en/stable/user_install.html\n",
13 | " from .autonotebook import tqdm as notebook_tqdm\n"
14 | ]
15 | }
16 | ],
17 | "source": [
18 | "from transformers import pipeline\n",
19 | "from transformers import AutoTokenizer, AutoModelForSeq2SeqLM\n",
20 | "import torch\n",
21 | "from datasets import load_dataset \n",
22 | "from datasets import DatasetInfo\n",
23 | "import pandas as pd "
24 | ]
25 | },
26 | {
27 | "cell_type": "code",
28 | "execution_count": 2,
29 | "metadata": {},
30 | "outputs": [
31 | {
32 | "name": "stderr",
33 | "output_type": "stream",
34 | "text": [
35 | "Some non-default generation parameters are set in the model config. These should go into a GenerationConfig file (https://huggingface.co/docs/transformers/generation_strategies#save-a-custom-decoding-strategy-with-your-model) instead. This warning will be raised to an exception in v4.41.\n",
36 | "Non-default generation parameters: {'max_length': 142, 'min_length': 56, 'early_stopping': True, 'num_beams': 4, 'length_penalty': 2.0, 'no_repeat_ngram_size': 3, 'forced_bos_token_id': 0, 'forced_eos_token_id': 2}\n"
37 | ]
38 | }
39 | ],
40 | "source": [
41 | "# Load the model\n",
42 | "checkpoint = \"facebook/bart-large-cnn\"\n",
43 | "tokenizer = AutoTokenizer.from_pretrained(checkpoint)\n",
44 | "model = AutoModelForSeq2SeqLM.from_pretrained(checkpoint)\n",
45 | "tokenizer.save_pretrained(\"model/\")\n",
46 | "model.save_pretrained(\"model/\")\n"
47 | ]
48 | },
49 | {
50 | "cell_type": "code",
51 | "execution_count": 28,
52 | "metadata": {},
53 | "outputs": [
54 | {
55 | "name": "stdout",
56 | "output_type": "stream",
57 | "text": [
58 | "IMPORTANT: You are using gradio version 2.3.6, however version 3.14.0 is available, please upgrade.\n",
59 | "--------\n",
60 | "Running locally at: http://127.0.0.1:7868/\n",
61 | "To create a public link, set `share=True` in `launch()`.\n",
62 | "Interface loading below...\n"
63 | ]
64 | },
65 | {
66 | "data": {
67 | "text/html": [
68 | "\n",
69 | " \n",
77 | " "
78 | ],
79 | "text/plain": [
80 | ""
81 | ]
82 | },
83 | "metadata": {},
84 | "output_type": "display_data"
85 | },
86 | {
87 | "data": {
88 | "text/plain": [
89 | "(, 'http://127.0.0.1:7868/', None)"
90 | ]
91 | },
92 | "execution_count": 28,
93 | "metadata": {},
94 | "output_type": "execute_result"
95 | }
96 | ],
97 | "source": [
98 | "from transformers import pipeline\n",
99 | "import gradio as gr\n",
100 | "\n",
101 | "# Assuming you have 'model' and 'tokenizer' defined elsewhere in your code\n",
102 | "summarizer = pipeline(\"summarization\", model=model, tokenizer=tokenizer)\n",
103 | "\n",
104 | "def summarize_text(text):\n",
105 | " summary = summarizer(text, max_length=180, min_length=80, do_sample=False)\n",
106 | " return summary[0]['summary_text']\n",
107 | "\n",
108 | "iface = gr.Interface(fn=summarize_text, \n",
109 | " inputs=gr.inputs.Textbox(lines=15, label=\"Input Text\"),\n",
110 | " outputs=gr.outputs.Textbox(label=\"Summary\"),\n",
111 | " title=\"BART Summarization\",)\n",
112 | "iface.launch()\n"
113 | ]
114 | }
115 | ],
116 | "metadata": {
117 | "kernelspec": {
118 | "display_name": "mlops",
119 | "language": "python",
120 | "name": "python3"
121 | },
122 | "language_info": {
123 | "codemirror_mode": {
124 | "name": "ipython",
125 | "version": 3
126 | },
127 | "file_extension": ".py",
128 | "mimetype": "text/x-python",
129 | "name": "python",
130 | "nbconvert_exporter": "python",
131 | "pygments_lexer": "ipython3",
132 | "version": "3.11.6"
133 | }
134 | },
135 | "nbformat": 4,
136 | "nbformat_minor": 2
137 | }
138 |
--------------------------------------------------------------------------------
/docker-compose.yaml:
--------------------------------------------------------------------------------
1 | version: '3.8'
2 |
3 | services:
4 | txt_summarizer:
5 | # The name will be displayed
6 | # in docker ps
7 | container_name: app_1
8 | # Build the image from Dockerfile
9 | build:
10 | context: .
11 | dockerfile: Dockerfile
12 | # Expose port 30000
13 | ports:
14 | - '30000:30000'
15 | # And set the image name
16 | image: datdt185/app:v1.0.0
17 |
18 |
19 |
20 |
21 |
22 |
23 | txt_summarizer_2:
24 | # The name will be displayed
25 | # in docker ps
26 | container_name: app_2
27 | # Build the image from Dockerfile
28 | build:
29 | context: .
30 | dockerfile: Dockerfile
31 | # Expose port 30000
32 | ports:
33 | - '30001:30000'
34 | # And set the image name
35 | image: datdt185/app:v1.0.0
--------------------------------------------------------------------------------
/helm/app_wo_ingress/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/helm/app_wo_ingress/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: app
3 | description: My Helm Chart for text summarization
4 |
5 | # A chart can be `application` or `library`,
6 | # we don't use `library` so often
7 | type: application
8 |
9 | # The chart vesion, which should be changed every time
10 | # you make an update to the chart
11 | version: 0.1.0
12 |
13 | # The version number of the application being deployed
14 | appVersion: "1.0.0"
15 |
16 | maintainers:
17 | - email: dothanhdat185@gmail.com
18 | name: dothanhdat
19 |
--------------------------------------------------------------------------------
/helm/app_wo_ingress/README.md:
--------------------------------------------------------------------------------
1 | In this tutorial, you will manage your OCR app by Helm.
2 |
3 | ## How-to Guide
4 | ```shell
5 | cd helms_chart
6 | helm upgrade --install app .
7 | ```
8 |
--------------------------------------------------------------------------------
/helm/app_wo_ingress/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | The text summarization server can be accessed via port 30000 on the following DNS name from within your cluster
2 |
--------------------------------------------------------------------------------
/helm/app_wo_ingress/templates/deployment.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: {{ .Release.Name }}
5 | labels:
6 | app: {{ .Release.Name }}
7 | namespace: model-serving
8 | spec:
9 | replicas: 1
10 | selector:
11 | matchLabels:
12 | app: {{ .Release.Name }}
13 | template:
14 | metadata:
15 | labels:
16 | app: {{ .Release.Name }}
17 | spec:
18 | containers:
19 | - name: {{ .Release.Name }}
20 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
21 | imagePullPolicy: {{ .Values.image.pullPolicy }}
22 | ports:
23 | - containerPort: 80
24 | resources:
25 | requests:
26 | memory: "10Gi"
27 | limits:
28 | memory: "10Gi"
29 |
--------------------------------------------------------------------------------
/helm/app_wo_ingress/templates/service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: {{ .Release.Name }}
5 | labels:
6 | app: {{ .Release.Name }}
7 | namespace: model-serving
8 | spec:
9 | selector:
10 | app: {{ .Release.Name }}
11 | ports:
12 | - port: 30000
13 | protocol: TCP
14 | targetPort: 30000
15 | type: ClusterIP
16 |
--------------------------------------------------------------------------------
/helm/app_wo_ingress/values.yaml:
--------------------------------------------------------------------------------
1 | image:
2 | repository: datdt185/app
3 | tag: "v1.0.0"
4 | pullPolicy: Always
5 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | *.png
3 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | appVersion: 3.2.1
3 | description: NGINX Ingress Controller
4 | home: https://github.com/nginxinc/kubernetes-ingress
5 | icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.2.1/deployments/helm-chart/chart-icon.png
6 | keywords:
7 | - ingress
8 | - nginx
9 | kubeVersion: '>= 1.22.0-0'
10 | maintainers:
11 | - email: kubernetes@nginx.com
12 | name: nginxinc
13 | name: nginx-ingress
14 | sources:
15 | - https://github.com/nginxinc/kubernetes-ingress/tree/v3.2.1/deployments/helm-chart
16 | type: application
17 | version: 0.18.1
18 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/README.md:
--------------------------------------------------------------------------------
1 | # NGINX Ingress Controller Helm Chart
2 |
3 | ## Introduction
4 |
5 | This chart deploys the NGINX Ingress Controller in your Kubernetes cluster.
6 |
7 | ## Prerequisites
8 |
9 | - A [Kubernetes Version Supported by the Ingress Controller](https://docs.nginx.com/nginx-ingress-controller/technical-specifications/#supported-kubernetes-versions)
10 | - Helm 3.0+.
11 | - If you’d like to use NGINX Plus:
12 | - To pull from the F5 Container registry, configure a docker registry secret using your JWT token from the MyF5 portal by following the instructions from [here](https://docs.nginx.com/nginx-ingress-controller/installation/using-the-jwt-token-docker-secret). Make sure to specify the secret using `controller.serviceAccount.imagePullSecretName` parameter.
13 | - Alternatively, pull an Ingress Controller image with NGINX Plus and push it to your private registry by following the instructions from [here](https://docs.nginx.com/nginx-ingress-controller/installation/pulling-ingress-controller-image).
14 | - Alternatively, you can build an Ingress Controller image with NGINX Plus and push it to your private registry by following the instructions from [here](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image).
15 | - Update the `controller.image.repository` field of the `values-plus.yaml` accordingly.
16 | - If you’d like to use App Protect DoS, please install App Protect DoS Arbitrator [helm chart](https://github.com/nginxinc/nap-dos-arbitrator-helm-chart). Make sure to install in the same namespace as the NGINX Ingress Controller. Note that if you install multiple NGINX Ingress Controllers in the same namespace, they will need to share the same Arbitrator because it is not possible to install more than one Arbitrator in a single namespace.
17 |
18 | ## CRDs
19 |
20 | By default, the Ingress Controller requires a number of custom resource definitions (CRDs) installed in the cluster. The Helm client will install those CRDs. If the CRDs are not installed, the Ingress Controller pods will not become `Ready`.
21 |
22 | If you do not use the custom resources that require those CRDs (which corresponds to `controller.enableCustomResources` set to `false` and `controller.appprotect.enable` set to `false` and `controller.appprotectdos.enable` set to `false`), the installation of the CRDs can be skipped by specifying `--skip-crds` for the helm install command.
23 |
24 | ### Upgrading the CRDs
25 |
26 | To upgrade the CRDs, pull the chart sources as described in [Pulling the Chart](#pulling-the-chart) and then run:
27 |
28 | ```console
29 | kubectl apply -f crds/
30 | ```
31 |
32 | > **Note**
33 | >
34 | > The following warning is expected and can be ignored: `Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply`.
35 | >
36 | > Make sure to check the [release notes](https://www.github.com/nginxinc/kubernetes-ingress/releases) for a new release for any special upgrade procedures.
37 |
38 | ### Uninstalling the CRDs
39 |
40 | To remove the CRDs, pull the chart sources as described in [Pulling the Chart](#pulling-the-chart) and then run:
41 |
42 | ```console
43 | kubectl delete -f crds/
44 | ```
45 |
46 | > **Note**
47 | >
48 | > This command will delete all the corresponding custom resources in your cluster across all namespaces. Please ensure there are no custom resources that you want to keep and there are no other Ingress Controller releases running in the cluster.
49 |
50 | ## Managing the Chart via OCI Registry
51 |
52 | ### Installing the Chart
53 |
54 | To install the chart with the release name my-release (my-release is the name that you choose):
55 |
56 | For NGINX:
57 |
58 | ```console
59 | helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 0.18.1
60 | ```
61 |
62 | For NGINX Plus: (assuming you have pushed the Ingress Controller image `nginx-plus-ingress` to your private registry `myregistry.example.com`)
63 |
64 | ```console
65 | helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 0.18.1 --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true
66 | ```
67 |
68 | This will install the latest `edge` version of the Ingress Controller from GitHub Container Registry. If you prefer to use Docker Hub, you can replace `ghcr.io/nginxinc/charts/nginx-ingress` with `registry-1.docker.io/nginxcharts/nginx-ingress`.
69 |
70 | ### Upgrading the Chart
71 |
72 | Helm does not upgrade the CRDs during a release upgrade. Before you upgrade a release, see [Upgrading the CRDs](#upgrading-the-crds).
73 |
74 | To upgrade the release `my-release`:
75 |
76 | ```console
77 | helm upgrade my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 0.18.1
78 | ```
79 |
80 | ### Uninstalling the Chart
81 |
82 | To uninstall/delete the release `my-release`:
83 |
84 | ```console
85 | helm uninstall my-release
86 | ```
87 |
88 | The command removes all the Kubernetes components associated with the release and deletes the release.
89 |
90 | Uninstalling the release does not remove the CRDs. To remove the CRDs, see [Uninstalling the CRDs](#uninstalling-the-crds).
91 |
92 | ### Edge Version
93 |
94 | To test the latest changes in NGINX Ingress Controller before a new release, you can install the `edge` version. This version is built from the `main` branch of the NGINX Ingress Controller repository.
95 | You can install the `edge` version by specifying the `--version` flag with the value `0.0.0-edge`:
96 |
97 | ```console
98 | helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 0.0.0-edge
99 | ```
100 |
101 | > **Warning**
102 | >
103 | > The `edge` version is not intended for production use. It is intended for testing and development purposes only.
104 |
105 | ## Managing the Chart via Sources
106 |
107 | ### Pulling the Chart
108 |
109 | This step is required if you're installing the chart using its sources. Additionally, the step is also required for managing the custom resource definitions (CRDs), which the Ingress Controller requires by default, or for upgrading/deleting the CRDs.
110 |
111 | 1. Pull the chart sources:
112 |
113 | ```console
114 | helm pull oci://ghcr.io/nginxinc/charts/nginx-ingress --untar --version 0.18.1
115 | ```
116 |
117 | 2. Change your working directory to nginx-ingress:
118 |
119 | ```console
120 | cd nginx-ingress
121 | ```
122 |
123 | ### Installing the Chart
124 |
125 | To install the chart with the release name my-release (my-release is the name that you choose):
126 |
127 | For NGINX:
128 |
129 | ```console
130 | helm install my-release .
131 | ```
132 |
133 | For NGINX Plus:
134 |
135 | ```console
136 | helm install my-release -f values-plus.yaml .
137 | ```
138 |
139 | The command deploys the Ingress Controller in your Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation.
140 |
141 | ### Upgrading the Chart
142 |
143 | Helm does not upgrade the CRDs during a release upgrade. Before you upgrade a release, see [Upgrading the CRDs](#upgrading-the-crds).
144 |
145 | To upgrade the release `my-release`:
146 |
147 | ```console
148 | helm upgrade my-release .
149 | ```
150 |
151 | ### Uninstalling the Chart
152 |
153 | To uninstall/delete the release `my-release`:
154 |
155 | ```console
156 | helm uninstall my-release
157 | ```
158 |
159 | The command removes all the Kubernetes components associated with the release and deletes the release.
160 |
161 | Uninstalling the release does not remove the CRDs. To remove the CRDs, see [Uninstalling the CRDs](#uninstalling-the-crds).
162 |
163 | ## Running Multiple Ingress Controllers
164 |
165 | If you are running multiple Ingress Controller releases in your cluster with enabled custom resources, the releases will share a single version of the CRDs. As a result, make sure that the Ingress Controller versions match the version of the CRDs. Additionally, when uninstalling a release, ensure that you don’t remove the CRDs until there are no other Ingress Controller releases running in the cluster.
166 |
167 | See [running multiple Ingress Controllers](https://docs.nginx.com/nginx-ingress-controller/installation/running-multiple-ingress-controllers/) for more details.
168 |
169 | ## Configuration
170 |
171 | The following tables lists the configurable parameters of the NGINX Ingress Controller chart and their default values.
172 |
173 | |Parameter | Description | Default |
174 | | --- | --- | --- |
175 | |`controller.name` | The name of the Ingress Controller daemonset or deployment. | Autogenerated |
176 | |`controller.kind` | The kind of the Ingress Controller installation - deployment or daemonset. | deployment |
177 | |`controller.annotations` | Allows for setting of `annotations` for deployment or daemonset. | {} |
178 | |`controller.nginxplus` | Deploys the Ingress Controller for NGINX Plus. | false |
179 | |`controller.nginxReloadTimeout` | The timeout in milliseconds which the Ingress Controller will wait for a successful NGINX reload after a change or at the initial start. | 60000 |
180 | |`controller.hostNetwork` | Enables the Ingress Controller pods to use the host's network namespace. | false |
181 | |`controller.dnsPolicy` | DNS policy for the Ingress Controller pods. | ClusterFirst |
182 | |`controller.nginxDebug` | Enables debugging for NGINX. Uses the `nginx-debug` binary. Requires `error-log-level: debug` in the ConfigMap via `controller.config.entries`. | false |
183 | |`controller.logLevel` | The log level of the Ingress Controller. | 1 |
184 | |`controller.image.digest` | The image digest of the Ingress Controller. | None |
185 | |`controller.image.repository` | The image repository of the Ingress Controller. | nginx/nginx-ingress |
186 | |`controller.image.tag` | The tag of the Ingress Controller image. | 3.2.1 |
187 | |`controller.image.pullPolicy` | The pull policy for the Ingress Controller image. | IfNotPresent |
188 | |`controller.lifecycle` | The lifecycle of the Ingress Controller pods. | {} |
189 | |`controller.customConfigMap` | The name of the custom ConfigMap used by the Ingress Controller. If set, then the default config is ignored. | "" |
190 | |`controller.config.name` | The name of the ConfigMap used by the Ingress Controller. | Autogenerated |
191 | |`controller.config.annotations` | The annotations of the Ingress Controller configmap. | {} |
192 | |`controller.config.entries` | The entries of the ConfigMap for customizing NGINX configuration. See [ConfigMap resource docs](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/configmap-resource/) for the list of supported ConfigMap keys. | {} |
193 | |`controller.customPorts` | A list of custom ports to expose on the NGINX Ingress Controller pod. Follows the conventional Kubernetes yaml syntax for container ports. | [] |
194 | |`controller.defaultTLS.cert` | The base64-encoded TLS certificate for the default HTTPS server. **Note:** By default, a pre-generated self-signed certificate is used. It is recommended that you specify your own certificate. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server. | A pre-generated self-signed certificate. |
195 | |`controller.defaultTLS.key` | The base64-encoded TLS key for the default HTTPS server. **Note:** By default, a pre-generated key is used. It is recommended that you specify your own key. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server. | A pre-generated key. |
196 | |`controller.defaultTLS.secret` | The secret with a TLS certificate and key for the default HTTPS server. The value must follow the following format: `/`. Used as an alternative to specifying a certificate and key using `controller.defaultTLS.cert` and `controller.defaultTLS.key` parameters. **Note:** Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server. | None |
197 | |`controller.wildcardTLS.cert` | The base64-encoded TLS certificate for every Ingress/VirtualServer host that has TLS enabled but no secret specified. If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection. | None |
198 | |`controller.wildcardTLS.key` | The base64-encoded TLS key for every Ingress/VirtualServer host that has TLS enabled but no secret specified. If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection. | None |
199 | |`controller.wildcardTLS.secret` | The secret with a TLS certificate and key for every Ingress/VirtualServer host that has TLS enabled but no secret specified. The value must follow the following format: `/`. Used as an alternative to specifying a certificate and key using `controller.wildcardTLS.cert` and `controller.wildcardTLS.key` parameters. | None |
200 | |`controller.nodeSelector` | The node selector for pod assignment for the Ingress Controller pods. | {} |
201 | |`controller.terminationGracePeriodSeconds` | The termination grace period of the Ingress Controller pod. | 30 |
202 | |`controller.tolerations` | The tolerations of the Ingress Controller pods. | [] |
203 | |`controller.affinity` | The affinity of the Ingress Controller pods. | {} |
204 | |`controller.topologySpreadConstraints` | The topology spread constraints of the Ingress controller pods. | {} |
205 | |`controller.env` | The additional environment variables to be set on the Ingress Controller pods. | [] |
206 | |`controller.volumes` | The volumes of the Ingress Controller pods. | [] |
207 | |`controller.volumeMounts` | The volumeMounts of the Ingress Controller pods. | [] |
208 | |`controller.initContainers` | InitContainers for the Ingress Controller pods. | [] |
209 | |`controller.extraContainers` | Extra (eg. sidecar) containers for the Ingress Controller pods. | [] |
210 | |`controller.resources` | The resources of the Ingress Controller pods. | requests: cpu=100m,memory=128Mi |
211 | |`controller.replicaCount` | The number of replicas of the Ingress Controller deployment. | 1 |
212 | |`controller.ingressClass` | A class of the Ingress Controller. An IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start. The Ingress Controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. The Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the "ingressClassName" field for all versions of kubernetes. | nginx |
213 | |`controller.setAsDefaultIngress` | New Ingresses without an `"ingressClassName"` field specified will be assigned the class specified in `controller.ingressClass`. | false |
214 | |`controller.watchNamespace` | Comma separated list of namespaces the Ingress Controller should watch for resources. By default the Ingress Controller watches all namespaces. Mutually exclusive with `controller.watchNamespaceLabel`. Please note that if configuring multiple namespaces using the Helm cli `--set` option, the string needs to wrapped in double quotes and the commas escaped using a backslash - e.g. `--set controller.watchNamespace="default\,nginx-ingress"`. | "" |
215 | |`controller.watchNamespaceLabel` | Configures the Ingress Controller to watch only those namespaces with label foo=bar. By default the Ingress Controller watches all namespaces. Mutually exclusive with `controller.watchNamespace`. | "" |
216 | |`controller.watchSecretNamespace` | Comma separated list of namespaces the Ingress Controller should watch for resources of type Secret. If this arg is not configured, the Ingress Controller watches the same namespaces for all resources. See `controller.watchNamespace` and `controller.watchNamespaceLabel`. Please note that if configuring multiple namespaces using the Helm cli `--set` option, the string needs to wrapped in double quotes and the commas escaped using a backslash - e.g. `--set controller.watchSecretNamespace="default\,nginx-ingress"`. | "" |
217 | |`controller.enableCustomResources` | Enable the custom resources. | true |
218 | |`controller.enablePreviewPolicies` | Enable preview policies. This parameter is deprecated. To enable OIDC Policies please use `controller.enableOIDC` instead. | false |
219 | |`controller.enableOIDC` | Enable OIDC policies. | false |
220 | |`controller.enableTLSPassthrough` | Enable TLS Passthrough on port 443. Requires `controller.enableCustomResources`. | false |
221 | |`controller.enableCertManager` | Enable x509 automated certificate management for VirtualServer resources using cert-manager (cert-manager.io). Requires `controller.enableCustomResources`. | false |
222 | |`controller.enableExternalDNS` | Enable integration with ExternalDNS for configuring public DNS entries for VirtualServer resources using [ExternalDNS](https://github.com/kubernetes-sigs/external-dns). Requires `controller.enableCustomResources`. | false |
223 | |`controller.globalConfiguration.create` | Creates the GlobalConfiguration custom resource. Requires `controller.enableCustomResources`. | false |
224 | |`controller.globalConfiguration.spec` | The spec of the GlobalConfiguration for defining the global configuration parameters of the Ingress Controller. | {} |
225 | |`controller.enableSnippets` | Enable custom NGINX configuration snippets in Ingress, VirtualServer, VirtualServerRoute and TransportServer resources. | false |
226 | |`controller.healthStatus` | Add a location "/nginx-health" to the default server. The location responds with the 200 status code for any request. Useful for external health-checking of the Ingress Controller. | false |
227 | |`controller.healthStatusURI` | Sets the URI of health status location in the default server. Requires `controller.healthStatus`. | "/nginx-health" |
228 | |`controller.nginxStatus.enable` | Enable the NGINX stub_status, or the NGINX Plus API. | true |
229 | |`controller.nginxStatus.port` | Set the port where the NGINX stub_status or the NGINX Plus API is exposed. | 8080 |
230 | |`controller.nginxStatus.allowCidrs` | Add IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas. | 127.0.0.1,::1 |
231 | |`controller.priorityClassName` | The PriorityClass of the Ingress Controller pods. | None |
232 | |`controller.service.create` | Creates a service to expose the Ingress Controller pods. | true |
233 | |`controller.service.type` | The type of service to create for the Ingress Controller. | LoadBalancer |
234 | |`controller.service.externalTrafficPolicy` | The externalTrafficPolicy of the service. The value Local preserves the client source IP. | Local |
235 | |`controller.service.annotations` | The annotations of the Ingress Controller service. | {} |
236 | |`controller.service.extraLabels` | The extra labels of the service. | {} |
237 | |`controller.service.loadBalancerIP` | The static IP address for the load balancer. Requires `controller.service.type` set to `LoadBalancer`. The cloud provider must support this feature. | "" |
238 | |`controller.service.externalIPs` | The list of external IPs for the Ingress Controller service. | [] |
239 | |`controller.service.loadBalancerSourceRanges` | The IP ranges (CIDR) that are allowed to access the load balancer. Requires `controller.service.type` set to `LoadBalancer`. The cloud provider must support this feature. | [] |
240 | |`controller.service.name` | The name of the service. | Autogenerated |
241 | |`controller.service.customPorts` | A list of custom ports to expose through the Ingress Controller service. Follows the conventional Kubernetes yaml syntax for service ports. | [] |
242 | |`controller.service.httpPort.enable` | Enables the HTTP port for the Ingress Controller service. | true |
243 | |`controller.service.httpPort.port` | The HTTP port of the Ingress Controller service. | 80 |
244 | |`controller.service.httpPort.nodePort` | The custom NodePort for the HTTP port. Requires `controller.service.type` set to `NodePort`. | "" |
245 | |`controller.service.httpPort.targetPort` | The target port of the HTTP port of the Ingress Controller service. | 80 |
246 | |`controller.service.httpsPort.enable` | Enables the HTTPS port for the Ingress Controller service. | true |
247 | |`controller.service.httpsPort.port` | The HTTPS port of the Ingress Controller service. | 443 |
248 | |`controller.service.httpsPort.nodePort` | The custom NodePort for the HTTPS port. Requires `controller.service.type` set to `NodePort`. | "" |
249 | |`controller.service.httpsPort.targetPort` | The target port of the HTTPS port of the Ingress Controller service. | 443 |
250 | |`controller.serviceAccount.annotations` | The annotations of the Ingress Controller service account. | {} |
251 | |`controller.serviceAccount.name` | The name of the service account of the Ingress Controller pods. Used for RBAC. | Autogenerated |
252 | |`controller.serviceAccount.imagePullSecretName` | The name of the secret containing docker registry credentials. Secret must exist in the same namespace as the helm release. | "" |
253 | |`controller.serviceMonitor.name` | The name of the serviceMonitor. | Autogenerated |
254 | |`controller.serviceMonitor.create` | Create a ServiceMonitor custom resource. | false |
255 | |`controller.serviceMonitor.labels` | Kubernetes object labels to attach to the serviceMonitor object. | "" |
256 | |`controller.serviceMonitor.selectorMatchLabels` | A set of labels to allow the selection of endpoints for the ServiceMonitor. | "" |
257 | |`controller.serviceMonitor.endpoints` | A list of endpoints allowed as part of this ServiceMonitor. | "" |
258 | |`controller.reportIngressStatus.enable` | Updates the address field in the status of Ingress resources with an external address of the Ingress Controller. You must also specify the source of the external address either through an external service via `controller.reportIngressStatus.externalService`, `controller.reportIngressStatus.ingressLink` or the `external-status-address` entry in the ConfigMap via `controller.config.entries`. **Note:** `controller.config.entries.external-status-address` takes precedence over the others. | true |
259 | |`controller.reportIngressStatus.externalService` | Specifies the name of the service with the type LoadBalancer through which the Ingress Controller is exposed externally. The external address of the service is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. `controller.reportIngressStatus.enable` must be set to `true`. The default is autogenerated and enabled when `controller.service.create` is set to `true` and `controller.service.type` is set to `LoadBalancer`. | Autogenerated |
260 | |`controller.reportIngressStatus.ingressLink` | Specifies the name of the IngressLink resource, which exposes the Ingress Controller pods via a BIG-IP system. The IP of the BIG-IP system is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. `controller.reportIngressStatus.enable` must be set to `true`. | "" |
261 | |`controller.reportIngressStatus.enableLeaderElection` | Enable Leader election to avoid multiple replicas of the controller reporting the status of Ingress resources. `controller.reportIngressStatus.enable` must be set to `true`. | true |
262 | |`controller.reportIngressStatus.leaderElectionLockName` | Specifies the name of the ConfigMap, within the same namespace as the controller, used as the lock for leader election. controller.reportIngressStatus.enableLeaderElection must be set to true. | Autogenerated |
263 | |`controller.reportIngressStatus.annotations` | The annotations of the leader election configmap. | {} |
264 | |`controller.pod.annotations` | The annotations of the Ingress Controller pod. | {} |
265 | |`controller.pod.extraLabels` | The additional extra labels of the Ingress Controller pod. | {} |
266 | |`controller.appprotect.enable` | Enables the App Protect WAF module in the Ingress Controller. | false |
267 | |`controller.appprotectdos.enable` | Enables the App Protect DoS module in the Ingress Controller. | false |
268 | |`controller.appprotectdos.debug` | Enable debugging for App Protect DoS. | false |
269 | |`controller.appprotectdos.maxDaemons` | Max number of ADMD instances. | 1 |
270 | |`controller.appprotectdos.maxWorkers` | Max number of nginx processes to support. | Number of CPU cores in the machine |
271 | |`controller.appprotectdos.memory` | RAM memory size to consume in MB. | 50% of free RAM in the container or 80MB, the smaller |
272 | |`controller.readyStatus.enable` | Enables the readiness endpoint `"/nginx-ready"`. The endpoint returns a success code when NGINX has loaded all the config after the startup. This also configures a readiness probe for the Ingress Controller pods that uses the readiness endpoint. | true |
273 | |`controller.readyStatus.port` | The HTTP port for the readiness endpoint. | 8081 |
274 | |`controller.readyStatus.initialDelaySeconds` | The number of seconds after the Ingress Controller pod has started before readiness probes are initiated. | 0 |
275 | |`controller.enableLatencyMetrics` | Enable collection of latency metrics for upstreams. Requires `prometheus.create`. | false |
276 | |`controller.minReadySeconds` | Specifies the minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing, for it to be considered available. [docs](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds) | 0 |
277 | |`controller.autoscaling.enabled` | Enables HorizontalPodAutoscaling. | false |
278 | |`controller.autoscaling.annotations` | The annotations of the Ingress Controller HorizontalPodAutoscaler. | {} |
279 | |`controller.autoscaling.minReplicas` | Minimum number of replicas for the HPA. | 1 |
280 | |`controller.autoscaling.maxReplicas` | Maximum number of replicas for the HPA. | 3 |
281 | |`controller.autoscaling.targetCPUUtilizationPercentage` | The target CPU utilization percentage. | 50 |
282 | |`controller.autoscaling.targetMemoryUtilizationPercentage` | The target memory utilization percentage. | 50 |
283 | |`controller.podDisruptionBudget.enabled` | Enables PodDisruptionBudget. | false |
284 | |`controller.podDisruptionBudget.annotations` | The annotations of the Ingress Controller pod disruption budget | {} |
285 | |`controller.podDisruptionBudget.minAvailable` | The number of Ingress Controller pods that should be available. This is a mutually exclusive setting with "maxUnavailable". | 0 |
286 | |`controller.podDisruptionBudget.maxUnavailable` | The number of Ingress Controller pods that can be unavailable. This is a mutually exclusive setting with "minAvailable". | 0 |
287 | |`controller.strategy` | Specifies the strategy used to replace old Pods with new ones. Docs for [Deployment update strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) and [Daemonset update strategy](https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/#daemonset-update-strategy) | {} |
288 | |`controller.disableIPV6` | Disable IPV6 listeners explicitly for nodes that do not support the IPV6 stack. | false |
289 | |`controller.readOnlyRootFilesystem` | Configure root filesystem as read-only and add volumes for temporary data. | false |
290 | |`rbac.create` | Configures RBAC. | true |
291 | |`prometheus.create` | Expose NGINX or NGINX Plus metrics in the Prometheus format. | true |
292 | |`prometheus.port` | Configures the port to scrape the metrics. | 9113 |
293 | |`prometheus.scheme` | Configures the HTTP scheme to use for connections to the Prometheus endpoint. | http |
294 | |`prometheus.secret` | The namespace / name of a Kubernetes TLS Secret. If specified, this secret is used to secure the Prometheus endpoint with TLS connections. | "" |
295 | |`serviceInsight.create` | Expose NGINX Plus Service Insight endpoint. | false |
296 | |`serviceInsight.port` | Configures the port to expose endpoints. | 9114 |
297 | |`serviceInsight.scheme` | Configures the HTTP scheme to use for connections to the Service Insight endpoint. | http |
298 | |`serviceInsight.secret` | The namespace / name of a Kubernetes TLS Secret. If specified, this secret is used to secure the Service Insight endpoint with TLS connections. | "" |
299 | |`nginxServiceMesh.enable` | Enable integration with NGINX Service Mesh. See the NGINX Service Mesh [docs](https://docs.nginx.com/nginx-service-mesh/tutorials/kic/deploy-with-kic/) for more details. Requires `controller.nginxplus`. | false |
300 | |`nginxServiceMesh.enableEgress` | Enable NGINX Service Mesh workloads to route egress traffic through the Ingress Controller. See the NGINX Service Mesh [docs](https://docs.nginx.com/nginx-service-mesh/tutorials/kic/deploy-with-kic/#enabling-egress) for more details. Requires `nginxServiceMesh.enable`. | false |
301 |
302 | ## Notes
303 |
304 | - The values-icp.yaml file is used for deploying the Ingress Controller on IBM Cloud Private. See the [blog post](https://www.nginx.com/blog/nginx-ingress-controller-ibm-cloud-private/) for more details.
305 | - The values-nsm.yaml file is used for deploying the Ingress Controller with NGINX Service Mesh. See the NGINX Service Mesh [docs](https://docs.nginx.com/nginx-service-mesh/tutorials/kic/deploy-with-kic/) for more details.
306 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/crds/appprotect.f5.com_aplogconfs.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | annotations:
5 | controller-gen.kubebuilder.io/version: v0.10.0
6 | creationTimestamp: null
7 | name: aplogconfs.appprotect.f5.com
8 | spec:
9 | group: appprotect.f5.com
10 | names:
11 | kind: APLogConf
12 | listKind: APLogConfList
13 | plural: aplogconfs
14 | singular: aplogconf
15 | preserveUnknownFields: false
16 | scope: Namespaced
17 | versions:
18 | - name: v1beta1
19 | schema:
20 | openAPIV3Schema:
21 | description: APLogConf is the Schema for the APLogConfs API
22 | properties:
23 | apiVersion:
24 | description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
25 | type: string
26 | kind:
27 | description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
28 | type: string
29 | metadata:
30 | type: object
31 | spec:
32 | description: APLogConfSpec defines the desired state of APLogConf
33 | properties:
34 | content:
35 | properties:
36 | escaping_characters:
37 | items:
38 | properties:
39 | from:
40 | type: string
41 | to:
42 | type: string
43 | type: object
44 | type: array
45 | format:
46 | enum:
47 | - splunk
48 | - arcsight
49 | - default
50 | - user-defined
51 | - grpc
52 | type: string
53 | format_string:
54 | type: string
55 | list_delimiter:
56 | type: string
57 | list_prefix:
58 | type: string
59 | list_suffix:
60 | type: string
61 | max_message_size:
62 | pattern: ^([1-9]|[1-5][0-9]|6[0-4])k$
63 | type: string
64 | max_request_size:
65 | pattern: ^([1-9]|[1-9][0-9]|[1-9][0-9]{2}|1[0-9]{3}|20[1-3][0-9]|204[1-8]|any)$
66 | type: string
67 | type: object
68 | filter:
69 | properties:
70 | request_type:
71 | enum:
72 | - all
73 | - illegal
74 | - blocked
75 | type: string
76 | type: object
77 | type: object
78 | type: object
79 | served: true
80 | storage: true
81 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/crds/appprotect.f5.com_apusersigs.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | annotations:
5 | controller-gen.kubebuilder.io/version: v0.10.0
6 | creationTimestamp: null
7 | name: apusersigs.appprotect.f5.com
8 | spec:
9 | group: appprotect.f5.com
10 | names:
11 | kind: APUserSig
12 | listKind: APUserSigList
13 | plural: apusersigs
14 | singular: apusersig
15 | preserveUnknownFields: false
16 | scope: Namespaced
17 | versions:
18 | - name: v1beta1
19 | schema:
20 | openAPIV3Schema:
21 | description: APUserSig is the Schema for the apusersigs API
22 | properties:
23 | apiVersion:
24 | description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
25 | type: string
26 | kind:
27 | description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
28 | type: string
29 | metadata:
30 | type: object
31 | spec:
32 | description: APUserSigSpec defines the desired state of APUserSig
33 | properties:
34 | properties:
35 | type: string
36 | signatures:
37 | items:
38 | properties:
39 | accuracy:
40 | enum:
41 | - high
42 | - medium
43 | - low
44 | type: string
45 | attackType:
46 | properties:
47 | name:
48 | type: string
49 | type: object
50 | description:
51 | type: string
52 | name:
53 | type: string
54 | references:
55 | properties:
56 | type:
57 | enum:
58 | - bugtraq
59 | - cve
60 | - nessus
61 | - url
62 | type: string
63 | value:
64 | type: string
65 | type: object
66 | risk:
67 | enum:
68 | - high
69 | - medium
70 | - low
71 | type: string
72 | rule:
73 | type: string
74 | signatureType:
75 | enum:
76 | - request
77 | - response
78 | type: string
79 | systems:
80 | items:
81 | properties:
82 | name:
83 | type: string
84 | type: object
85 | type: array
86 | type: object
87 | type: array
88 | tag:
89 | type: string
90 | type: object
91 | type: object
92 | served: true
93 | storage: true
94 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/crds/appprotectdos.f5.com_apdoslogconfs.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | annotations:
5 | controller-gen.kubebuilder.io/version: v0.9.2
6 | creationTimestamp: null
7 | name: apdoslogconfs.appprotectdos.f5.com
8 | spec:
9 | group: appprotectdos.f5.com
10 | names:
11 | kind: APDosLogConf
12 | listKind: APDosLogConfList
13 | plural: apdoslogconfs
14 | singular: apdoslogconf
15 | preserveUnknownFields: false
16 | scope: Namespaced
17 | versions:
18 | - name: v1beta1
19 | schema:
20 | openAPIV3Schema:
21 | description: APDosLogConf is the Schema for the APDosLogConfs API
22 | properties:
23 | apiVersion:
24 | description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
25 | type: string
26 | kind:
27 | description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
28 | type: string
29 | metadata:
30 | type: object
31 | spec:
32 | description: APDosLogConfSpec defines the desired state of APDosLogConf
33 | properties:
34 | content:
35 | properties:
36 | format:
37 | enum:
38 | - splunk
39 | - arcsight
40 | - user-defined
41 | type: string
42 | format_string:
43 | type: string
44 | max_message_size:
45 | pattern: ^([1-9]|[1-5][0-9]|6[0-4])k$
46 | type: string
47 | type: object
48 | filter:
49 | properties:
50 | traffic-mitigation-stats:
51 | enum:
52 | - none
53 | - all
54 | default: all
55 | type: string
56 | bad-actors:
57 | pattern: ^(none|all|top ([1-9]|[1-9][0-9]|[1-9][0-9]{2,4}|100000))$
58 | default: top 10
59 | type: string
60 | attack-signatures:
61 | pattern: ^(none|all|top ([1-9]|[1-9][0-9]|[1-9][0-9]{2,4}|100000))$
62 | default: top 10
63 | type: string
64 | type: object
65 | type: object
66 | type: object
67 | served: true
68 | storage: true
69 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/crds/appprotectdos.f5.com_apdospolicy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | annotations:
5 | controller-gen.kubebuilder.io/version: v0.9.2
6 | creationTimestamp: null
7 | name: apdospolicies.appprotectdos.f5.com
8 | spec:
9 | group: appprotectdos.f5.com
10 | names:
11 | kind: APDosPolicy
12 | listKind: APDosPoliciesList
13 | plural: apdospolicies
14 | singular: apdospolicy
15 | preserveUnknownFields: false
16 | scope: Namespaced
17 | versions:
18 | - name: v1beta1
19 | schema:
20 | openAPIV3Schema:
21 | type: object
22 | description: APDosPolicy is the Schema for the APDosPolicy API
23 | properties:
24 | apiVersion:
25 | description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
26 | type: string
27 | kind:
28 | description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
29 | type: string
30 | metadata:
31 | type: object
32 | spec:
33 | type: object
34 | description: APDosPolicySpec defines the desired state of APDosPolicy
35 | properties:
36 | mitigation_mode:
37 | enum:
38 | - "standard"
39 | - "conservative"
40 | - "none"
41 | default: "standard"
42 | type: string
43 | signatures:
44 | enum:
45 | - "on"
46 | - "off"
47 | default: "on"
48 | type: string
49 | bad_actors:
50 | enum:
51 | - "on"
52 | - "off"
53 | default: "on"
54 | type: string
55 | automation_tools_detection:
56 | enum:
57 | - "on"
58 | - "off"
59 | default: "on"
60 | type: string
61 | tls_fingerprint:
62 | enum:
63 | - "on"
64 | - "off"
65 | default: "on"
66 | type: string
67 | served: true
68 | storage: true
69 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/crds/appprotectdos.f5.com_dosprotectedresources.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | annotations:
5 | controller-gen.kubebuilder.io/version: v0.12.1
6 | name: dosprotectedresources.appprotectdos.f5.com
7 | spec:
8 | group: appprotectdos.f5.com
9 | names:
10 | kind: DosProtectedResource
11 | listKind: DosProtectedResourceList
12 | plural: dosprotectedresources
13 | shortNames:
14 | - pr
15 | singular: dosprotectedresource
16 | scope: Namespaced
17 | versions:
18 | - name: v1beta1
19 | schema:
20 | openAPIV3Schema:
21 | description: DosProtectedResource defines a Dos protected resource.
22 | type: object
23 | properties:
24 | apiVersion:
25 | description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
26 | type: string
27 | kind:
28 | description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
29 | type: string
30 | metadata:
31 | type: object
32 | spec:
33 | description: DosProtectedResourceSpec defines the properties and values a DosProtectedResource can have.
34 | type: object
35 | properties:
36 | apDosMonitor:
37 | description: 'ApDosMonitor is how NGINX App Protect DoS monitors the stress level of the protected object. The monitor requests are sent from localhost (127.0.0.1). Default value: URI - None, protocol - http1, timeout - NGINX App Protect DoS default.'
38 | type: object
39 | properties:
40 | protocol:
41 | description: Protocol determines if the server listens on http1 / http2 / grpc / websocket. The default is http1.
42 | type: string
43 | enum:
44 | - http1
45 | - http2
46 | - grpc
47 | - websocket
48 | timeout:
49 | description: Timeout determines how long (in seconds) should NGINX App Protect DoS wait for a response. Default is 10 seconds for http1/http2 and 5 seconds for grpc.
50 | type: integer
51 | format: int64
52 | uri:
53 | description: 'URI is the destination to the desired protected object in the nginx.conf:'
54 | type: string
55 | apDosPolicy:
56 | description: ApDosPolicy is the namespace/name of a ApDosPolicy resource
57 | type: string
58 | dosAccessLogDest:
59 | description: DosAccessLogDest is the network address for the access logs
60 | type: string
61 | dosSecurityLog:
62 | description: DosSecurityLog defines the security log of the DosProtectedResource.
63 | type: object
64 | properties:
65 | apDosLogConf:
66 | description: ApDosLogConf is the namespace/name of a APDosLogConf resource
67 | type: string
68 | dosLogDest:
69 | description: DosLogDest is the network address of a logging service, can be either IP or DNS name.
70 | type: string
71 | enable:
72 | description: Enable enables the security logging feature if set to true
73 | type: boolean
74 | enable:
75 | description: Enable enables the DOS feature if set to true
76 | type: boolean
77 | name:
78 | description: Name is the name of protected object, max of 63 characters.
79 | type: string
80 | served: true
81 | storage: true
82 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/crds/externaldns.nginx.org_dnsendpoints.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | annotations:
5 | controller-gen.kubebuilder.io/version: v0.12.1
6 | name: dnsendpoints.externaldns.nginx.org
7 | spec:
8 | group: externaldns.nginx.org
9 | names:
10 | kind: DNSEndpoint
11 | listKind: DNSEndpointList
12 | plural: dnsendpoints
13 | singular: dnsendpoint
14 | scope: Namespaced
15 | versions:
16 | - name: v1
17 | schema:
18 | openAPIV3Schema:
19 | description: DNSEndpoint is the CRD wrapper for Endpoint
20 | type: object
21 | properties:
22 | apiVersion:
23 | description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
24 | type: string
25 | kind:
26 | description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
27 | type: string
28 | metadata:
29 | type: object
30 | spec:
31 | description: DNSEndpointSpec holds information about endpoints.
32 | type: object
33 | properties:
34 | endpoints:
35 | type: array
36 | items:
37 | description: Endpoint describes DNS Endpoint.
38 | type: object
39 | properties:
40 | dnsName:
41 | description: The hostname for the DNS record
42 | type: string
43 | labels:
44 | description: Labels stores labels defined for the Endpoint
45 | type: object
46 | additionalProperties:
47 | type: string
48 | providerSpecific:
49 | description: ProviderSpecific stores provider specific config
50 | type: array
51 | items:
52 | description: ProviderSpecificProperty represents provider specific config property.
53 | type: object
54 | properties:
55 | name:
56 | description: Name of the property
57 | type: string
58 | value:
59 | description: Value of the property
60 | type: string
61 | recordTTL:
62 | description: TTL for the record
63 | type: integer
64 | format: int64
65 | recordType:
66 | description: RecordType type of record, e.g. CNAME, A, SRV, TXT, MX
67 | type: string
68 | targets:
69 | description: The targets the DNS service points to
70 | type: array
71 | items:
72 | type: string
73 | status:
74 | description: DNSEndpointStatus represents generation observed by the external dns controller.
75 | type: object
76 | properties:
77 | observedGeneration:
78 | description: The generation observed by by the external-dns controller.
79 | type: integer
80 | format: int64
81 | served: true
82 | storage: true
83 | subresources:
84 | status: {}
85 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/crds/k8s.nginx.org_globalconfigurations.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | annotations:
5 | controller-gen.kubebuilder.io/version: v0.12.1
6 | name: globalconfigurations.k8s.nginx.org
7 | spec:
8 | group: k8s.nginx.org
9 | names:
10 | kind: GlobalConfiguration
11 | listKind: GlobalConfigurationList
12 | plural: globalconfigurations
13 | shortNames:
14 | - gc
15 | singular: globalconfiguration
16 | scope: Namespaced
17 | versions:
18 | - name: v1alpha1
19 | schema:
20 | openAPIV3Schema:
21 | description: GlobalConfiguration defines the GlobalConfiguration resource.
22 | type: object
23 | properties:
24 | apiVersion:
25 | description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
26 | type: string
27 | kind:
28 | description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
29 | type: string
30 | metadata:
31 | type: object
32 | spec:
33 | description: GlobalConfigurationSpec is the spec of the GlobalConfiguration resource.
34 | type: object
35 | properties:
36 | listeners:
37 | type: array
38 | items:
39 | description: Listener defines a listener.
40 | type: object
41 | properties:
42 | name:
43 | type: string
44 | port:
45 | type: integer
46 | protocol:
47 | type: string
48 | served: true
49 | storage: true
50 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/crds/k8s.nginx.org_policies.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | annotations:
5 | controller-gen.kubebuilder.io/version: v0.12.1
6 | name: policies.k8s.nginx.org
7 | spec:
8 | group: k8s.nginx.org
9 | names:
10 | kind: Policy
11 | listKind: PolicyList
12 | plural: policies
13 | shortNames:
14 | - pol
15 | singular: policy
16 | scope: Namespaced
17 | versions:
18 | - additionalPrinterColumns:
19 | - description: Current state of the Policy. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller.
20 | jsonPath: .status.state
21 | name: State
22 | type: string
23 | - jsonPath: .metadata.creationTimestamp
24 | name: Age
25 | type: date
26 | name: v1
27 | schema:
28 | openAPIV3Schema:
29 | description: Policy defines a Policy for VirtualServer and VirtualServerRoute resources.
30 | type: object
31 | properties:
32 | apiVersion:
33 | description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
34 | type: string
35 | kind:
36 | description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
37 | type: string
38 | metadata:
39 | type: object
40 | spec:
41 | description: PolicySpec is the spec of the Policy resource. The spec includes multiple fields, where each field represents a different policy. Only one policy (field) is allowed.
42 | type: object
43 | properties:
44 | accessControl:
45 | description: AccessControl defines an access policy based on the source IP of a request.
46 | type: object
47 | properties:
48 | allow:
49 | type: array
50 | items:
51 | type: string
52 | deny:
53 | type: array
54 | items:
55 | type: string
56 | basicAuth:
57 | description: 'BasicAuth holds HTTP Basic authentication configuration policy status: preview'
58 | type: object
59 | properties:
60 | realm:
61 | type: string
62 | secret:
63 | type: string
64 | egressMTLS:
65 | description: EgressMTLS defines an Egress MTLS policy.
66 | type: object
67 | properties:
68 | ciphers:
69 | type: string
70 | protocols:
71 | type: string
72 | serverName:
73 | type: boolean
74 | sessionReuse:
75 | type: boolean
76 | sslName:
77 | type: string
78 | tlsSecret:
79 | type: string
80 | trustedCertSecret:
81 | type: string
82 | verifyDepth:
83 | type: integer
84 | verifyServer:
85 | type: boolean
86 | ingressClassName:
87 | type: string
88 | ingressMTLS:
89 | description: IngressMTLS defines an Ingress MTLS policy.
90 | type: object
91 | properties:
92 | clientCertSecret:
93 | type: string
94 | crlFileName:
95 | type: string
96 | verifyClient:
97 | type: string
98 | verifyDepth:
99 | type: integer
100 | jwt:
101 | description: JWTAuth holds JWT authentication configuration.
102 | type: object
103 | properties:
104 | jwksURI:
105 | type: string
106 | keyCache:
107 | type: string
108 | realm:
109 | type: string
110 | secret:
111 | type: string
112 | token:
113 | type: string
114 | oidc:
115 | description: OIDC defines an Open ID Connect policy.
116 | type: object
117 | properties:
118 | accessTokenEnable:
119 | type: boolean
120 | authEndpoint:
121 | type: string
122 | authExtraArgs:
123 | type: array
124 | items:
125 | type: string
126 | clientID:
127 | type: string
128 | clientSecret:
129 | type: string
130 | jwksURI:
131 | type: string
132 | redirectURI:
133 | type: string
134 | scope:
135 | type: string
136 | tokenEndpoint:
137 | type: string
138 | zoneSyncLeeway:
139 | type: integer
140 | rateLimit:
141 | description: RateLimit defines a rate limit policy.
142 | type: object
143 | properties:
144 | burst:
145 | type: integer
146 | delay:
147 | type: integer
148 | dryRun:
149 | type: boolean
150 | key:
151 | type: string
152 | logLevel:
153 | type: string
154 | noDelay:
155 | type: boolean
156 | rate:
157 | type: string
158 | rejectCode:
159 | type: integer
160 | zoneSize:
161 | type: string
162 | waf:
163 | description: WAF defines an WAF policy.
164 | type: object
165 | properties:
166 | apBundle:
167 | type: string
168 | apPolicy:
169 | type: string
170 | enable:
171 | type: boolean
172 | securityLog:
173 | description: SecurityLog defines the security log of a WAF policy.
174 | type: object
175 | properties:
176 | apLogConf:
177 | type: string
178 | enable:
179 | type: boolean
180 | logDest:
181 | type: string
182 | securityLogs:
183 | type: array
184 | items:
185 | description: SecurityLog defines the security log of a WAF policy.
186 | type: object
187 | properties:
188 | apLogConf:
189 | type: string
190 | enable:
191 | type: boolean
192 | logDest:
193 | type: string
194 | status:
195 | description: PolicyStatus is the status of the policy resource
196 | type: object
197 | properties:
198 | message:
199 | type: string
200 | reason:
201 | type: string
202 | state:
203 | type: string
204 | served: true
205 | storage: true
206 | subresources:
207 | status: {}
208 | - name: v1alpha1
209 | schema:
210 | openAPIV3Schema:
211 | description: Policy defines a Policy for VirtualServer and VirtualServerRoute resources.
212 | type: object
213 | properties:
214 | apiVersion:
215 | description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
216 | type: string
217 | kind:
218 | description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
219 | type: string
220 | metadata:
221 | type: object
222 | spec:
223 | description: PolicySpec is the spec of the Policy resource. The spec includes multiple fields, where each field represents a different policy. Only one policy (field) is allowed.
224 | type: object
225 | properties:
226 | accessControl:
227 | description: AccessControl defines an access policy based on the source IP of a request.
228 | type: object
229 | properties:
230 | allow:
231 | type: array
232 | items:
233 | type: string
234 | deny:
235 | type: array
236 | items:
237 | type: string
238 | egressMTLS:
239 | description: EgressMTLS defines an Egress MTLS policy.
240 | type: object
241 | properties:
242 | ciphers:
243 | type: string
244 | protocols:
245 | type: string
246 | serverName:
247 | type: boolean
248 | sessionReuse:
249 | type: boolean
250 | sslName:
251 | type: string
252 | tlsSecret:
253 | type: string
254 | trustedCertSecret:
255 | type: string
256 | verifyDepth:
257 | type: integer
258 | verifyServer:
259 | type: boolean
260 | ingressMTLS:
261 | description: IngressMTLS defines an Ingress MTLS policy.
262 | type: object
263 | properties:
264 | clientCertSecret:
265 | type: string
266 | verifyClient:
267 | type: string
268 | verifyDepth:
269 | type: integer
270 | jwt:
271 | description: JWTAuth holds JWT authentication configuration.
272 | type: object
273 | properties:
274 | realm:
275 | type: string
276 | secret:
277 | type: string
278 | token:
279 | type: string
280 | rateLimit:
281 | description: RateLimit defines a rate limit policy.
282 | type: object
283 | properties:
284 | burst:
285 | type: integer
286 | delay:
287 | type: integer
288 | dryRun:
289 | type: boolean
290 | key:
291 | type: string
292 | logLevel:
293 | type: string
294 | noDelay:
295 | type: boolean
296 | rate:
297 | type: string
298 | rejectCode:
299 | type: integer
300 | zoneSize:
301 | type: string
302 | served: true
303 | storage: false
304 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/crds/k8s.nginx.org_transportservers.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | annotations:
5 | controller-gen.kubebuilder.io/version: v0.12.1
6 | name: transportservers.k8s.nginx.org
7 | spec:
8 | group: k8s.nginx.org
9 | names:
10 | kind: TransportServer
11 | listKind: TransportServerList
12 | plural: transportservers
13 | shortNames:
14 | - ts
15 | singular: transportserver
16 | scope: Namespaced
17 | versions:
18 | - additionalPrinterColumns:
19 | - description: Current state of the TransportServer. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller.
20 | jsonPath: .status.state
21 | name: State
22 | type: string
23 | - jsonPath: .status.reason
24 | name: Reason
25 | type: string
26 | - jsonPath: .metadata.creationTimestamp
27 | name: Age
28 | type: date
29 | name: v1alpha1
30 | schema:
31 | openAPIV3Schema:
32 | description: TransportServer defines the TransportServer resource.
33 | type: object
34 | properties:
35 | apiVersion:
36 | description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
37 | type: string
38 | kind:
39 | description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
40 | type: string
41 | metadata:
42 | type: object
43 | spec:
44 | description: TransportServerSpec is the spec of the TransportServer resource.
45 | type: object
46 | properties:
47 | action:
48 | description: Action defines an action.
49 | type: object
50 | properties:
51 | pass:
52 | type: string
53 | host:
54 | type: string
55 | ingressClassName:
56 | type: string
57 | listener:
58 | description: TransportServerListener defines a listener for a TransportServer.
59 | type: object
60 | properties:
61 | name:
62 | type: string
63 | protocol:
64 | type: string
65 | serverSnippets:
66 | type: string
67 | sessionParameters:
68 | description: SessionParameters defines session parameters.
69 | type: object
70 | properties:
71 | timeout:
72 | type: string
73 | streamSnippets:
74 | type: string
75 | tls:
76 | description: TLS defines TLS configuration for a TransportServer.
77 | type: object
78 | properties:
79 | secret:
80 | type: string
81 | upstreamParameters:
82 | description: UpstreamParameters defines parameters for an upstream.
83 | type: object
84 | properties:
85 | connectTimeout:
86 | type: string
87 | nextUpstream:
88 | type: boolean
89 | nextUpstreamTimeout:
90 | type: string
91 | nextUpstreamTries:
92 | type: integer
93 | udpRequests:
94 | type: integer
95 | udpResponses:
96 | type: integer
97 | upstreams:
98 | type: array
99 | items:
100 | description: Upstream defines an upstream.
101 | type: object
102 | properties:
103 | failTimeout:
104 | type: string
105 | healthCheck:
106 | description: HealthCheck defines the parameters for active Upstream HealthChecks.
107 | type: object
108 | properties:
109 | enable:
110 | type: boolean
111 | fails:
112 | type: integer
113 | interval:
114 | type: string
115 | jitter:
116 | type: string
117 | match:
118 | description: Match defines the parameters of a custom health check.
119 | type: object
120 | properties:
121 | expect:
122 | type: string
123 | send:
124 | type: string
125 | passes:
126 | type: integer
127 | port:
128 | type: integer
129 | timeout:
130 | type: string
131 | loadBalancingMethod:
132 | type: string
133 | maxConns:
134 | type: integer
135 | maxFails:
136 | type: integer
137 | name:
138 | type: string
139 | port:
140 | type: integer
141 | service:
142 | type: string
143 | status:
144 | description: TransportServerStatus defines the status for the TransportServer resource.
145 | type: object
146 | properties:
147 | message:
148 | type: string
149 | reason:
150 | type: string
151 | state:
152 | type: string
153 | served: true
154 | storage: true
155 | subresources:
156 | status: {}
157 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | The NGINX Ingress Controller has been installed.
2 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{/* vim: set filetype=mustache: */}}
2 |
3 | {{/*
4 | Expand the name of the chart.
5 | */}}
6 | {{- define "nginx-ingress.name" -}}
7 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
8 | {{- end }}
9 |
10 | {{/*
11 | Create a default fully qualified app name.
12 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
13 | If release name contains chart name it will be used as a full name.
14 | */}}
15 | {{- define "nginx-ingress.fullname" -}}
16 | {{- if .Values.fullnameOverride }}
17 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
18 | {{- else }}
19 | {{- $name := default .Chart.Name .Values.nameOverride }}
20 | {{- if contains $name .Release.Name }}
21 | {{- .Release.Name | trunc 63 | trimSuffix "-" }}
22 | {{- else }}
23 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
24 | {{- end }}
25 | {{- end }}
26 | {{- end }}
27 |
28 | {{/*
29 | Create a default fully qualified controller name.
30 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
31 | */}}
32 | {{- define "nginx-ingress.controller.fullname" -}}
33 | {{- printf "%s-%s" (include "nginx-ingress.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
34 | {{- end -}}
35 |
36 | {{/*
37 | Create a default fully qualified controller service name.
38 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
39 | */}}
40 | {{- define "nginx-ingress.controller.service.name" -}}
41 | {{- default (include "nginx-ingress.controller.fullname" .) .Values.serviceNameOverride | trunc 63 | trimSuffix "-" -}}
42 | {{- end -}}
43 |
44 | {{/*
45 | Create chart name and version as used by the chart label.
46 | */}}
47 | {{- define "nginx-ingress.chart" -}}
48 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
49 | {{- end }}
50 |
51 | {{/*
52 | Common labels
53 | */}}
54 | {{- define "nginx-ingress.labels" -}}
55 | helm.sh/chart: {{ include "nginx-ingress.chart" . }}
56 | {{ include "nginx-ingress.selectorLabels" . }}
57 | {{- if .Chart.AppVersion }}
58 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
59 | {{- end }}
60 | app.kubernetes.io/managed-by: {{ .Release.Service }}
61 | {{- end }}
62 |
63 | {{/*
64 | Selector labels
65 | */}}
66 | {{- define "nginx-ingress.selectorLabels" -}}
67 | app.kubernetes.io/name: {{ include "nginx-ingress.name" . }}
68 | app.kubernetes.io/instance: {{ .Release.Name }}
69 | {{- end }}
70 |
71 | {{/*
72 | Expand the name of the configmap.
73 | */}}
74 | {{- define "nginx-ingress.configName" -}}
75 | {{- if .Values.controller.customConfigMap -}}
76 | {{ .Values.controller.customConfigMap }}
77 | {{- else -}}
78 | {{- default (include "nginx-ingress.fullname" .) .Values.controller.config.name -}}
79 | {{- end -}}
80 | {{- end -}}
81 |
82 | {{/*
83 | Expand leader election lock name.
84 | */}}
85 | {{- define "nginx-ingress.leaderElectionName" -}}
86 | {{- if .Values.controller.reportIngressStatus.leaderElectionLockName -}}
87 | {{ .Values.controller.reportIngressStatus.leaderElectionLockName }}
88 | {{- else -}}
89 | {{- printf "%s-%s" (include "nginx-ingress.fullname" .) "leader-election" -}}
90 | {{- end -}}
91 | {{- end -}}
92 |
93 | {{/*
94 | Expand service account name.
95 | */}}
96 | {{- define "nginx-ingress.serviceAccountName" -}}
97 | {{- default (include "nginx-ingress.fullname" .) .Values.controller.serviceAccount.name -}}
98 | {{- end -}}
99 |
100 | {{/*
101 | Expand default TLS name.
102 | */}}
103 | {{- define "nginx-ingress.defaultTLSName" -}}
104 | {{- printf "%s-%s" (include "nginx-ingress.fullname" .) "default-server-tls" -}}
105 | {{- end -}}
106 |
107 | {{/*
108 | Expand wildcard TLS name.
109 | */}}
110 | {{- define "nginx-ingress.wildcardTLSName" -}}
111 | {{- printf "%s-%s" (include "nginx-ingress.fullname" .) "wildcard-tls" -}}
112 | {{- end -}}
113 |
114 | {{- define "nginx-ingress.tag" -}}
115 | {{- default .Chart.AppVersion .Values.controller.image.tag -}}
116 | {{- end -}}
117 |
118 | {{/*
119 | Expand image name.
120 | */}}
121 | {{- define "nginx-ingress.image" -}}
122 | {{- if .Values.controller.image.digest -}}
123 | {{- printf "%s@%s" .Values.controller.image.repository .Values.controller.image.digest -}}
124 | {{- else -}}
125 | {{- printf "%s:%s" .Values.controller.image.repository (include "nginx-ingress.tag" .) -}}
126 | {{- end -}}
127 | {{- end -}}
128 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/templates/controller-configmap.yaml:
--------------------------------------------------------------------------------
1 | {{- if not .Values.controller.customConfigMap -}}
2 | apiVersion: v1
3 | kind: ConfigMap
4 | metadata:
5 | name: {{ include "nginx-ingress.configName" . }}
6 | namespace: {{ .Release.Namespace }}
7 | labels:
8 | {{- include "nginx-ingress.labels" . | nindent 4 }}
9 | {{- if .Values.controller.config.annotations }}
10 | annotations:
11 | {{ toYaml .Values.controller.config.annotations | indent 4 }}
12 | {{- end }}
13 | data:
14 | {{- if .Values.controller.config.entries }}
15 | {{ toYaml .Values.controller.config.entries | indent 2 }}
16 | {{- end }}
17 | {{- end }}
18 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/templates/controller-daemonset.yaml:
--------------------------------------------------------------------------------
1 | {{- if eq .Values.controller.kind "daemonset" }}
2 | apiVersion: apps/v1
3 | kind: DaemonSet
4 | metadata:
5 | name: {{ include "nginx-ingress.controller.fullname" . }}
6 | namespace: {{ .Release.Namespace }}
7 | labels:
8 | {{- include "nginx-ingress.labels" . | nindent 4 }}
9 | {{- if .Values.controller.annotations }}
10 | annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
11 | {{- end }}
12 | spec:
13 | selector:
14 | matchLabels:
15 | {{- include "nginx-ingress.selectorLabels" . | nindent 6 }}
16 | template:
17 | metadata:
18 | labels:
19 | {{- include "nginx-ingress.selectorLabels" . | nindent 8 }}
20 | {{- if .Values.nginxServiceMesh.enable }}
21 | nsm.nginx.com/enable-ingress: "true"
22 | nsm.nginx.com/enable-egress: "{{ .Values.nginxServiceMesh.enableEgress }}"
23 | nsm.nginx.com/daemonset: {{ include "nginx-ingress.controller.fullname" . }}
24 | {{- end }}
25 | {{- if .Values.controller.pod.extraLabels }}
26 | {{ toYaml .Values.controller.pod.extraLabels | indent 8 }}
27 | {{- end }}
28 | {{- if or .Values.prometheus.create .Values.controller.pod.annotations }}
29 | annotations:
30 | {{- if .Values.prometheus.create }}
31 | prometheus.io/scrape: "true"
32 | prometheus.io/port: "{{ .Values.prometheus.port }}"
33 | prometheus.io/scheme: "{{ .Values.prometheus.scheme }}"
34 | {{- end }}
35 | {{- if .Values.controller.pod.annotations }}
36 | {{ toYaml .Values.controller.pod.annotations | indent 8 }}
37 | {{- end }}
38 | {{- end }}
39 | spec:
40 | serviceAccountName: {{ include "nginx-ingress.serviceAccountName" . }}
41 | automountServiceAccountToken: true
42 | securityContext:
43 | seccompProfile:
44 | type: RuntimeDefault
45 | terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
46 | {{- if .Values.controller.nodeSelector }}
47 | nodeSelector:
48 | {{ toYaml .Values.controller.nodeSelector | indent 8 }}
49 | {{- end }}
50 | {{- if .Values.controller.tolerations }}
51 | tolerations:
52 | {{ toYaml .Values.controller.tolerations | indent 6 }}
53 | {{- end }}
54 | {{- if .Values.controller.affinity }}
55 | affinity:
56 | {{ toYaml .Values.controller.affinity | indent 8 }}
57 | {{- end }}
58 | {{- if or .Values.controller.readOnlyRootFilesystem .Values.controller.volumes }}
59 | volumes:
60 | {{- end }}
61 | {{- if .Values.controller.readOnlyRootFilesystem }}
62 | - name: nginx-etc
63 | emptyDir: {}
64 | - name: nginx-cache
65 | emptyDir: {}
66 | - name: nginx-lib
67 | emptyDir: {}
68 | - name: nginx-log
69 | emptyDir: {}
70 | {{- end }}
71 | {{- if .Values.controller.volumes }}
72 | {{ toYaml .Values.controller.volumes | indent 6 }}
73 | {{- end }}
74 | {{- if .Values.controller.priorityClassName }}
75 | priorityClassName: {{ .Values.controller.priorityClassName }}
76 | {{- end }}
77 | hostNetwork: {{ .Values.controller.hostNetwork }}
78 | dnsPolicy: {{ .Values.controller.dnsPolicy }}
79 | containers:
80 | - name: {{ include "nginx-ingress.name" . }}
81 | image: {{ include "nginx-ingress.image" . }}
82 | imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
83 | {{- if .Values.controller.lifecycle }}
84 | lifecycle:
85 | {{ toYaml .Values.controller.lifecycle | indent 10 }}
86 | {{- end }}
87 | ports:
88 | - name: http
89 | containerPort: 80
90 | hostPort: 80
91 | - name: https
92 | containerPort: 443
93 | hostPort: 443
94 | {{ if .Values.controller.customPorts }}
95 | {{ toYaml .Values.controller.customPorts | indent 8 }}
96 | {{ end }}
97 | {{- if .Values.prometheus.create }}
98 | - name: prometheus
99 | containerPort: {{ .Values.prometheus.port }}
100 | {{- end }}
101 | {{- if .Values.serviceInsight.create }}
102 | - name: service-insight
103 | containerPort: {{ .Values.serviceInsight.port }}
104 | {{- end }}
105 | {{- if .Values.controller.readyStatus.enable }}
106 | - name: readiness-port
107 | containerPort: {{ .Values.controller.readyStatus.port }}
108 | readinessProbe:
109 | httpGet:
110 | path: /nginx-ready
111 | port: readiness-port
112 | periodSeconds: 1
113 | initialDelaySeconds: {{ .Values.controller.readyStatus.initialDelaySeconds }}
114 | {{- end }}
115 | securityContext:
116 | allowPrivilegeEscalation: false
117 | readOnlyRootFilesystem: {{ .Values.controller.readOnlyRootFilesystem }}
118 | runAsUser: 101 #nginx
119 | runAsNonRoot: true
120 | capabilities:
121 | drop:
122 | - ALL
123 | add:
124 | - NET_BIND_SERVICE
125 | {{- if or .Values.controller.readOnlyRootFilesystem .Values.controller.volumeMounts }}
126 | volumeMounts:
127 | {{- end }}
128 | {{- if .Values.controller.readOnlyRootFilesystem }}
129 | - mountPath: /etc/nginx
130 | name: nginx-etc
131 | - mountPath: /var/cache/nginx
132 | name: nginx-cache
133 | - mountPath: /var/lib/nginx
134 | name: nginx-lib
135 | - mountPath: /var/log/nginx
136 | name: nginx-log
137 | {{- end }}
138 | {{- if .Values.controller.volumeMounts }}
139 | {{ toYaml .Values.controller.volumeMounts | indent 8 }}
140 | {{- end }}
141 | env:
142 | - name: POD_NAMESPACE
143 | valueFrom:
144 | fieldRef:
145 | fieldPath: metadata.namespace
146 | - name: POD_NAME
147 | valueFrom:
148 | fieldRef:
149 | fieldPath: metadata.name
150 | {{- if .Values.controller.env }}
151 | {{ toYaml .Values.controller.env | indent 8 }}
152 | {{- end }}
153 | {{- if .Values.nginxServiceMesh.enable }}
154 | - name: POD_SERVICEACCOUNT
155 | valueFrom:
156 | fieldRef:
157 | fieldPath: spec.serviceAccountName
158 | {{- end }}
159 | resources:
160 | {{ toYaml .Values.controller.resources | indent 10 }}
161 | args:
162 | - -nginx-plus={{ .Values.controller.nginxplus }}
163 | - -nginx-reload-timeout={{ .Values.controller.nginxReloadTimeout }}
164 | - -enable-app-protect={{ .Values.controller.appprotect.enable }}
165 | {{- if and .Values.controller.appprotect.enable .Values.controller.appprotect.logLevel }}
166 | - -app-protect-log-level={{ .Values.controller.appprotect.logLevel }}
167 | {{ end }}
168 | - -enable-app-protect-dos={{ .Values.controller.appprotectdos.enable }}
169 | {{- if .Values.controller.appprotectdos.enable }}
170 | - -app-protect-dos-debug={{ .Values.controller.appprotectdos.debug }}
171 | - -app-protect-dos-max-daemons={{ .Values.controller.appprotectdos.maxDaemons }}
172 | - -app-protect-dos-max-workers={{ .Values.controller.appprotectdos.maxWorkers }}
173 | - -app-protect-dos-memory={{ .Values.controller.appprotectdos.memory }}
174 | {{ end }}
175 | - -nginx-configmaps=$(POD_NAMESPACE)/{{ include "nginx-ingress.configName" . }}
176 | {{- if .Values.controller.defaultTLS.secret }}
177 | - -default-server-tls-secret={{ .Values.controller.defaultTLS.secret }}
178 | {{ else if and (.Values.controller.defaultTLS.cert) (.Values.controller.defaultTLS.key) }}
179 | - -default-server-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.defaultTLSName" . }}
180 | {{- end }}
181 | - -ingress-class={{ .Values.controller.ingressClass }}
182 | {{- if .Values.controller.watchNamespace }}
183 | - -watch-namespace={{ .Values.controller.watchNamespace }}
184 | {{- end }}
185 | {{- if .Values.controller.watchNamespaceLabel }}
186 | - -watch-namespace-label={{ .Values.controller.watchNamespaceLabel }}
187 | {{- end }}
188 | {{- if .Values.controller.watchSecretNamespace }}
189 | - -watch-secret-namespace={{ .Values.controller.watchSecretNamespace }}
190 | {{- end }}
191 | - -health-status={{ .Values.controller.healthStatus }}
192 | - -health-status-uri={{ .Values.controller.healthStatusURI }}
193 | - -nginx-debug={{ .Values.controller.nginxDebug }}
194 | - -v={{ .Values.controller.logLevel }}
195 | - -nginx-status={{ .Values.controller.nginxStatus.enable }}
196 | {{- if .Values.controller.nginxStatus.enable }}
197 | - -nginx-status-port={{ .Values.controller.nginxStatus.port }}
198 | - -nginx-status-allow-cidrs={{ .Values.controller.nginxStatus.allowCidrs }}
199 | {{- end }}
200 | {{- if .Values.controller.reportIngressStatus.enable }}
201 | - -report-ingress-status
202 | {{- if .Values.controller.reportIngressStatus.ingressLink }}
203 | - -ingresslink={{ .Values.controller.reportIngressStatus.ingressLink }}
204 | {{- else if .Values.controller.reportIngressStatus.externalService }}
205 | - -external-service={{ .Values.controller.reportIngressStatus.externalService }}
206 | {{- else if and (.Values.controller.service.create) (eq .Values.controller.service.type "LoadBalancer") }}
207 | - -external-service={{ include "nginx-ingress.controller.service.name" . }}
208 | {{- end }}
209 | {{- end }}
210 | - -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }}
211 | {{- if .Values.controller.reportIngressStatus.enableLeaderElection }}
212 | - -leader-election-lock-name={{ include "nginx-ingress.leaderElectionName" . }}
213 | {{- end }}
214 | {{- if .Values.controller.wildcardTLS.secret }}
215 | - -wildcard-tls-secret={{ .Values.controller.wildcardTLS.secret }}
216 | {{- else if and .Values.controller.wildcardTLS.cert .Values.controller.wildcardTLS.key }}
217 | - -wildcard-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.wildcardTLSName" . }}
218 | {{- end }}
219 | - -enable-prometheus-metrics={{ .Values.prometheus.create }}
220 | - -prometheus-metrics-listen-port={{ .Values.prometheus.port }}
221 | - -prometheus-tls-secret={{ .Values.prometheus.secret }}
222 | - -enable-service-insight={{ .Values.serviceInsight.create }}
223 | - -service-insight-listen-port={{ .Values.serviceInsight.port }}
224 | - -service-insight-tls-secret={{ .Values.serviceInsight.secret }}
225 | - -enable-custom-resources={{ .Values.controller.enableCustomResources }}
226 | - -enable-snippets={{ .Values.controller.enableSnippets }}
227 | - -include-year={{ .Values.controller.includeYear }}
228 | - -disable-ipv6={{ .Values.controller.disableIPV6 }}
229 | {{- if .Values.controller.enableCustomResources }}
230 | - -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }}
231 | - -enable-preview-policies={{ .Values.controller.enablePreviewPolicies }}
232 | - -enable-cert-manager={{ .Values.controller.enableCertManager }}
233 | - -enable-oidc={{ .Values.controller.enableOIDC }}
234 | - -enable-external-dns={{ .Values.controller.enableExternalDNS }}
235 | {{- if .Values.controller.globalConfiguration.create }}
236 | - -global-configuration=$(POD_NAMESPACE)/{{ include "nginx-ingress.controller.fullname" . }}
237 | {{- end }}
238 | {{- end }}
239 | - -ready-status={{ .Values.controller.readyStatus.enable }}
240 | - -ready-status-port={{ .Values.controller.readyStatus.port }}
241 | - -enable-latency-metrics={{ .Values.controller.enableLatencyMetrics }}
242 | {{- if .Values.controller.extraContainers }}
243 | {{ toYaml .Values.controller.extraContainers | nindent 6 }}
244 | {{- end }}
245 | {{- if or .Values.controller.readOnlyRootFilesystem .Values.controller.initContainers }}
246 | initContainers:
247 | {{- end }}
248 | {{- if .Values.controller.readOnlyRootFilesystem }}
249 | - name: init-{{ include "nginx-ingress.name" . }}
250 | image: {{ include "nginx-ingress.image" . }}
251 | imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
252 | command: ['cp', '-vdR', '/etc/nginx/.', '/mnt/etc']
253 | securityContext:
254 | allowPrivilegeEscalation: false
255 | readOnlyRootFilesystem: true
256 | runAsUser: 101 #nginx
257 | runAsNonRoot: true
258 | capabilities:
259 | drop:
260 | - ALL
261 | volumeMounts:
262 | - mountPath: /mnt/etc
263 | name: nginx-etc
264 | {{- end }}
265 | {{- if .Values.controller.initContainers }}
266 | {{ toYaml .Values.controller.initContainers | indent 6 }}
267 | {{- end }}
268 | {{- if .Values.controller.strategy }}
269 | updateStrategy:
270 | {{ toYaml .Values.controller.strategy | indent 4 }}
271 | {{- end }}
272 | {{- if .Values.controller.minReadySeconds }}
273 | minReadySeconds: {{ .Values.controller.minReadySeconds }}
274 | {{- end }}
275 | {{- end }}
276 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/templates/controller-deployment.yaml:
--------------------------------------------------------------------------------
1 | {{- if eq .Values.controller.kind "deployment" }}
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: {{ include "nginx-ingress.controller.fullname" . }}
6 | namespace: {{ .Release.Namespace }}
7 | labels:
8 | {{- include "nginx-ingress.labels" . | nindent 4 }}
9 | {{- if .Values.controller.annotations }}
10 | annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
11 | {{- end }}
12 | spec:
13 | {{- if not .Values.controller.autoscaling.enabled }}
14 | replicas: {{ .Values.controller.replicaCount }}
15 | {{- end }}
16 | selector:
17 | matchLabels:
18 | {{- include "nginx-ingress.selectorLabels" . | nindent 6 }}
19 | template:
20 | metadata:
21 | labels:
22 | {{- include "nginx-ingress.selectorLabels" . | nindent 8 }}
23 | {{- if .Values.nginxServiceMesh.enable }}
24 | nsm.nginx.com/enable-ingress: "true"
25 | nsm.nginx.com/enable-egress: "{{ .Values.nginxServiceMesh.enableEgress }}"
26 | nsm.nginx.com/deployment: {{ include "nginx-ingress.controller.fullname" . }}
27 | {{- end }}
28 | {{- if .Values.controller.pod.extraLabels }}
29 | {{ toYaml .Values.controller.pod.extraLabels | indent 8 }}
30 | {{- end }}
31 | {{- if or .Values.prometheus.create .Values.controller.pod.annotations }}
32 | annotations:
33 | {{- if .Values.prometheus.create }}
34 | prometheus.io/scrape: "true"
35 | prometheus.io/port: "{{ .Values.prometheus.port }}"
36 | prometheus.io/scheme: "{{ .Values.prometheus.scheme }}"
37 | {{- end }}
38 | {{- if .Values.controller.pod.annotations }}
39 | {{ toYaml .Values.controller.pod.annotations | indent 8 }}
40 | {{- end }}
41 | {{- end }}
42 | spec:
43 | {{- if .Values.controller.nodeSelector }}
44 | nodeSelector:
45 | {{ toYaml .Values.controller.nodeSelector | indent 8 }}
46 | {{- end }}
47 | {{- if .Values.controller.tolerations }}
48 | tolerations:
49 | {{ toYaml .Values.controller.tolerations | indent 6 }}
50 | {{- end }}
51 | {{- if .Values.controller.affinity }}
52 | affinity:
53 | {{ toYaml .Values.controller.affinity | indent 8 }}
54 | {{- end }}
55 | {{- if .Values.controller.topologySpreadConstraints }}
56 | topologySpreadConstraints:
57 | {{ toYaml .Values.controller.topologySpreadConstraints | indent 8 }}
58 | {{- end }}
59 | {{- if or .Values.controller.readOnlyRootFilesystem .Values.controller.volumes }}
60 | volumes:
61 | {{- end }}
62 | {{- if .Values.controller.readOnlyRootFilesystem }}
63 | - name: nginx-etc
64 | emptyDir: {}
65 | - name: nginx-cache
66 | emptyDir: {}
67 | - name: nginx-lib
68 | emptyDir: {}
69 | - name: nginx-log
70 | emptyDir: {}
71 | {{- end }}
72 | {{- if .Values.controller.volumes }}
73 | {{ toYaml .Values.controller.volumes | indent 6 }}
74 | {{- end }}
75 | {{- if .Values.controller.priorityClassName }}
76 | priorityClassName: {{ .Values.controller.priorityClassName }}
77 | {{- end }}
78 | serviceAccountName: {{ include "nginx-ingress.serviceAccountName" . }}
79 | automountServiceAccountToken: true
80 | securityContext:
81 | seccompProfile:
82 | type: RuntimeDefault
83 | terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
84 | hostNetwork: {{ .Values.controller.hostNetwork }}
85 | dnsPolicy: {{ .Values.controller.dnsPolicy }}
86 | containers:
87 | - image: {{ include "nginx-ingress.image" . }}
88 | name: {{ include "nginx-ingress.name" . }}
89 | imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
90 | {{- if .Values.controller.lifecycle }}
91 | lifecycle:
92 | {{ toYaml .Values.controller.lifecycle | indent 10 }}
93 | {{- end }}
94 | ports:
95 | - name: http
96 | containerPort: 80
97 | - name: https
98 | containerPort: 443
99 | {{- if .Values.controller.customPorts }}
100 | {{ toYaml .Values.controller.customPorts | indent 8 }}
101 | {{- end }}
102 | {{- if .Values.prometheus.create }}
103 | - name: prometheus
104 | containerPort: {{ .Values.prometheus.port }}
105 | {{- end }}
106 | {{- if .Values.serviceInsight.create }}
107 | - name: service-insight
108 | containerPort: {{ .Values.serviceInsight.port }}
109 | {{- end }}
110 | {{- if .Values.controller.readyStatus.enable }}
111 | - name: readiness-port
112 | containerPort: {{ .Values.controller.readyStatus.port }}
113 | readinessProbe:
114 | httpGet:
115 | path: /nginx-ready
116 | port: readiness-port
117 | periodSeconds: 1
118 | initialDelaySeconds: {{ .Values.controller.readyStatus.initialDelaySeconds }}
119 | {{- end }}
120 | resources:
121 | {{ toYaml .Values.controller.resources | indent 10 }}
122 | securityContext:
123 | allowPrivilegeEscalation: false
124 | readOnlyRootFilesystem: {{ .Values.controller.readOnlyRootFilesystem }}
125 | runAsUser: 101 #nginx
126 | runAsNonRoot: true
127 | capabilities:
128 | drop:
129 | - ALL
130 | add:
131 | - NET_BIND_SERVICE
132 | {{- if or .Values.controller.readOnlyRootFilesystem .Values.controller.volumeMounts }}
133 | volumeMounts:
134 | {{- end }}
135 | {{- if .Values.controller.readOnlyRootFilesystem }}
136 | - mountPath: /etc/nginx
137 | name: nginx-etc
138 | - mountPath: /var/cache/nginx
139 | name: nginx-cache
140 | - mountPath: /var/lib/nginx
141 | name: nginx-lib
142 | - mountPath: /var/log/nginx
143 | name: nginx-log
144 | {{- end }}
145 | {{- if .Values.controller.volumeMounts}}
146 | {{ toYaml .Values.controller.volumeMounts | indent 8 }}
147 | {{- end }}
148 | env:
149 | - name: POD_NAMESPACE
150 | valueFrom:
151 | fieldRef:
152 | fieldPath: metadata.namespace
153 | - name: POD_NAME
154 | valueFrom:
155 | fieldRef:
156 | fieldPath: metadata.name
157 | {{- if .Values.controller.env }}
158 | {{ toYaml .Values.controller.env | indent 8 }}
159 | {{- end }}
160 | {{- if .Values.nginxServiceMesh.enable }}
161 | - name: POD_SERVICEACCOUNT
162 | valueFrom:
163 | fieldRef:
164 | fieldPath: spec.serviceAccountName
165 | {{- end }}
166 | args:
167 | - -nginx-plus={{ .Values.controller.nginxplus }}
168 | - -nginx-reload-timeout={{ .Values.controller.nginxReloadTimeout }}
169 | - -enable-app-protect={{ .Values.controller.appprotect.enable }}
170 | {{- if and .Values.controller.appprotect.enable .Values.controller.appprotect.logLevel }}
171 | - -app-protect-log-level={{ .Values.controller.appprotect.logLevel }}
172 | {{ end }}
173 | - -enable-app-protect-dos={{ .Values.controller.appprotectdos.enable }}
174 | {{- if .Values.controller.appprotectdos.enable }}
175 | - -app-protect-dos-debug={{ .Values.controller.appprotectdos.debug }}
176 | - -app-protect-dos-max-daemons={{ .Values.controller.appprotectdos.maxDaemons }}
177 | - -app-protect-dos-max-workers={{ .Values.controller.appprotectdos.maxWorkers }}
178 | - -app-protect-dos-memory={{ .Values.controller.appprotectdos.memory }}
179 | {{ end }}
180 | - -nginx-configmaps=$(POD_NAMESPACE)/{{ include "nginx-ingress.configName" . }}
181 | {{- if .Values.controller.defaultTLS.secret }}
182 | - -default-server-tls-secret={{ .Values.controller.defaultTLS.secret }}
183 | {{ else if and (.Values.controller.defaultTLS.cert) (.Values.controller.defaultTLS.key) }}
184 | - -default-server-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.defaultTLSName" . }}
185 | {{- end }}
186 | - -ingress-class={{ .Values.controller.ingressClass }}
187 | {{- if .Values.controller.watchNamespace }}
188 | - -watch-namespace={{ .Values.controller.watchNamespace }}
189 | {{- end }}
190 | {{- if .Values.controller.watchNamespaceLabel }}
191 | - -watch-namespace-label={{ .Values.controller.watchNamespaceLabel }}
192 | {{- end }}
193 | {{- if .Values.controller.watchSecretNamespace }}
194 | - -watch-secret-namespace={{ .Values.controller.watchSecretNamespace }}
195 | {{- end }}
196 | - -health-status={{ .Values.controller.healthStatus }}
197 | - -health-status-uri={{ .Values.controller.healthStatusURI }}
198 | - -nginx-debug={{ .Values.controller.nginxDebug }}
199 | - -v={{ .Values.controller.logLevel }}
200 | - -nginx-status={{ .Values.controller.nginxStatus.enable }}
201 | {{- if .Values.controller.nginxStatus.enable }}
202 | - -nginx-status-port={{ .Values.controller.nginxStatus.port }}
203 | - -nginx-status-allow-cidrs={{ .Values.controller.nginxStatus.allowCidrs }}
204 | {{- end }}
205 | {{- if .Values.controller.reportIngressStatus.enable }}
206 | - -report-ingress-status
207 | {{- if .Values.controller.reportIngressStatus.ingressLink }}
208 | - -ingresslink={{ .Values.controller.reportIngressStatus.ingressLink }}
209 | {{- else if .Values.controller.reportIngressStatus.externalService }}
210 | - -external-service={{ .Values.controller.reportIngressStatus.externalService }}
211 | {{- else if and (.Values.controller.service.create) (eq .Values.controller.service.type "LoadBalancer") }}
212 | - -external-service={{ include "nginx-ingress.controller.service.name" . }}
213 | {{- end }}
214 | {{- end }}
215 | - -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }}
216 | {{- if .Values.controller.reportIngressStatus.enableLeaderElection }}
217 | - -leader-election-lock-name={{ include "nginx-ingress.leaderElectionName" . }}
218 | {{- end }}
219 | {{- if .Values.controller.wildcardTLS.secret }}
220 | - -wildcard-tls-secret={{ .Values.controller.wildcardTLS.secret }}
221 | {{- else if and .Values.controller.wildcardTLS.cert .Values.controller.wildcardTLS.key }}
222 | - -wildcard-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.wildcardTLSName" . }}
223 | {{- end }}
224 | - -enable-prometheus-metrics={{ .Values.prometheus.create }}
225 | - -prometheus-metrics-listen-port={{ .Values.prometheus.port }}
226 | - -prometheus-tls-secret={{ .Values.prometheus.secret }}
227 | - -enable-service-insight={{ .Values.serviceInsight.create }}
228 | - -service-insight-listen-port={{ .Values.serviceInsight.port }}
229 | - -service-insight-tls-secret={{ .Values.serviceInsight.secret }}
230 | - -enable-custom-resources={{ .Values.controller.enableCustomResources }}
231 | - -enable-snippets={{ .Values.controller.enableSnippets }}
232 | - -include-year={{ .Values.controller.includeYear }}
233 | - -disable-ipv6={{ .Values.controller.disableIPV6 }}
234 | {{- if .Values.controller.enableCustomResources }}
235 | - -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }}
236 | - -enable-preview-policies={{ .Values.controller.enablePreviewPolicies }}
237 | - -enable-cert-manager={{ .Values.controller.enableCertManager }}
238 | - -enable-oidc={{ .Values.controller.enableOIDC }}
239 | - -enable-external-dns={{ .Values.controller.enableExternalDNS }}
240 | {{- if .Values.controller.globalConfiguration.create }}
241 | - -global-configuration=$(POD_NAMESPACE)/{{ include "nginx-ingress.controller.fullname" . }}
242 | {{- end }}
243 | {{- end }}
244 | - -ready-status={{ .Values.controller.readyStatus.enable }}
245 | - -ready-status-port={{ .Values.controller.readyStatus.port }}
246 | - -enable-latency-metrics={{ .Values.controller.enableLatencyMetrics }}
247 | {{- if .Values.controller.extraContainers }}
248 | {{ toYaml .Values.controller.extraContainers | nindent 6 }}
249 | {{- end }}
250 | {{- if or .Values.controller.readOnlyRootFilesystem .Values.controller.initContainers }}
251 | initContainers:
252 | {{- end }}
253 | {{- if .Values.controller.readOnlyRootFilesystem }}
254 | - name: init-{{ include "nginx-ingress.name" . }}
255 | image: {{ include "nginx-ingress.image" . }}
256 | imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
257 | command: ['cp', '-vdR', '/etc/nginx/.', '/mnt/etc']
258 | securityContext:
259 | allowPrivilegeEscalation: false
260 | readOnlyRootFilesystem: true
261 | runAsUser: 101 #nginx
262 | runAsNonRoot: true
263 | capabilities:
264 | drop:
265 | - ALL
266 | volumeMounts:
267 | - mountPath: /mnt/etc
268 | name: nginx-etc
269 | {{- end }}
270 | {{- if .Values.controller.initContainers }}
271 | {{ toYaml .Values.controller.initContainers | indent 6 }}
272 | {{- end }}
273 | {{- if .Values.controller.strategy }}
274 | strategy:
275 | {{ toYaml .Values.controller.strategy | indent 4 }}
276 | {{- end }}
277 | {{- if .Values.controller.minReadySeconds }}
278 | minReadySeconds: {{ .Values.controller.minReadySeconds }}
279 | {{- end }}
280 | {{- end }}
281 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/templates/controller-globalconfiguration.yaml:
--------------------------------------------------------------------------------
1 | {{ if .Values.controller.globalConfiguration.create }}
2 | apiVersion: k8s.nginx.org/v1alpha1
3 | kind: GlobalConfiguration
4 | metadata:
5 | name: {{ include "nginx-ingress.controller.fullname" . }}
6 | namespace: {{ .Release.Namespace }}
7 | labels:
8 | {{- include "nginx-ingress.labels" . | nindent 4 }}
9 | spec:
10 | {{ toYaml .Values.controller.globalConfiguration.spec | indent 2 }}
11 | {{- end }}
12 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/templates/controller-hpa.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.controller.autoscaling.enabled (eq .Values.controller.kind "deployment") (semverCompare ">=1.23.0" .Capabilities.KubeVersion.Version) -}}
2 | apiVersion: autoscaling/v2
3 | kind: HorizontalPodAutoscaler
4 | metadata:
5 | name: {{ include "nginx-ingress.controller.fullname" . }}
6 | namespace: {{ .Release.Namespace }}
7 | labels:
8 | {{- include "nginx-ingress.labels" . | nindent 4 }}
9 | {{- if .Values.controller.autoscaling.annotations }}
10 | annotations:
11 | {{ toYaml .Values.controller.autoscaling.annotations | indent 4 }}
12 | {{- end }}
13 | spec:
14 | scaleTargetRef:
15 | apiVersion: apps/v1
16 | kind: Deployment
17 | name: {{ include "nginx-ingress.controller.fullname" . }}
18 | minReplicas: {{ .Values.controller.autoscaling.minReplicas }}
19 | maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
20 | metrics:
21 | {{- if .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
22 | - type: Resource
23 | resource:
24 | name: memory
25 | target:
26 | type: Utilization
27 | averageUtilization: {{ .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
28 | {{- end }}
29 | {{- if .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
30 | - type: Resource
31 | resource:
32 | name: cpu
33 | target:
34 | type: Utilization
35 | averageUtilization: {{ .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
36 | {{- end }}
37 | {{- end }}
38 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/templates/controller-ingress-class.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.k8s.io/v1
2 | kind: IngressClass
3 | metadata:
4 | name: {{ .Values.controller.ingressClass }}
5 | labels:
6 | {{- include "nginx-ingress.labels" . | nindent 4 }}
7 | {{- if .Values.controller.setAsDefaultIngress }}
8 | annotations:
9 | ingressclass.kubernetes.io/is-default-class: "true"
10 | {{- end }}
11 | spec:
12 | controller: nginx.org/ingress-controller
13 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/templates/controller-leader-election-configmap.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.controller.reportIngressStatus.enableLeaderElection }}
2 | apiVersion: v1
3 | kind: ConfigMap
4 | metadata:
5 | name: {{ include "nginx-ingress.leaderElectionName" . }}
6 | namespace: {{ .Release.Namespace }}
7 | labels:
8 | {{- include "nginx-ingress.labels" . | nindent 4 }}
9 | {{- if .Values.controller.reportIngressStatus.annotations }}
10 | annotations:
11 | {{ toYaml .Values.controller.reportIngressStatus.annotations | indent 4 }}
12 | {{- end }}
13 | {{- end }}
14 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/templates/controller-pdb.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.controller.podDisruptionBudget.enabled -}}
2 | apiVersion: policy/v1
3 | kind: PodDisruptionBudget
4 | metadata:
5 | name: {{ include "nginx-ingress.controller.fullname" . }}
6 | namespace: {{ .Release.Namespace }}
7 | labels:
8 | {{- include "nginx-ingress.labels" . | nindent 4 }}
9 | {{- if .Values.controller.podDisruptionBudget.annotations }}
10 | annotations:
11 | {{ toYaml .Values.controller.podDisruptionBudget.annotations | indent 4 }}
12 | {{- end }}
13 | spec:
14 | selector:
15 | matchLabels:
16 | {{- include "nginx-ingress.selectorLabels" . | nindent 6 }}
17 | {{- if .Values.controller.podDisruptionBudget.minAvailable }}
18 | minAvailable: {{ .Values.controller.podDisruptionBudget.minAvailable }}
19 | {{- end }}
20 | {{- if .Values.controller.podDisruptionBudget.maxUnavailable }}
21 | maxUnavailable: {{ .Values.controller.podDisruptionBudget.maxUnavailable }}
22 | {{- end }}
23 | {{- end }}
24 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/templates/controller-secret.yaml:
--------------------------------------------------------------------------------
1 | {{ if and (not .Values.controller.defaultTLS.secret) (.Values.controller.defaultTLS.cert) (.Values.controller.defaultTLS.key) }}
2 | apiVersion: v1
3 | kind: Secret
4 | metadata:
5 | name: {{ include "nginx-ingress.defaultTLSName" . }}
6 | namespace: {{ .Release.Namespace }}
7 | labels:
8 | {{- include "nginx-ingress.labels" . | nindent 4 }}
9 | type: kubernetes.io/tls
10 | data:
11 | tls.crt: {{ .Values.controller.defaultTLS.cert }}
12 | tls.key: {{ .Values.controller.defaultTLS.key }}
13 | {{- end }}
14 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/templates/controller-service.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.controller.service.create }}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: {{ include "nginx-ingress.controller.service.name" . }}
6 | namespace: {{ .Release.Namespace }}
7 | labels:
8 | {{- include "nginx-ingress.labels" . | nindent 4 }}
9 | {{- if .Values.controller.service.extraLabels }}
10 | {{ toYaml .Values.controller.service.extraLabels | indent 4 }}
11 | {{- end }}
12 | {{- if .Values.controller.service.annotations }}
13 | annotations:
14 | {{ toYaml .Values.controller.service.annotations | indent 4 }}
15 | {{- end }}
16 | spec:
17 | {{- if or (eq .Values.controller.service.type "LoadBalancer") (eq .Values.controller.service.type "NodePort") }}
18 | {{- if .Values.controller.service.externalTrafficPolicy }}
19 | externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }}
20 | {{- end }}
21 | {{- end }}
22 | {{- if eq .Values.controller.service.type "LoadBalancer" }}
23 | {{- if hasKey .Values.controller.service "allocateLoadBalancerNodePorts" }}
24 | allocateLoadBalancerNodePorts: {{ .Values.controller.service.allocateLoadBalancerNodePorts }}
25 | {{- end }}
26 | {{- if .Values.controller.service.loadBalancerIP }}
27 | loadBalancerIP: {{ .Values.controller.service.loadBalancerIP }}
28 | {{- end }}
29 | {{- if .Values.controller.service.loadBalancerSourceRanges }}
30 | loadBalancerSourceRanges:
31 | {{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }}
32 | {{- end }}
33 | {{- end }}
34 | type: {{ .Values.controller.service.type }}
35 | {{- if .Values.controller.service.ipFamilyPolicy }}
36 | ipFamilyPolicy: {{ .Values.controller.service.ipFamilyPolicy }}
37 | {{- end }}
38 | {{- if .Values.controller.service.ipFamilies }}
39 | ipFamilies: {{ .Values.controller.service.ipFamilies }}
40 | {{- end }}
41 | ports:
42 | {{- if .Values.controller.service.customPorts }}
43 | {{ toYaml .Values.controller.service.customPorts | indent 2 }}
44 | {{ end }}
45 | {{- if .Values.controller.service.httpPort.enable }}
46 | - port: {{ .Values.controller.service.httpPort.port }}
47 | targetPort: {{ .Values.controller.service.httpPort.targetPort }}
48 | protocol: TCP
49 | name: http
50 | {{- if eq .Values.controller.service.type "NodePort" }}
51 | nodePort: {{ .Values.controller.service.httpPort.nodePort }}
52 | {{- end }}
53 | {{- end }}
54 | {{- if .Values.controller.service.httpsPort.enable }}
55 | - port: {{ .Values.controller.service.httpsPort.port }}
56 | targetPort: {{ .Values.controller.service.httpsPort.targetPort }}
57 | protocol: TCP
58 | name: https
59 | {{- if eq .Values.controller.service.type "NodePort" }}
60 | nodePort: {{ .Values.controller.service.httpsPort.nodePort }}
61 | {{- end }}
62 | {{- end }}
63 | selector:
64 | {{- include "nginx-ingress.selectorLabels" . | nindent 4 }}
65 | {{- if .Values.controller.service.externalIPs }}
66 | externalIPs:
67 | {{ toYaml .Values.controller.service.externalIPs | indent 4 }}
68 | {{- end }}
69 | {{- end }}
70 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/templates/controller-serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.rbac.create }}
2 | apiVersion: v1
3 | kind: ServiceAccount
4 | metadata:
5 | name: {{ include "nginx-ingress.serviceAccountName" . }}
6 | {{- if .Values.controller.serviceAccount.annotations }}
7 | annotations: {{- toYaml .Values.controller.serviceAccount.annotations | nindent 4 }}
8 | {{- end }}
9 | namespace: {{ .Release.Namespace }}
10 | labels:
11 | {{- include "nginx-ingress.labels" . | nindent 4 }}
12 | {{- if .Values.controller.serviceAccount.imagePullSecretName }}
13 | imagePullSecrets:
14 | - name: {{ .Values.controller.serviceAccount.imagePullSecretName }}
15 | {{- end }}
16 | {{- end }}
17 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/templates/controller-servicemonitor.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.controller.serviceMonitor.create }}
2 | apiVersion: monitoring.coreos.com/v1
3 | kind: ServiceMonitor
4 | metadata:
5 | name: {{ include "nginx-ingress.controller.fullname" . }}
6 | namespace: {{ .Release.Namespace }}
7 | labels:
8 | {{- include "nginx-ingress.labels" . | nindent 4 }}
9 | {{- if .Values.controller.serviceMonitor.labels -}}
10 | {{- toYaml .Values.controller.serviceMonitor.labels | nindent 4 }}
11 | {{- end }}
12 | spec:
13 | selector:
14 | matchLabels:
15 | {{- if .Values.controller.serviceMonitor.selectorMatchLabels -}}
16 | {{- toYaml .Values.controller.serviceMonitor.selectorMatchLabels | nindent 6 }}
17 | {{- end }}
18 | {{- include "nginx-ingress.selectorLabels" . | nindent 6 }}
19 | endpoints:
20 | {{- toYaml .Values.controller.serviceMonitor.endpoints | nindent 4 }}
21 | {{- end }}
22 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/templates/controller-wildcard-secret.yaml:
--------------------------------------------------------------------------------
1 | {{ if and (not .Values.controller.wildcardTLS.secret) (and .Values.controller.wildcardTLS.cert .Values.controller.wildcardTLS.key) }}
2 | apiVersion: v1
3 | kind: Secret
4 | metadata:
5 | name: {{ include "nginx-ingress.wildcardTLSName" . }}
6 | namespace: {{ .Release.Namespace }}
7 | labels:
8 | {{- include "nginx-ingress.labels" . | nindent 4 }}
9 | type: kubernetes.io/tls
10 | data:
11 | tls.crt: {{ .Values.controller.wildcardTLS.cert }}
12 | tls.key: {{ .Values.controller.wildcardTLS.key }}
13 | {{- end }}
14 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/templates/rbac.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.rbac.create }}
2 | kind: ClusterRole
3 | apiVersion: rbac.authorization.k8s.io/v1
4 | metadata:
5 | name: {{ include "nginx-ingress.fullname" . }}
6 | labels:
7 | {{- include "nginx-ingress.labels" . | nindent 4 }}
8 | rules:
9 | {{- if .Values.controller.appprotect.enable }}
10 | - apiGroups:
11 | - appprotect.f5.com
12 | resources:
13 | - appolicies
14 | - aplogconfs
15 | - apusersigs
16 | verbs:
17 | - get
18 | - watch
19 | - list
20 | {{- end }}
21 | {{- if .Values.controller.appprotectdos.enable }}
22 | - apiGroups:
23 | - appprotectdos.f5.com
24 | resources:
25 | - apdospolicies
26 | - apdoslogconfs
27 | - dosprotectedresources
28 | verbs:
29 | - get
30 | - watch
31 | - list
32 | {{- end }}
33 | - apiGroups:
34 | - discovery.k8s.io
35 | resources:
36 | - endpointslices
37 | verbs:
38 | - get
39 | - list
40 | - watch
41 | - apiGroups:
42 | - ""
43 | resources:
44 | - services
45 | verbs:
46 | - get
47 | - list
48 | - watch
49 | - apiGroups:
50 | - ""
51 | resources:
52 | - secrets
53 | verbs:
54 | - get
55 | - list
56 | - watch
57 | - apiGroups:
58 | - ""
59 | resources:
60 | - configmaps
61 | verbs:
62 | - get
63 | - list
64 | - watch
65 | {{- if .Values.controller.reportIngressStatus.enableLeaderElection }}
66 | - update
67 | - create
68 | {{- end }}
69 | - apiGroups:
70 | - ""
71 | resources:
72 | - pods
73 | verbs:
74 | - get
75 | - list
76 | - watch
77 | - update
78 | - apiGroups:
79 | - ""
80 | resources:
81 | - namespaces
82 | verbs:
83 | - get
84 | - list
85 | - watch
86 | - apiGroups:
87 | - ""
88 | resources:
89 | - events
90 | verbs:
91 | - create
92 | - patch
93 | - list
94 | - apiGroups:
95 | - coordination.k8s.io
96 | resources:
97 | - leases
98 | verbs:
99 | - get
100 | - list
101 | - watch
102 | - update
103 | - create
104 | - apiGroups:
105 | - networking.k8s.io
106 | resources:
107 | - ingresses
108 | verbs:
109 | - get
110 | - list
111 | - watch
112 | - apiGroups:
113 | - networking.k8s.io
114 | resources:
115 | - ingressclasses
116 | verbs:
117 | - get
118 | {{- if .Values.controller.reportIngressStatus.enable }}
119 | - apiGroups:
120 | - networking.k8s.io
121 | resources:
122 | - ingresses/status
123 | verbs:
124 | - update
125 | {{- end }}
126 | {{- if .Values.controller.enableCustomResources }}
127 | - apiGroups:
128 | - k8s.nginx.org
129 | resources:
130 | - virtualservers
131 | - virtualserverroutes
132 | - globalconfigurations
133 | - transportservers
134 | - policies
135 | verbs:
136 | - list
137 | - watch
138 | - get
139 | - apiGroups:
140 | - k8s.nginx.org
141 | resources:
142 | - virtualservers/status
143 | - virtualserverroutes/status
144 | - policies/status
145 | - transportservers/status
146 | verbs:
147 | - update
148 | {{- end }}
149 | {{- if .Values.controller.reportIngressStatus.ingressLink }}
150 | - apiGroups:
151 | - cis.f5.com
152 | resources:
153 | - ingresslinks
154 | verbs:
155 | - list
156 | - watch
157 | - get
158 | {{- end }}
159 | {{- if .Values.controller.enableCertManager }}
160 | - apiGroups:
161 | - cert-manager.io
162 | resources:
163 | - certificates
164 | verbs:
165 | - list
166 | - watch
167 | - get
168 | - update
169 | - create
170 | - delete
171 | {{- end }}
172 | {{- if .Values.controller.enableExternalDNS }}
173 | - apiGroups:
174 | - externaldns.nginx.org
175 | resources:
176 | - dnsendpoints
177 | verbs:
178 | - list
179 | - watch
180 | - get
181 | - update
182 | - create
183 | - delete
184 | - apiGroups:
185 | - externaldns.nginx.org
186 | resources:
187 | - dnsendpoints/status
188 | verbs:
189 | - update
190 | {{- end }}
191 | ---
192 | kind: ClusterRoleBinding
193 | apiVersion: rbac.authorization.k8s.io/v1
194 | metadata:
195 | name: {{ include "nginx-ingress.fullname" . }}
196 | labels:
197 | {{- include "nginx-ingress.labels" . | nindent 4 }}
198 | subjects:
199 | - kind: ServiceAccount
200 | name: {{ include "nginx-ingress.serviceAccountName" . }}
201 | namespace: {{ .Release.Namespace }}
202 | roleRef:
203 | kind: ClusterRole
204 | name: {{ include "nginx-ingress.fullname" . }}
205 | apiGroup: rbac.authorization.k8s.io
206 | {{- end }}
207 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/values-icp.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | name: controller
3 | kind: daemonset
4 | nginxplus: true
5 | image:
6 | repository: mycluster.icp:8500/kube-system/nginx-plus-ingress
7 | tag: "3.2.1"
8 | nodeSelector:
9 | beta.kubernetes.io/arch: "amd64"
10 | proxy: true
11 | terminationGracePeriodSeconds: 60
12 | tolerations:
13 | - key: "dedicated"
14 | operator: "Exists"
15 | effect: "NoSchedule"
16 | - key: "CriticalAddonsOnly"
17 | operator: "Exists"
18 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/values-nsm.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | name: controller
3 | enableLatencyMetrics: true
4 | nginxServiceMesh:
5 | enable: true
6 | enableEgress: true
7 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/values-plus.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | name: controller
3 | nginxplus: true
4 | image:
5 | repository: nginx-plus-ingress
6 | tag: "3.2.1"
7 |
--------------------------------------------------------------------------------
/helm/nginx-ingress/values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | ## The name of the Ingress Controller daemonset or deployment.
3 | name: controller
4 |
5 | ## The kind of the Ingress Controller installation - deployment or daemonset.
6 | kind: deployment
7 |
8 | ## Annotations for deployments and daemonsets
9 | annotations: {}
10 |
11 | ## Deploys the Ingress Controller for NGINX Plus.
12 | nginxplus: false
13 |
14 | # Timeout in milliseconds which the Ingress Controller will wait for a successful NGINX reload after a change or at the initial start.
15 | nginxReloadTimeout: 60000
16 |
17 | ## Support for App Protect WAF
18 | appprotect:
19 | ## Enable the App Protect WAF module in the Ingress Controller.
20 | enable: false
21 | ## Sets log level for App Protect WAF. Allowed values: fatal, error, warn, info, debug, trace
22 | # logLevel: fatal
23 |
24 | ## Support for App Protect DoS
25 | appprotectdos:
26 | ## Enable the App Protect DoS module in the Ingress Controller.
27 | enable: false
28 | ## Enable debugging for App Protect DoS.
29 | debug: false
30 | ## Max number of nginx processes to support.
31 | maxWorkers: 0
32 | ## Max number of ADMD instances.
33 | maxDaemons: 0
34 | ## RAM memory size to consume in MB.
35 | memory: 0
36 |
37 | ## Enables the Ingress Controller pods to use the host's network namespace.
38 | hostNetwork: false
39 |
40 | ## DNS policy for the Ingress Controller pods
41 | dnsPolicy: ClusterFirst
42 |
43 | ## Enables debugging for NGINX. Uses the nginx-debug binary. Requires error-log-level: debug in the ConfigMap via `controller.config.entries`.
44 | nginxDebug: false
45 |
46 | ## The log level of the Ingress Controller.
47 | logLevel: 1
48 |
49 | ## A list of custom ports to expose on the NGINX Ingress Controller pod. Follows the conventional Kubernetes yaml syntax for container ports.
50 | customPorts: []
51 |
52 | image:
53 | ## The image repository of the Ingress Controller.
54 | repository: nginx/nginx-ingress
55 |
56 | ## The tag of the Ingress Controller image. If not specified the appVersion from Chart.yaml is used as a tag.
57 | # tag: "3.2.1"
58 |
59 | ## The digest of the Ingress Controller image.
60 | ## If digest is specified it has precedence over tag and will be used instead
61 | # digest: "sha256:CHANGEME"
62 |
63 | ## The pull policy for the Ingress Controller image.
64 | pullPolicy: IfNotPresent
65 |
66 | ## The lifecycle of the Ingress Controller pods.
67 | lifecycle: {}
68 |
69 | ## The custom ConfigMap to use instead of the one provided by default
70 | customConfigMap: ""
71 |
72 | config:
73 | ## The name of the ConfigMap used by the Ingress Controller.
74 | ## Autogenerated if not set or set to "".
75 | # name: nginx-config
76 |
77 | ## The annotations of the Ingress Controller configmap.
78 | annotations: {}
79 |
80 | ## The entries of the ConfigMap for customizing NGINX configuration.
81 | entries: {}
82 |
83 | ## It is recommended to use your own TLS certificates and keys
84 | defaultTLS:
85 | ## The base64-encoded TLS certificate for the default HTTPS server. By default, a pre-generated self-signed certificate is used.
86 | ## Note: It is recommended that you specify your own certificate. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server.
87 | cert: ""
88 |
89 | ## The base64-encoded TLS key for the default HTTPS server. By default, a pre-generated key is used.
90 | ## Note: It is recommended that you specify your own key. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server.
91 | key: ""
92 |
93 | ## The secret with a TLS certificate and key for the default HTTPS server.
94 | ## The value must follow the following format: `/`.
95 | ## Used as an alternative to specifying a certificate and key using `controller.defaultTLS.cert` and `controller.defaultTLS.key` parameters.
96 | ## Note: Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server.
97 | ## Format: /
98 | secret: ""
99 |
100 | wildcardTLS:
101 | ## The base64-encoded TLS certificate for every Ingress/VirtualServer host that has TLS enabled but no secret specified.
102 | ## If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection.
103 | cert: ""
104 |
105 | ## The base64-encoded TLS key for every Ingress/VirtualServer host that has TLS enabled but no secret specified.
106 | ## If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection.
107 | key: ""
108 |
109 | ## The secret with a TLS certificate and key for every Ingress/VirtualServer host that has TLS enabled but no secret specified.
110 | ## The value must follow the following format: `/`.
111 | ## Used as an alternative to specifying a certificate and key using `controller.wildcardTLS.cert` and `controller.wildcardTLS.key` parameters.
112 | ## Format: /
113 | secret: ""
114 |
115 | ## The node selector for pod assignment for the Ingress Controller pods.
116 | # nodeSelector: {}
117 |
118 | ## The termination grace period of the Ingress Controller pod.
119 | terminationGracePeriodSeconds: 30
120 |
121 | ## HorizontalPodAutoscaling (HPA)
122 | autoscaling:
123 | ## Enables HorizontalPodAutoscaling.
124 | enabled: false
125 | ## The annotations of the Ingress Controller HorizontalPodAutoscaler.
126 | annotations: {}
127 | ## Minimum number of replicas for the HPA.
128 | minReplicas: 1
129 | ## Maximum number of replicas for the HPA.
130 | maxReplicas: 3
131 | ## The target cpu utilization percentage.
132 | targetCPUUtilizationPercentage: 50
133 | ## The target memory utilization percentage.
134 | targetMemoryUtilizationPercentage: 50
135 |
136 | ## The resources of the Ingress Controller pods.
137 | resources:
138 | requests:
139 | cpu: 100m
140 | memory: 128Mi
141 | # limits:
142 | # cpu: 1
143 | # memory: 1Gi
144 |
145 | ## The tolerations of the Ingress Controller pods.
146 | tolerations: []
147 |
148 | ## The affinity of the Ingress Controller pods.
149 | affinity: {}
150 |
151 | ## The topology spread constraints of the Ingress controller pods.
152 | # topologySpreadConstraints: {}
153 |
154 | ## The additional environment variables to be set on the Ingress Controller pods.
155 | env: []
156 | # - name: MY_VAR
157 | # value: myvalue
158 |
159 | ## The volumes of the Ingress Controller pods.
160 | volumes: []
161 | # - name: extra-conf
162 | # configMap:
163 | # name: extra-conf
164 |
165 | ## The volumeMounts of the Ingress Controller pods.
166 | volumeMounts: []
167 | # - name: extra-conf
168 | # mountPath: /etc/nginx/conf.d/extra.conf
169 | # subPath: extra.conf
170 |
171 | ## InitContainers for the Ingress Controller pods.
172 | initContainers: []
173 | # - name: init-container
174 | # image: busybox:1.34
175 | # command: ['sh', '-c', 'echo this is initial setup!']
176 |
177 | ## The minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing, for it to be considered available.
178 | minReadySeconds: 0
179 |
180 | ## Pod disruption budget for the Ingress Controller pods.
181 | podDisruptionBudget:
182 | ## Enables PodDisruptionBudget.
183 | enabled: false
184 | ## The annotations of the Ingress Controller pod disruption budget.
185 | annotations: {}
186 | ## The number of Ingress Controller pods that should be available. This is a mutually exclusive setting with "maxUnavailable".
187 | # minAvailable: 1
188 | ## The number of Ingress Controller pods that can be unavailable. This is a mutually exclusive setting with "minAvailable".
189 | # maxUnavailable: 1
190 |
191 | ## Strategy used to replace old Pods by new ones. .spec.strategy.type can be "Recreate" or "RollingUpdate" for Deployments, and "OnDelete" or "RollingUpdate" for Daemonsets. "RollingUpdate" is the default value.
192 | strategy: {}
193 |
194 | ## Extra containers for the Ingress Controller pods.
195 | extraContainers: []
196 | # - name: container
197 | # image: busybox:1.34
198 | # command: ['sh', '-c', 'echo this is a sidecar!']
199 |
200 | ## The number of replicas of the Ingress Controller deployment.
201 | replicaCount: 1
202 |
203 | ## A class of the Ingress Controller.
204 |
205 | ## IngressClass resource with the name equal to the class must be deployed. Otherwise,
206 | ## the Ingress Controller will fail to start.
207 | ## The Ingress Controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class.
208 |
209 | ## The Ingress Controller processes all the resources that do not have the "ingressClassName" field for all versions of kubernetes.
210 | ingressClass: nginx
211 |
212 | ## New Ingresses without an ingressClassName field specified will be assigned the class specified in `controller.ingressClass`.
213 | setAsDefaultIngress: false
214 |
215 | ## Comma separated list of namespaces to watch for Ingress resources. By default the Ingress Controller watches all namespaces. Mutually exclusive with "controller.watchNamespaceLabel".
216 | watchNamespace: ""
217 |
218 | ## Configures the Ingress Controller to watch only those namespaces with label foo=bar. By default the Ingress Controller watches all namespaces. Mutually exclusive with "controller.watchNamespace".
219 | watchNamespaceLabel: ""
220 |
221 | ## Comma separated list of namespaces to watch for Secret resources. By default the Ingress Controller watches all namespaces.
222 | watchSecretNamespace: ""
223 |
224 | ## Enable the custom resources.
225 | enableCustomResources: true
226 |
227 | ## Enable preview policies. This parameter is deprecated. To enable OIDC Policies please use controller.enableOIDC instead.
228 | enablePreviewPolicies: false
229 |
230 | ## Enable OIDC policies.
231 | enableOIDC: false
232 |
233 | ## Include year in log header. This parameter will be removed in release 2.7 and the year will be included by default.
234 | includeYear: false
235 |
236 | ## Enable TLS Passthrough on port 443. Requires controller.enableCustomResources.
237 | enableTLSPassthrough: false
238 |
239 | ## Enable cert manager for Virtual Server resources. Requires controller.enableCustomResources.
240 | enableCertManager: false
241 |
242 | ## Enable external DNS for Virtual Server resources. Requires controller.enableCustomResources.
243 | enableExternalDNS: false
244 |
245 | globalConfiguration:
246 | ## Creates the GlobalConfiguration custom resource. Requires controller.enableCustomResources.
247 | create: false
248 |
249 | ## The spec of the GlobalConfiguration for defining the global configuration parameters of the Ingress Controller.
250 | spec: {}
251 | # listeners:
252 | # - name: dns-udp
253 | # port: 5353
254 | # protocol: UDP
255 | # - name: dns-tcp
256 | # port: 5353
257 | # protocol: TCP
258 |
259 | ## Enable custom NGINX configuration snippets in Ingress, VirtualServer, VirtualServerRoute and TransportServer resources.
260 | enableSnippets: false
261 |
262 | ## Add a location based on the value of health-status-uri to the default server. The location responds with the 200 status code for any request.
263 | ## Useful for external health-checking of the Ingress Controller.
264 | healthStatus: false
265 |
266 | ## Sets the URI of health status location in the default server. Requires controller.healthStatus.
267 | healthStatusURI: "/nginx-health"
268 |
269 | nginxStatus:
270 | ## Enable the NGINX stub_status, or the NGINX Plus API.
271 | enable: true
272 |
273 | ## Set the port where the NGINX stub_status or the NGINX Plus API is exposed.
274 | port: 8080
275 |
276 | ## Add IPv4 IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas.
277 | allowCidrs: "127.0.0.1"
278 |
279 | service:
280 | ## Creates a service to expose the Ingress Controller pods.
281 | create: true
282 |
283 | ## The type of service to create for the Ingress Controller.
284 | type: LoadBalancer
285 |
286 | ## The externalTrafficPolicy of the service. The value Local preserves the client source IP.
287 | externalTrafficPolicy: Local
288 |
289 | ## The annotations of the Ingress Controller service.
290 | annotations: {}
291 |
292 | ## The extra labels of the service.
293 | extraLabels: {}
294 |
295 | ## The static IP address for the load balancer. Requires controller.service.type set to LoadBalancer. The cloud provider must support this feature.
296 | loadBalancerIP: ""
297 |
298 | ## The list of external IPs for the Ingress Controller service.
299 | externalIPs: []
300 |
301 | ## The IP ranges (CIDR) that are allowed to access the load balancer. Requires controller.service.type set to LoadBalancer. The cloud provider must support this feature.
302 | loadBalancerSourceRanges: []
303 |
304 | ## Whether to automatically allocate NodePorts (only for LoadBalancers).
305 | # allocateLoadBalancerNodePorts: false
306 |
307 | ## Dual stack preference.
308 | ## Valid values: SingleStack, PreferDualStack, RequireDualStack
309 | # ipFamilyPolicy: SingleStack
310 |
311 | ## List of IP families assigned to this service.
312 | ## Valid values: IPv4, IPv6
313 | # ipFamilies:
314 | # - IPv6
315 |
316 | httpPort:
317 | ## Enables the HTTP port for the Ingress Controller service.
318 | enable: true
319 |
320 | ## The HTTP port of the Ingress Controller service.
321 | port: 80
322 |
323 | ## The custom NodePort for the HTTP port. Requires controller.service.type set to NodePort.
324 | # nodePort: 80
325 |
326 | ## The HTTP port on the POD where the Ingress Controller service is running.
327 | targetPort: 80
328 |
329 | httpsPort:
330 | ## Enables the HTTPS port for the Ingress Controller service.
331 | enable: true
332 |
333 | ## The HTTPS port of the Ingress Controller service.
334 | port: 443
335 |
336 | ## The custom NodePort for the HTTPS port. Requires controller.service.type set to NodePort.
337 | # nodePort: 443
338 |
339 | ## The HTTPS port on the POD where the Ingress Controller service is running.
340 | targetPort: 443
341 |
342 | ## A list of custom ports to expose through the Ingress Controller service. Follows the conventional Kubernetes yaml syntax for service ports.
343 | customPorts: []
344 |
345 | serviceAccount:
346 | ## The annotations of the service account of the Ingress Controller pods.
347 | annotations: {}
348 |
349 | ## The name of the service account of the Ingress Controller pods. Used for RBAC.
350 | ## Autogenerated if not set or set to "".
351 | # name: nginx-ingress
352 |
353 | ## The name of the secret containing docker registry credentials.
354 | ## Secret must exist in the same namespace as the helm release.
355 | imagePullSecretName: ""
356 |
357 | serviceMonitor:
358 | ## Creates a serviceMonitor to expose statistics on the kubernetes pods.
359 | create: false
360 |
361 | ## Kubernetes object labels to attach to the serviceMonitor object.
362 | labels: {}
363 |
364 | ## A set of labels to allow the selection of endpoints for the ServiceMonitor.
365 | selectorMatchLabels: {}
366 |
367 | ## A list of endpoints allowed as part of this ServiceMonitor.
368 | endpoints: []
369 |
370 | reportIngressStatus:
371 | ## Updates the address field in the status of Ingress resources with an external address of the Ingress Controller.
372 | ## You must also specify the source of the external address either through an external service via controller.reportIngressStatus.externalService,
373 | ## controller.reportIngressStatus.ingressLink or the external-status-address entry in the ConfigMap via controller.config.entries.
374 | ## Note: controller.config.entries.external-status-address takes precedence over the others.
375 | enable: true
376 |
377 | ## Specifies the name of the service with the type LoadBalancer through which the Ingress Controller is exposed externally.
378 | ## The external address of the service is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources.
379 | ## controller.reportIngressStatus.enable must be set to true.
380 | ## The default is autogenerated and matches the created service (see controller.service.create).
381 | # externalService: nginx-ingress
382 |
383 | ## Specifies the name of the IngressLink resource, which exposes the Ingress Controller pods via a BIG-IP system.
384 | ## The IP of the BIG-IP system is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources.
385 | ## controller.reportIngressStatus.enable must be set to true.
386 | ingressLink: ""
387 |
388 | ## Enable Leader election to avoid multiple replicas of the controller reporting the status of Ingress resources. controller.reportIngressStatus.enable must be set to true.
389 | enableLeaderElection: true
390 |
391 | ## Specifies the name of the ConfigMap, within the same namespace as the controller, used as the lock for leader election. controller.reportIngressStatus.enableLeaderElection must be set to true.
392 | ## Autogenerated if not set or set to "".
393 | # leaderElectionLockName: "nginx-ingress-leader-election"
394 |
395 | ## The annotations of the leader election configmap.
396 | annotations: {}
397 |
398 | pod:
399 | ## The annotations of the Ingress Controller pod.
400 | annotations: {}
401 |
402 | ## The additional extra labels of the Ingress Controller pod.
403 | extraLabels: {}
404 |
405 | ## The PriorityClass of the Ingress Controller pods.
406 | # priorityClassName: ""
407 |
408 | readyStatus:
409 | ## Enables readiness endpoint "/nginx-ready". The endpoint returns a success code when NGINX has loaded all the config after startup.
410 | enable: true
411 |
412 | ## Set the port where the readiness endpoint is exposed.
413 | port: 8081
414 |
415 | ## The number of seconds after the Ingress Controller pod has started before readiness probes are initiated.
416 | initialDelaySeconds: 0
417 |
418 | ## Enable collection of latency metrics for upstreams. Requires prometheus.create.
419 | enableLatencyMetrics: false
420 |
421 | ## Disable IPV6 listeners explicitly for nodes that do not support the IPV6 stack.
422 | disableIPV6: false
423 |
424 | ## Configure root filesystem as read-only and add volumes for temporary data.
425 | readOnlyRootFilesystem: false
426 |
427 | rbac:
428 | ## Configures RBAC.
429 | create: true
430 |
431 | prometheus:
432 | ## Expose NGINX or NGINX Plus metrics in the Prometheus format.
433 | create: true
434 |
435 | ## Configures the port to scrape the metrics.
436 | port: 9113
437 |
438 | ## Specifies the namespace/name of a Kubernetes TLS Secret which will be used to protect the Prometheus endpoint.
439 | secret: ""
440 |
441 | ## Configures the HTTP scheme used.
442 | scheme: http
443 |
444 | serviceInsight:
445 | ## Expose NGINX Plus Service Insight endpoint.
446 | create: false
447 |
448 | ## Configures the port to expose endpoint.
449 | port: 9114
450 |
451 | ## Specifies the namespace/name of a Kubernetes TLS Secret which will be used to protect the Service Insight endpoint.
452 | secret: ""
453 |
454 | ## Configures the HTTP scheme used.
455 | scheme: http
456 |
457 | nginxServiceMesh:
458 | ## Enables integration with NGINX Service Mesh.
459 | enable: false
460 |
461 | ## Enables NGINX Service Mesh workload to route egress traffic through the Ingress Controller.
462 | ## Requires nginxServiceMesh.enable
463 | enableEgress: false
464 |
--------------------------------------------------------------------------------
/helm/txtsum_chart/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/helm/txtsum_chart/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: ocr
3 | description: My Helm Chart for text summarization
4 |
5 | # A chart can be `application` or `library`,
6 | # we don't use `library` so often
7 | type: application
8 |
9 | # The chart vesion, which should be changed every time
10 | # you make an update to the chart
11 | version: 0.1.0
12 |
13 | # The version number of the application being deployed
14 | appVersion: "1.0.0"
15 |
16 | maintainers:
17 | - email: dothanhdat185@gmail.com
18 | name: datdt
19 |
--------------------------------------------------------------------------------
/helm/txtsum_chart/Dockerfile-jenkins-k8s:
--------------------------------------------------------------------------------
1 | FROM jenkins/jenkins:lts
2 | USER root
3 | RUN curl https://get.docker.com > dockerinstall && chmod 777 dockerinstall && ./dockerinstall && \
4 | curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && \
5 | chmod +x ./kubectl && \
6 | mv ./kubectl /usr/local/bin/kubectl && \
7 | curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
8 | USER jenkins
9 |
--------------------------------------------------------------------------------
/helm/txtsum_chart/README.md:
--------------------------------------------------------------------------------
1 |
2 |
3 | ## How-to Guide
4 | ```shell
5 | cd txtsum_chart
6 | helm upgrade --install txtapp .
7 | ```
8 |
9 | ![image alt text]()
10 |
--------------------------------------------------------------------------------
/helm/txtsum_chart/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | The text summarization server can be accessed via port 30000 on the following DNS name from within your cluster
2 |
--------------------------------------------------------------------------------
/helm/txtsum_chart/templates/deployment.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: {{ .Release.Name }}
5 | labels:
6 | app: {{ .Release.Name }}
7 | namespace: model-serving
8 | spec:
9 | replicas: 1
10 | selector:
11 | matchLabels:
12 | app: {{ .Release.Name }}
13 | template:
14 | metadata:
15 | labels:
16 | app: {{ .Release.Name }}
17 | spec:
18 | containers:
19 | - name: {{ .Release.Name }}
20 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
21 | imagePullPolicy: {{ .Values.image.pullPolicy }}
22 | ports:
23 | - containerPort: 80
24 |
--------------------------------------------------------------------------------
/helm/txtsum_chart/templates/gateway.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.istio.io/v1beta1
2 | kind: Gateway
3 | metadata:
4 | name: {{ .Release.Name }}-gateway
5 | namespace: model-serving
6 | spec:
7 | selector:
8 | istio: ingressgateway
9 | servers:
10 | - hosts:
11 | - '*'
12 | port:
13 | name: http
14 | number: 80
15 | protocol: HTTP
16 |
--------------------------------------------------------------------------------
/helm/txtsum_chart/templates/service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: {{ .Release.Name }}
5 | labels:
6 | app: {{ .Release.Name }}
7 | namespace: model-serving
8 | spec:
9 | selector:
10 | app: {{ .Release.Name }}
11 | ports:
12 | - port: 30000
13 | protocol: TCP
14 | targetPort: 30000
15 | type: ClusterIP
16 |
--------------------------------------------------------------------------------
/helm/txtsum_chart/templates/virtualservice.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.istio.io/v1beta1
2 | kind: VirtualService
3 | metadata:
4 | name: {{ .Release.Name }}
5 | namespace: model-serving
6 | spec:
7 | gateways:
8 | - model-serving/{{ .Release.Name }}-gateway
9 | hosts:
10 | - '*'
11 | http:
12 | - match:
13 | - uri:
14 | prefix: /{{ .Release.Name }}-service/docs
15 | rewrite:
16 | uri: /docs
17 | route:
18 | - destination:
19 | host: {{ .Release.Name }}.model-serving.svc.cluster.local
20 | port:
21 | number: 30000
22 | - match:
23 | - uri:
24 | prefix: /{{ .Release.Name }}-service/openapi.json
25 | rewrite:
26 | uri: /openapi.json
27 | route:
28 | - destination:
29 | host: {{ .Release.Name }}.model-serving.svc.cluster.local
30 | port:
31 | number: 30000
32 |
--------------------------------------------------------------------------------
/helm/txtsum_chart/values.yaml:
--------------------------------------------------------------------------------
1 | image:
2 | repository: datdt185/app
3 | tag: "v1.0.0"
4 | pullPolicy: IfNotPresent
5 |
6 | env:
7 | name: dev
8 |
--------------------------------------------------------------------------------
/images/Ansibl2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/Ansibl2.png
--------------------------------------------------------------------------------
/images/Ansible.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/Ansible.png
--------------------------------------------------------------------------------
/images/Cloud.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/Cloud.png
--------------------------------------------------------------------------------
/images/DemoCICD.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/DemoCICD.png
--------------------------------------------------------------------------------
/images/DeployGKE.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/DeployGKE.png
--------------------------------------------------------------------------------
/images/ELK.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/ELK.png
--------------------------------------------------------------------------------
/images/GCE.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/GCE.png
--------------------------------------------------------------------------------
/images/GCE2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/GCE2.png
--------------------------------------------------------------------------------
/images/GCE4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/GCE4.png
--------------------------------------------------------------------------------
/images/GKE1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/GKE1.png
--------------------------------------------------------------------------------
/images/GKE2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/GKE2.png
--------------------------------------------------------------------------------
/images/GKE3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/GKE3.png
--------------------------------------------------------------------------------
/images/JenkinsGCE.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/JenkinsGCE.png
--------------------------------------------------------------------------------
/images/Local.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/Local.png
--------------------------------------------------------------------------------
/images/Run container app.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/Run container app.png
--------------------------------------------------------------------------------
/images/aaa.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/aaa.png
--------------------------------------------------------------------------------
/images/ansible4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/ansible4.png
--------------------------------------------------------------------------------
/images/app run in container.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/app run in container.png
--------------------------------------------------------------------------------
/images/demo with fastapi.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/demo with fastapi.png
--------------------------------------------------------------------------------
/images/demo with gradio.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/demo with gradio.png
--------------------------------------------------------------------------------
/images/deploy on K8s.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/deploy on K8s.png
--------------------------------------------------------------------------------
/images/gafanademo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/images/gafanademo.png
--------------------------------------------------------------------------------
/jenkins/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM jenkins/jenkins:lts
2 | USER root
3 | RUN curl https://get.docker.com > dockerinstall && chmod 777 dockerinstall && ./dockerinstall
4 | USER jenkins
5 |
--------------------------------------------------------------------------------
/jenkins/docker-compose.yaml:
--------------------------------------------------------------------------------
1 | version: '3.8'
2 | services:
3 | jenkins:
4 | image: datdt/jenkins
5 | container_name: jenkins
6 | restart: unless-stopped
7 | privileged: true
8 | user: root
9 | ports:
10 | - 8082:8080
11 | - 50000:50000
12 | volumes:
13 | - jenkins_home:/var/jenkins_home
14 | - /var/run/docker.sock:/var/run/docker.sock
15 |
16 | volumes:
17 | jenkins_home:
--------------------------------------------------------------------------------
/local/ansible/custom_jenkins/Dockerfile:
--------------------------------------------------------------------------------
1 | # Ref: https://hackmamba.io/blog/2022/04/running-docker-in-a-jenkins-container/
2 | FROM jenkins/jenkins:lts
3 | USER root
4 | RUN curl https://get.docker.com > dockerinstall && chmod 777 dockerinstall && ./dockerinstall && \
5 | curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && \
6 | chmod +x ./kubectl && \
7 | mv ./kubectl /usr/local/bin/kubectl && \
8 | curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
9 | USER jenkins
10 |
--------------------------------------------------------------------------------
/local/ansible/deploy_jenkins/create_compute_instance.yaml:
--------------------------------------------------------------------------------
1 | - name: Create a Compute Engine instance
2 | hosts: localhost
3 | tasks:
4 | - name: Start an instance
5 | gcp_compute_instance:
6 | name: instance-1
7 | machine_type: e2-small
8 | # Refer to https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts
9 | # or use the command `gcloud compute images list --project=ubuntu-os-cloud`
10 | zone: us-west4-b
11 | project: mlops-414313
12 | # The service account is needed to create the resources
13 | auth_kind: serviceaccount
14 | service_account_file: ../secrets/mlops-414313-aec1bd57f93f.json
15 | disks:
16 | - auto_delete: true
17 | boot: true
18 | initialize_params:
19 | source_image: projects/ubuntu-os-cloud/global/images/ubuntu-2204-jammy-v20230727
20 | # We use the default network with an external IP for SSH
21 | network_interfaces:
22 | - network:
23 | selfLink: global/networks/default
24 | access_configs:
25 | - name: External NAT
26 | type: ONE_TO_ONE_NAT
27 | state: present # change to absent to delete the instance
28 |
29 | - name: Create inbound firewall rule for port 8081 and 50000
30 | gcp_compute_firewall:
31 | name: allow-port-8081-50000
32 | network:
33 | selfLink: global/networks/default
34 | allowed:
35 | - ip_protocol: TCP
36 | ports:
37 | - 8081
38 | - 50000
39 | source_ranges:
40 | - 0.0.0.0/0 # Allow traffic from any source (use a more specific source range for security)
41 | direction: INGRESS # Direction from outside to inside, EGRESS is the opposite direction
42 | description: Allow incoming traffic on port 30000
43 | project: mlops-414313
44 | auth_kind: serviceaccount
45 | service_account_file: ../secrets/mlops-414313-aec1bd57f93f.json
46 |
--------------------------------------------------------------------------------
/local/ansible/deploy_jenkins/deploy_jenkins.yml:
--------------------------------------------------------------------------------
1 | - name: Deploy Jenkins
2 | hosts: servers
3 | become: yes
4 | vars:
5 | default_container_name: jenkins
6 | default_container_image: datdt185/jenkins
7 | tasks:
8 | - name: Install aptitude
9 | apt:
10 | name: aptitude
11 | state: latest
12 | update_cache: true
13 |
14 | - name: Install prerequisites
15 | apt:
16 | pkg:
17 | - apt-transport-https
18 | - ca-certificates
19 | - curl
20 | - software-properties-common
21 | - python3-pip
22 | - virtualenv
23 | - python3-setuptools
24 | state: latest
25 | update_cache: true
26 |
27 | - name: Add Docker GPG apt Key
28 | apt_key:
29 | url: https://download.docker.com/linux/ubuntu/gpg
30 | state: present
31 |
32 | - name: Add Docker Repository
33 | apt_repository:
34 | repo: deb https://download.docker.com/linux/ubuntu focal stable
35 | state: present
36 |
37 | - name: Update apt and install docker-ce
38 | apt:
39 | name: docker-ce
40 | state: latest
41 | update_cache: true
42 |
43 | - name: Pull the Docker image
44 | community.docker.docker_image:
45 | name: "{{ default_container_image }}"
46 | source: pull
47 |
48 | # https://docs.ansible.com/ansible/latest/collections/community/docker/docker_container_module.html
49 | - name: Create the container
50 | community.docker.docker_container:
51 | name: "{{ default_container_name }}"
52 | image: "{{ default_container_image }}"
53 | state: started
54 | privileged: true
55 | user: root
56 | volumes:
57 | - jenkins_home:/var/jenkins_home
58 | - /var/run/docker.sock:/var/run/docker.sock
59 | ports:
60 | - 8081:8080
61 | - 50000:50000
62 | detach: yes # Run the container in the background
63 |
--------------------------------------------------------------------------------
/local/ansible/docker-compose.yaml:
--------------------------------------------------------------------------------
1 | version: "3.8"
2 | services:
3 | jenkins:
4 | image: datdt185/jenkins:latest
5 | container_name: jenkins
6 | restart: unless-stopped
7 | privileged: true
8 | user: root
9 | ports:
10 | - 8081:8080
11 | - 50000:50000
12 | volumes:
13 | - jenkins_home:/var/jenkins_home
14 | - /var/run/docker.sock:/var/run/docker.sock
15 |
16 | volumes:
17 | jenkins_home:
18 |
--------------------------------------------------------------------------------
/local/ansible/inventory:
--------------------------------------------------------------------------------
1 | [servers]
2 | "external ip"ansible_ssh_private_key_file=/home/"replace_name"/.ssh/id_rsa
3 |
--------------------------------------------------------------------------------
/local/ansible/requirements.txt:
--------------------------------------------------------------------------------
1 | ansible==8.3.0
2 |
--------------------------------------------------------------------------------
/main.py:
--------------------------------------------------------------------------------
1 | from typing import Optional
2 |
3 | from fastapi import FastAPI
4 | from transformers import AutoModelForSeq2SeqLM, AutoTokenizer, pipeline
5 |
6 | # Initialize the summarizer
7 |
8 | model_dir = "model/"
9 | tokenizer = AutoTokenizer.from_pretrained(model_dir)
10 | model = AutoModelForSeq2SeqLM.from_pretrained(model_dir)
11 |
12 | summarizer = pipeline("summarization", model=model, tokenizer=tokenizer)
13 |
14 |
15 | app = FastAPI(root_path="/txtapp-service")
16 |
17 |
18 | @app.get("/Text_Summarization")
19 | def text_summarization(text: Optional[str] = None):
20 | results = {"Mlops": [{"Author": "DrissDo"}]}
21 | if text:
22 | # Use the summarizer to summarize the text
23 | summary = summarizer(text, max_length=130, min_length=30, do_sample=False)
24 | results.update({"Text Summarization ": summary})
25 | return results
26 |
--------------------------------------------------------------------------------
/monitor/README.md:
--------------------------------------------------------------------------------
1 | This repo is used for 3 lessons, so it will be a bit complicated, but don't worry about it, said Prof. Andrew Ng.
2 |
3 | ## How-to Guide
4 |
5 | ### Up and running services
6 | Start Prometheus, Grafana (to see metrics), and Jaeger Tracing (to see traces) as follows
7 |
8 | ```shell
9 | docker compose -f prom-graf-docker-compose.yaml up -d
10 | ```
11 |
12 | Start ELK stack to see container logs by the following command:
13 | ```shell
14 | cd elk
15 | docker compose -f elk-docker-compose.yml -f extensions/filebeat/filebeat-compose.yml up -d
16 | ```
17 |
18 | ### Access services
19 | - Grafana: http://localhost:3000 with `username/password` is `admin/admin`
20 | - Kibana: http://localhost:5601 with `username/password` is `elastic/changeme`
21 | - Jaeger: http://localhost:16686
--------------------------------------------------------------------------------
/monitor/client.py:
--------------------------------------------------------------------------------
1 | from time import sleep
2 | import requests
3 | from loguru import logger
4 |
5 | def predict():
6 | logger.info("Sending GET requests!")
7 | params = {
8 | "Text": "Your text to summarize goes here",
9 | }
10 | response = requests.get(
11 | "http://localhost:8000/Text_Summarization",
12 | headers={
13 | "accept": "application/json",
14 | },
15 | params=params,
16 | )
17 | print(response.json())
18 |
19 | if __name__ == "__main__":
20 | while True:
21 | predict()
22 | sleep(0.5)
--------------------------------------------------------------------------------
/monitor/elk/.env:
--------------------------------------------------------------------------------
1 | ELASTIC_VERSION=8.4.1
2 |
3 | ## Passwords for stack users
4 | #
5 |
6 | # User 'elastic' (built-in)
7 | #
8 | # Superuser role, full access to cluster management and data indices.
9 | # https://www.elastic.co/guide/en/elasticsearch/reference/current/built-in-users.html
10 | ELASTIC_PASSWORD='changeme'
11 |
12 | # User 'logstash_internal' (custom)
13 | #
14 | # The user Logstash uses to connect and send data to Elasticsearch.
15 | # https://www.elastic.co/guide/en/logstash/current/ls-security.html
16 | LOGSTASH_INTERNAL_PASSWORD='changeme'
17 |
18 | # User 'kibana_system' (built-in)
19 | #
20 | # The user Kibana uses to connect and communicate with Elasticsearch.
21 | # https://www.elastic.co/guide/en/elasticsearch/reference/current/built-in-users.html
22 | KIBANA_SYSTEM_PASSWORD='changeme'
23 |
--------------------------------------------------------------------------------
/monitor/elk/elasticsearch/.dockerignore:
--------------------------------------------------------------------------------
1 | # Ignore Docker build files
2 | Dockerfile
3 | .dockerignore
4 |
5 | # Ignore OS artifacts
6 | **/.DS_Store
7 |
--------------------------------------------------------------------------------
/monitor/elk/elasticsearch/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG ELASTIC_VERSION
2 |
3 | # https://www.docker.elastic.co/
4 | FROM docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION}
5 |
6 | # Add your elasticsearch plugins setup here
7 | # Example: RUN elasticsearch-plugin install analysis-icu
8 |
--------------------------------------------------------------------------------
/monitor/elk/elasticsearch/config/elasticsearch.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ## Default Elasticsearch configuration from Elasticsearch base image.
3 | ## https://github.com/elastic/elasticsearch/blob/master/distribution/docker/src/docker/config/elasticsearch.yml
4 | #
5 | cluster.name: "docker-cluster"
6 | network.host: 0.0.0.0
7 |
8 | ## X-Pack settings
9 | ## see https://www.elastic.co/guide/en/elasticsearch/reference/current/security-settings.html
10 | #
11 | xpack.license.self_generated.type: trial
12 | xpack.security.enabled: false
13 |
--------------------------------------------------------------------------------
/monitor/elk/elk-docker-compose.yml:
--------------------------------------------------------------------------------
1 | # Source: https://github.com/deviantony/docker-elk/edit/main/docker-compose.yml
2 | version: '3.7'
3 |
4 | services:
5 |
6 | # The 'setup' service runs a one-off script which initializes the
7 | # 'logstash_internal' and 'kibana_system' users inside Elasticsearch with the
8 | # values of the passwords defined in the '.env' file.
9 | #
10 | # This task is only performed during the *initial* startup of the stack. On all
11 | # subsequent runs, the service simply returns immediately, without performing
12 | # any modification to existing users.
13 | setup:
14 | build:
15 | context: setup/
16 | args:
17 | ELASTIC_VERSION: ${ELASTIC_VERSION}
18 | init: true
19 | volumes:
20 | - setup:/state:Z
21 | environment:
22 | ELASTIC_PASSWORD: ${ELASTIC_PASSWORD:-}
23 | LOGSTASH_INTERNAL_PASSWORD: ${LOGSTASH_INTERNAL_PASSWORD:-}
24 | KIBANA_SYSTEM_PASSWORD: ${KIBANA_SYSTEM_PASSWORD:-}
25 | networks:
26 | - elk
27 | depends_on:
28 | - elasticsearch
29 |
30 | elasticsearch:
31 | build:
32 | context: elasticsearch/
33 | args:
34 | ELASTIC_VERSION: ${ELASTIC_VERSION}
35 | volumes:
36 | - ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro,z
37 | - elasticsearch:/usr/share/elasticsearch/data:z
38 | ports:
39 | - "9200:9200"
40 | - "9300:9300"
41 | environment:
42 | ES_JAVA_OPTS: -Xms512m -Xmx512m
43 | # Bootstrap password.
44 | # Used to initialize the keystore during the initial startup of
45 | # Elasticsearch. Ignored on subsequent runs.
46 | ELASTIC_PASSWORD: ${ELASTIC_PASSWORD:-}
47 | # Use single node discovery in order to disable production mode and avoid bootstrap checks.
48 | # see: https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html
49 | discovery.type: single-node
50 | networks:
51 | - elk
52 |
53 | kibana:
54 | build:
55 | context: kibana/
56 | args:
57 | ELASTIC_VERSION: ${ELASTIC_VERSION}
58 | volumes:
59 | - ./kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:ro,Z
60 | ports:
61 | - "5601:5601"
62 | environment:
63 | KIBANA_SYSTEM_PASSWORD: ${KIBANA_SYSTEM_PASSWORD:-}
64 | networks:
65 | - elk
66 | depends_on:
67 | - elasticsearch
68 |
69 | networks:
70 | elk:
71 | driver: bridge
72 |
73 | volumes:
74 | setup:
75 | elasticsearch:
76 |
--------------------------------------------------------------------------------
/monitor/elk/extensions/README.md:
--------------------------------------------------------------------------------
1 | # Extensions
2 |
3 | Third-party extensions that enable extra integrations with the Elastic stack.
4 |
--------------------------------------------------------------------------------
/monitor/elk/extensions/filebeat/.dockerignore:
--------------------------------------------------------------------------------
1 | # Ignore Docker build files
2 | Dockerfile
3 | .dockerignore
4 |
5 | # Ignore OS artifacts
6 | **/.DS_Store
7 |
--------------------------------------------------------------------------------
/monitor/elk/extensions/filebeat/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG ELASTIC_VERSION
2 |
3 | FROM docker.elastic.co/beats/filebeat:${ELASTIC_VERSION}
4 |
--------------------------------------------------------------------------------
/monitor/elk/extensions/filebeat/README.md:
--------------------------------------------------------------------------------
1 | # Filebeat
2 |
3 | Filebeat is a lightweight shipper for forwarding and centralizing log data. Installed as an agent on your servers,
4 | Filebeat monitors the log files or locations that you specify, collects log events, and forwards them either to
5 | Elasticsearch or Logstash for indexing.
6 |
7 | ## Usage
8 |
9 | To include Filebeat in the stack, run Docker Compose from the root of the repository with an additional command line
10 | argument referencing the `filebeat-compose.yml` file:
11 |
12 | ```console
13 | $ docker-compose -f docker-compose.yml -f extensions/filebeat/filebeat-compose.yml up
14 | ```
15 |
16 | ## Configuring Filebeat
17 |
18 | The Filebeat configuration is stored in [`config/filebeat.yml`](./config/filebeat.yml). You can modify this file with
19 | the help of the [Configuration reference][filebeat-config].
20 |
21 | Any change to the Filebeat configuration requires a restart of the Filebeat container:
22 |
23 | ```console
24 | $ docker-compose -f docker-compose.yml -f extensions/filebeat/filebeat-compose.yml restart filebeat
25 | ```
26 |
27 | Please refer to the following documentation page for more details about how to configure Filebeat inside a Docker
28 | container: [Run Filebeat on Docker][filebeat-docker].
29 |
30 | ## See also
31 |
32 | [Filebeat documentation][filebeat-doc]
33 |
34 | [filebeat-config]: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-reference-yml.html
35 | [filebeat-docker]: https://www.elastic.co/guide/en/beats/filebeat/current/running-on-docker.html
36 | [filebeat-doc]: https://www.elastic.co/guide/en/beats/filebeat/current/index.html
37 |
--------------------------------------------------------------------------------
/monitor/elk/extensions/filebeat/config/filebeat.yml:
--------------------------------------------------------------------------------
1 | ## Filebeat configuration
2 | ## https://github.com/elastic/beats/blob/master/deploy/docker/filebeat.docker.yml
3 | #
4 |
5 | filebeat.config:
6 | modules:
7 | path: ${path.config}/modules.d/*.yml
8 | reload.enabled: false
9 |
10 | filebeat.autodiscover:
11 | providers:
12 | # The Docker autodiscover provider automatically retrieves logs from Docker
13 | # containers as they start and stop.
14 | - type: docker
15 | hints.enabled: true
16 |
17 | processors:
18 | - add_cloud_metadata: ~
19 |
20 | output.elasticsearch:
21 | hosts: ['http://elasticsearch:9200']
22 | username: elastic
23 | password: ${ELASTIC_PASSWORD}
24 |
25 | ## HTTP endpoint for health checking
26 | ## https://www.elastic.co/guide/en/beats/filebeat/current/http-endpoint.html
27 | #
28 |
29 | http.enabled: true
30 | http.host: 0.0.0.0
31 |
--------------------------------------------------------------------------------
/monitor/elk/extensions/filebeat/filebeat-compose.yml:
--------------------------------------------------------------------------------
1 | version: '3.7'
2 |
3 | services:
4 | filebeat:
5 | build:
6 | context: extensions/filebeat/
7 | args:
8 | ELASTIC_VERSION: ${ELASTIC_VERSION}
9 | # Run as 'root' instead of 'filebeat' (uid 1000) to allow reading
10 | # 'docker.sock' and the host's filesystem.
11 | user: root
12 | command:
13 | # Log to stderr.
14 | - -e
15 | # Disable config file permissions checks. Allows mounting
16 | # 'config/filebeat.yml' even if it's not owned by root.
17 | # see: https://www.elastic.co/guide/en/beats/libbeat/current/config-file-permissions.html
18 | - --strict.perms=false
19 | volumes:
20 | - ./extensions/filebeat/config/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro,Z
21 | - type: bind
22 | source: /var/lib/docker/containers
23 | target: /var/lib/docker/containers
24 | read_only: true
25 | - type: bind
26 | source: /var/run/docker.sock
27 | target: /var/run/docker.sock
28 | read_only: true
29 | environment:
30 | ELASTIC_PASSWORD: ${ELASTIC_PASSWORD:-}
31 | networks:
32 | - elk
33 | depends_on:
34 | - elasticsearch
35 |
--------------------------------------------------------------------------------
/monitor/elk/kibana/.dockerignore:
--------------------------------------------------------------------------------
1 | # Ignore Docker build files
2 | Dockerfile
3 | .dockerignore
4 |
5 | # Ignore OS artifacts
6 | **/.DS_Store
7 |
--------------------------------------------------------------------------------
/monitor/elk/kibana/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG ELASTIC_VERSION
2 |
3 | # https://www.docker.elastic.co/
4 | FROM docker.elastic.co/kibana/kibana:${ELASTIC_VERSION}
5 |
6 | # Add your kibana plugins setup here
7 | # Example: RUN kibana-plugin install
8 |
--------------------------------------------------------------------------------
/monitor/elk/kibana/config/kibana.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ## Default Kibana configuration from Kibana base image.
3 | ## https://github.com/elastic/kibana/blob/master/src/dev/build/tasks/os_packages/docker_generator/templates/kibana_yml.template.ts
4 | #
5 | server.name: kibana
6 | server.host: 0.0.0.0
7 | elasticsearch.hosts: [ "http://elasticsearch:9200" ]
8 | monitoring.ui.container.elasticsearch.enabled: true
9 |
10 | ## X-Pack security credentials
11 | #
12 | elasticsearch.username: kibana_system
13 | elasticsearch.password: ${KIBANA_SYSTEM_PASSWORD}
14 |
--------------------------------------------------------------------------------
/monitor/elk/run_env/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/monitor/elk/run_env/.gitkeep
--------------------------------------------------------------------------------
/monitor/elk/setup/.dockerignore:
--------------------------------------------------------------------------------
1 | # Ignore Docker build files
2 | Dockerfile
3 | .dockerignore
4 |
5 | # Ignore OS artifacts
6 | **/.DS_Store
7 |
8 | # Ignore Git files
9 | .gitignore
10 |
11 | # Ignore setup state
12 | state/
13 |
--------------------------------------------------------------------------------
/monitor/elk/setup/.gitignore:
--------------------------------------------------------------------------------
1 | /state/
2 |
--------------------------------------------------------------------------------
/monitor/elk/setup/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG ELASTIC_VERSION
2 |
3 | # https://www.docker.elastic.co/
4 | FROM docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION}
5 |
6 | USER root
7 |
8 | COPY . /
9 |
10 | RUN set -eux; \
11 | mkdir /state; \
12 | chown elasticsearch /state; \
13 | chmod +x /entrypoint.sh
14 |
15 | USER elasticsearch:root
16 |
17 | ENTRYPOINT ["/entrypoint.sh"]
18 |
--------------------------------------------------------------------------------
/monitor/elk/setup/entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | set -eu
4 | set -o pipefail
5 |
6 | source "$(dirname "${BASH_SOURCE[0]}")/helpers.sh"
7 |
8 |
9 | # --------------------------------------------------------
10 | # Users declarations
11 |
12 | declare -A users_passwords
13 | users_passwords=(
14 | [logstash_internal]="${LOGSTASH_INTERNAL_PASSWORD:-}"
15 | [kibana_system]="${KIBANA_SYSTEM_PASSWORD:-}"
16 | )
17 |
18 | declare -A users_roles
19 | users_roles=(
20 | [logstash_internal]='logstash_writer'
21 | )
22 |
23 | # --------------------------------------------------------
24 | # Roles declarations
25 |
26 | declare -A roles_files
27 | roles_files=(
28 | [logstash_writer]='logstash_writer.json'
29 | )
30 |
31 | # --------------------------------------------------------
32 |
33 |
34 | echo "-------- $(date) --------"
35 |
36 | state_file="$(dirname "${BASH_SOURCE[0]}")/state/.done"
37 | if [[ -e "$state_file" ]]; then
38 | log "State file exists at '${state_file}', skipping setup"
39 | exit 0
40 | fi
41 |
42 | log 'Waiting for availability of Elasticsearch. This can take several minutes.'
43 |
44 | declare -i exit_code=0
45 | wait_for_elasticsearch || exit_code=$?
46 |
47 | if ((exit_code)); then
48 | case $exit_code in
49 | 6)
50 | suberr 'Could not resolve host. Is Elasticsearch running?'
51 | ;;
52 | 7)
53 | suberr 'Failed to connect to host. Is Elasticsearch healthy?'
54 | ;;
55 | 28)
56 | suberr 'Timeout connecting to host. Is Elasticsearch healthy?'
57 | ;;
58 | *)
59 | suberr "Connection to Elasticsearch failed. Exit code: ${exit_code}"
60 | ;;
61 | esac
62 |
63 | exit $exit_code
64 | fi
65 |
66 | sublog 'Elasticsearch is running'
67 |
68 | for role in "${!roles_files[@]}"; do
69 | log "Role '$role'"
70 |
71 | declare body_file
72 | body_file="$(dirname "${BASH_SOURCE[0]}")/roles/${roles_files[$role]:-}"
73 | if [[ ! -f "${body_file:-}" ]]; then
74 | sublog "No role body found at '${body_file}', skipping"
75 | continue
76 | fi
77 |
78 | sublog 'Creating/updating'
79 | ensure_role "$role" "$(<"${body_file}")"
80 | done
81 |
82 | for user in "${!users_passwords[@]}"; do
83 | log "User '$user'"
84 | if [[ -z "${users_passwords[$user]:-}" ]]; then
85 | sublog 'No password defined, skipping'
86 | continue
87 | fi
88 |
89 | declare -i user_exists=0
90 | user_exists="$(check_user_exists "$user")"
91 |
92 | if ((user_exists)); then
93 | sublog 'User exists, setting password'
94 | set_user_password "$user" "${users_passwords[$user]}"
95 | else
96 | if [[ -z "${users_roles[$user]:-}" ]]; then
97 | err ' No role defined, skipping creation'
98 | continue
99 | fi
100 |
101 | sublog 'User does not exist, creating'
102 | create_user "$user" "${users_passwords[$user]}" "${users_roles[$user]}"
103 | fi
104 | done
105 |
106 | mkdir -p "$(dirname "${state_file}")"
107 | touch "$state_file"
108 |
--------------------------------------------------------------------------------
/monitor/elk/setup/helpers.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | # Log a message.
4 | function log {
5 | echo "[+] $1"
6 | }
7 |
8 | # Log a message at a sub-level.
9 | function sublog {
10 | echo " ⠿ $1"
11 | }
12 |
13 | # Log an error.
14 | function err {
15 | echo "[x] $1" >&2
16 | }
17 |
18 | # Log an error at a sub-level.
19 | function suberr {
20 | echo " ⠍ $1" >&2
21 | }
22 |
23 | # Poll the 'elasticsearch' service until it responds with HTTP code 200.
24 | function wait_for_elasticsearch {
25 | local elasticsearch_host="${ELASTICSEARCH_HOST:-elasticsearch}"
26 |
27 | local -a args=( '-s' '-D-' '-m15' '-w' '%{http_code}' "http://${elasticsearch_host}:9200/" )
28 |
29 | if [[ -n "${ELASTIC_PASSWORD:-}" ]]; then
30 | args+=( '-u' "elastic:${ELASTIC_PASSWORD}" )
31 | fi
32 |
33 | local -i result=1
34 | local output
35 |
36 | # retry for max 300s (60*5s)
37 | for _ in $(seq 1 60); do
38 | local -i exit_code=0
39 | output="$(curl "${args[@]}")" || exit_code=$?
40 |
41 | if ((exit_code)); then
42 | result=$exit_code
43 | fi
44 |
45 | if [[ "${output: -3}" -eq 200 ]]; then
46 | result=0
47 | break
48 | fi
49 |
50 | sleep 5
51 | done
52 |
53 | if ((result)) && [[ "${output: -3}" -ne 000 ]]; then
54 | echo -e "\n${output::-3}"
55 | fi
56 |
57 | return $result
58 | }
59 |
60 | # Verify that the given Elasticsearch user exists.
61 | function check_user_exists {
62 | local username=$1
63 |
64 | local elasticsearch_host="${ELASTICSEARCH_HOST:-elasticsearch}"
65 |
66 | local -a args=( '-s' '-D-' '-m15' '-w' '%{http_code}'
67 | "http://${elasticsearch_host}:9200/_security/user/${username}"
68 | )
69 |
70 | if [[ -n "${ELASTIC_PASSWORD:-}" ]]; then
71 | args+=( '-u' "elastic:${ELASTIC_PASSWORD}" )
72 | fi
73 |
74 | local -i result=1
75 | local -i exists=0
76 | local output
77 |
78 | output="$(curl "${args[@]}")"
79 | if [[ "${output: -3}" -eq 200 || "${output: -3}" -eq 404 ]]; then
80 | result=0
81 | fi
82 | if [[ "${output: -3}" -eq 200 ]]; then
83 | exists=1
84 | fi
85 |
86 | if ((result)); then
87 | echo -e "\n${output::-3}"
88 | else
89 | echo "$exists"
90 | fi
91 |
92 | return $result
93 | }
94 |
95 | # Set password of a given Elasticsearch user.
96 | function set_user_password {
97 | local username=$1
98 | local password=$2
99 |
100 | local elasticsearch_host="${ELASTICSEARCH_HOST:-elasticsearch}"
101 |
102 | local -a args=( '-s' '-D-' '-m15' '-w' '%{http_code}'
103 | "http://${elasticsearch_host}:9200/_security/user/${username}/_password"
104 | '-X' 'POST'
105 | '-H' 'Content-Type: application/json'
106 | '-d' "{\"password\" : \"${password}\"}"
107 | )
108 |
109 | if [[ -n "${ELASTIC_PASSWORD:-}" ]]; then
110 | args+=( '-u' "elastic:${ELASTIC_PASSWORD}" )
111 | fi
112 |
113 | local -i result=1
114 | local output
115 |
116 | output="$(curl "${args[@]}")"
117 | if [[ "${output: -3}" -eq 200 ]]; then
118 | result=0
119 | fi
120 |
121 | if ((result)); then
122 | echo -e "\n${output::-3}\n"
123 | fi
124 |
125 | return $result
126 | }
127 |
128 | # Create the given Elasticsearch user.
129 | function create_user {
130 | local username=$1
131 | local password=$2
132 | local role=$3
133 |
134 | local elasticsearch_host="${ELASTICSEARCH_HOST:-elasticsearch}"
135 |
136 | local -a args=( '-s' '-D-' '-m15' '-w' '%{http_code}'
137 | "http://${elasticsearch_host}:9200/_security/user/${username}"
138 | '-X' 'POST'
139 | '-H' 'Content-Type: application/json'
140 | '-d' "{\"password\":\"${password}\",\"roles\":[\"${role}\"]}"
141 | )
142 |
143 | if [[ -n "${ELASTIC_PASSWORD:-}" ]]; then
144 | args+=( '-u' "elastic:${ELASTIC_PASSWORD}" )
145 | fi
146 |
147 | local -i result=1
148 | local output
149 |
150 | output="$(curl "${args[@]}")"
151 | if [[ "${output: -3}" -eq 200 ]]; then
152 | result=0
153 | fi
154 |
155 | if ((result)); then
156 | echo -e "\n${output::-3}\n"
157 | fi
158 |
159 | return $result
160 | }
161 |
162 | # Ensure that the given Elasticsearch role is up-to-date, create it if required.
163 | function ensure_role {
164 | local name=$1
165 | local body=$2
166 |
167 | local elasticsearch_host="${ELASTICSEARCH_HOST:-elasticsearch}"
168 |
169 | local -a args=( '-s' '-D-' '-m15' '-w' '%{http_code}'
170 | "http://${elasticsearch_host}:9200/_security/role/${name}"
171 | '-X' 'POST'
172 | '-H' 'Content-Type: application/json'
173 | '-d' "$body"
174 | )
175 |
176 | if [[ -n "${ELASTIC_PASSWORD:-}" ]]; then
177 | args+=( '-u' "elastic:${ELASTIC_PASSWORD}" )
178 | fi
179 |
180 | local -i result=1
181 | local output
182 |
183 | output="$(curl "${args[@]}")"
184 | if [[ "${output: -3}" -eq 200 ]]; then
185 | result=0
186 | fi
187 |
188 | if ((result)); then
189 | echo -e "\n${output::-3}\n"
190 | fi
191 |
192 | return $result
193 | }
194 |
--------------------------------------------------------------------------------
/monitor/elk/setup/roles/logstash_writer.json:
--------------------------------------------------------------------------------
1 | {
2 | "cluster": [
3 | "manage_index_templates",
4 | "monitor",
5 | "manage_ilm"
6 | ],
7 | "indices": [
8 | {
9 | "names": [
10 | "logs-generic-default",
11 | "logstash-*",
12 | "ecs-logstash-*"
13 | ],
14 | "privileges": [
15 | "write",
16 | "create",
17 | "create_index",
18 | "manage",
19 | "manage_ilm"
20 | ]
21 | },
22 | {
23 | "names": [
24 | "logstash",
25 | "ecs-logstash"
26 | ],
27 | "privileges": [
28 | "write",
29 | "manage"
30 | ]
31 | }
32 | ]
33 | }
34 |
--------------------------------------------------------------------------------
/monitor/grafana/config/dashboards.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: 1
2 |
3 | providers:
4 | # an unique provider name
5 | - name: 'fullstackdatascience'
6 | # org id. will default to orgId 1 if not specified
7 | orgId: 1
8 | # name of the dashboard folder
9 | folder: ''
10 | # folder UID. will be automatically generated if not specified
11 | folderUid: ''
12 | # provider type. Required
13 | type: file
14 | # disable dashboard deletion
15 | disableDeletion: false
16 | # how often Grafana will scan for changed dashboards
17 | updateIntervalSeconds: 10
18 | # allow updating provisioned dashboards from the UI
19 | allowUiUpdates: true
20 | options:
21 | # path to dashboard files on disk. Required when using the 'file' type
22 | path: /opt/grafana/dashboards
23 | # use folder names from filesystem to create folders in Grafana
24 | foldersFromFilesStructure: true
--------------------------------------------------------------------------------
/monitor/grafana/config/datasources.yaml:
--------------------------------------------------------------------------------
1 | # config file version
2 | apiVersion: 1
3 |
4 | # list of datasources that should be deleted from the database
5 | deleteDatasources:
6 | - name: Prometheus
7 | orgId: 1
8 |
9 | # list of datasources to insert/update depending
10 | # what's available in the database
11 | datasources:
12 | - name: Prometheus
13 | type: prometheus
14 | access: proxy
15 | url: http://prometheus:9090
16 | isDefault: true
--------------------------------------------------------------------------------
/monitor/metric.py:
--------------------------------------------------------------------------------
1 | from io import BytesIO
2 | from typing import Optional
3 |
4 | import easyocr
5 | import numpy as np
6 | import uvicorn
7 | from loguru import logger
8 | from time import time
9 | from fastapi import FastAPI, File, UploadFile
10 | from opentelemetry import metrics
11 | from opentelemetry.exporter.prometheus import PrometheusMetricReader
12 | from opentelemetry.metrics import set_meter_provider
13 | from opentelemetry.sdk.metrics import MeterProvider
14 | from opentelemetry.sdk.resources import SERVICE_NAME, Resource
15 | from PIL import Image
16 | from prometheus_client import start_http_server
17 | from transformers import AutoTokenizer, AutoModelForSeq2SeqLM, pipeline
18 |
19 | # Start Prometheus client
20 | start_http_server(port=8099, addr="0.0.0.0")
21 |
22 | # Service name is required for most backends
23 | resource = Resource(attributes={SERVICE_NAME: "ocr-service"})
24 |
25 | # Exporter to export metrics to Prometheus
26 | reader = PrometheusMetricReader()
27 |
28 | # Meter is responsible for creating and recording metrics
29 | provider = MeterProvider(resource=resource, metric_readers=[reader])
30 | set_meter_provider(provider)
31 | meter = metrics.get_meter("myapp", "1.0.0")
32 |
33 | # Create your first counter
34 | counter = meter.create_counter(
35 | name="App_request_counter",
36 | description="Number of app requests"
37 | )
38 |
39 | histogram = meter.create_histogram(
40 | name="App_response_histogram",
41 | description="App response histogram",
42 | unit="seconds",
43 | )
44 |
45 | model_dir = "/model/"
46 | tokenizer = AutoTokenizer.from_pretrained(model_dir)
47 | model = AutoModelForSeq2SeqLM.from_pretrained(model_dir)
48 |
49 | summarizer = pipeline("summarization", model=model, tokenizer=tokenizer)
50 |
51 | app = FastAPI(
52 | root_path="/txtapp-service"
53 | )
54 |
55 | @app.get("/Text_Summarization")
56 | async def text_summarization(Text: Optional[str] = None):
57 | results = {"Mlops": [{"Author": "DrissDo"}]}
58 | if Text:
59 | # Use the summarizer to summarize the text
60 | summary = summarizer(Text, max_length=130, min_length=30, do_sample=False)
61 | results.update({"Text Summarization ": summary})
62 |
63 |
64 | # Labels for all metrics
65 | label = {"api": "/app"}
66 |
67 | # Increase the counter
68 | counter.add(10, label)
69 |
70 | # Mark the start and end of the response
71 | starting_time = time()
72 | # ... your code to process the request here ...
73 | ending_time = time()
74 | elapsed_time = ending_time - starting_time
75 |
76 | # Add histogram
77 | logger.info("elapsed time: ", elapsed_time)
78 | logger.info(elapsed_time)
79 | histogram.record(elapsed_time, label)
80 | return results
81 |
82 |
83 |
--------------------------------------------------------------------------------
/monitor/prom-graf-docker-compose.yaml:
--------------------------------------------------------------------------------
1 | # Source: https://grafana.com/docs/grafana-cloud/quickstart/docker-compose-linux/
2 | version: '3.8'
3 |
4 | networks:
5 | monitoring:
6 | driver: bridge
7 |
8 | volumes:
9 | prometheus_data:
10 | grafana_data:
11 | alertmanager_data:
12 |
13 | services:
14 | node-exporter:
15 | image: prom/node-exporter:v1.3.1
16 | container_name: node-exporter
17 | volumes:
18 | - /proc:/host/proc:ro
19 | - /sys:/host/sys:ro
20 | - /:/rootfs:ro
21 | command:
22 | - '--path.procfs=/host/proc'
23 | - '--path.rootfs=/rootfs'
24 | - '--path.sysfs=/host/sys'
25 | - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
26 | ports:
27 | - 9100:9100
28 | networks:
29 | - monitoring
30 |
31 | prometheus:
32 | image: prom/prometheus:v2.38.0
33 | container_name: prometheus
34 | restart: unless-stopped
35 | volumes:
36 | - prometheus_data:/prometheus
37 | - ./prometheus/config/prometheus.yml:/etc/prometheus/prometheus.yml
38 | - ./prometheus/config/alert-rules.yml:/etc/prometheus/alert-rules.yml
39 | command:
40 | - '--config.file=/etc/prometheus/prometheus.yml'
41 | - '--storage.tsdb.path=/prometheus'
42 | - '--web.console.libraries=/etc/prometheus/console_libraries'
43 | - '--web.console.templates=/etc/prometheus/consoles'
44 | - '--storage.tsdb.retention.time=20h'
45 | - '--web.enable-lifecycle'
46 | ports:
47 | - 9090:9090
48 | networks:
49 | - monitoring
50 |
51 | alertmanager:
52 | image: prom/alertmanager:v0.25.0
53 | container_name: alertmanager
54 | restart: unless-stopped
55 | volumes:
56 | - alertmanager_data:/alertmanager/data
57 | - ./alertmanager:/alertmanager
58 | command:
59 | - '--config.file=/alertmanager/config.yml'
60 | - '--storage.path=/alertmanager/data'
61 | - '--log.level=debug'
62 | ports:
63 | - 9093:9093
64 | networks:
65 | - monitoring
66 |
67 | cadvisor:
68 | image: gcr.io/cadvisor/cadvisor:latest
69 | container_name: cadvisor
70 | restart: unless-stopped
71 | volumes:
72 | - /:/rootfs:ro
73 | - /var/run:/var/run:rw
74 | - /sys:/sys:ro
75 | - /var/lib/docker:/var/lib/docker:ro
76 | ports:
77 | - 8090:8080
78 | networks:
79 | - monitoring
80 |
81 | grafana:
82 | image: grafana/grafana:9.0.5
83 | container_name: grafana
84 | restart: unless-stopped
85 | volumes:
86 | - grafana_data:/var/lib/grafana
87 | - ./grafana/config/dashboards.yaml:/etc/grafana/provisioning/dashboards/dashboards.yaml:ro
88 | - ./grafana/config/datasources.yaml:/etc/grafana/provisioning/datasources/datasource.yaml:ro
89 | - ./grafana/dashboards:/opt/grafana/dashboards
90 | environment:
91 | - GF_SECURITY_ADMIN_USER=${ADMIN_USER:-admin}
92 | - GF_SECURITY_ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin}
93 | ports:
94 | - 3000:3000
95 | networks:
96 | - monitoring
97 | healthcheck:
98 | test: ["CMD-SHELL", "curl -f localhost:3000/api/health && echo 'ready'"]
99 | interval: 10s
100 | retries: 10
101 |
102 | jaeger:
103 | image: jaegertracing/all-in-one:1.47
104 | container_name: jaeger
105 | restart: unless-stopped
106 | ports:
107 | - "6831:6831/udp"
108 | - "16686:16686"
109 | networks:
110 | - monitoring
--------------------------------------------------------------------------------
/monitor/prometheus/config/alert-rules.yml:
--------------------------------------------------------------------------------
1 | groups:
2 | - name: System alerts
3 | rules:
4 | - alert: NodeOutOfMemory
5 | expr: node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes * 100 < 5
6 | for: 1m
7 | labels:
8 | severity: warning
9 | annotations:
10 | summary: Node out of memory
11 | description: Node memory has reached {{ humanize $value}}%
12 |
13 | - name: Containers
14 | rules:
15 | - alert: JenkinsHighMemory
16 | expr: sum(rate(container_cpu_usage_seconds_total{name="jenkins"}[5m]))*100 > 2
17 | for: 30s
18 | labels:
19 | severity: warning
20 | annotations:
21 | summary: Jenkins high memory usage
22 | description: Jenkins memory consumption is at {{ humanize $value}}%
--------------------------------------------------------------------------------
/monitor/prometheus/config/prometheus.yml:
--------------------------------------------------------------------------------
1 | global:
2 | scrape_interval: 15s
3 | evaluation_interval: 15s
4 |
5 | # Load and evaluate rules in this file every 'evaluation_interval' seconds.
6 | rule_files:
7 | - alert-rules.yml
8 |
9 | alerting:
10 | alertmanagers:
11 | - static_configs:
12 | - targets:
13 | - "alertmanager:9093"
14 |
15 | # A scrape configuration containing exactly one endpoint to scrape.
16 | scrape_configs:
17 | - job_name: 'node'
18 | scrape_interval: 5s
19 | static_configs:
20 | - targets: ['node-exporter:9100']
21 |
22 | - job_name: 'cadvisor'
23 | scrape_interval: 5s
24 | static_configs:
25 | - targets: ['cadvisor:8080']
26 |
27 | - job_name: 'prometheus'
28 | scrape_interval: 10s
29 | static_configs:
30 | - targets: ['localhost:9090']
31 |
32 | - job_name: 'otel-app-metrics'
33 | scrape_interval: 10s
34 | static_configs:
35 | - targets: ['172.17.0.1:8099']
--------------------------------------------------------------------------------
/monitor/requirements.txt:
--------------------------------------------------------------------------------
1 | opentelemetry-api==1.19.0
2 | opentelemetry-sdk==1.19.0
3 | opentelemetry-instrumentation-asgi==0.40b0
4 | opentelemetry-instrumentation-fastapi==0.40b0
5 | opentelemetry-instrumentation-requests==0.40b0
6 | opentelemetry-instrumentation-logging==0.40b0
7 | opentelemetry-exporter-jaeger==1.19.0
8 | opentelemetry-exporter-otlp-proto-grpc==1.19.0
9 | opentelemetry-exporter-prometheus==1.12.0rc1
10 | Pillow==9.5.0
11 | easyocr==1.7.0
12 | loguru==0.7.0
13 | fastapi==0.96.0
14 | uvicorn[standard]==0.22.0
15 | python-multipart==0.0.6
16 | prometheus-client==0.17.1
--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | transformers[torch]
2 | datasets
3 | Pillow==9.5.0
4 | loguru==0.7.0
5 | python-multipart==0.0.6
6 | fastapi==0.96.0
7 | uvicorn[standard]==0.22.0
8 | gradio==2.3.6
9 |
--------------------------------------------------------------------------------
/terraform/.terraform/providers/registry.terraform.io/hashicorp/google/4.80.0/linux_amd64/terraform-provider-google_v4.80.0_x5:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Drissdo185/Text-Summarization/92eefeef2df93a8af02085ccfaed2d81543fdd22/terraform/.terraform/providers/registry.terraform.io/hashicorp/google/4.80.0/linux_amd64/terraform-provider-google_v4.80.0_x5
--------------------------------------------------------------------------------
/terraform/main.tf:
--------------------------------------------------------------------------------
1 |
2 | terraform {
3 | required_providers {
4 | google = {
5 | source = "hashicorp/google"
6 | version = "4.80.0"
7 | }
8 | }
9 | required_version = "1.7.3"
10 | }
11 |
12 | provider "google" {
13 | project = var.project_id
14 | region = var.region
15 | }
16 |
17 | // Google Kubernetes Engine
18 | resource "google_container_cluster" "primary" {
19 | name = "${var.project_id}-gke"
20 | location = var.region
21 |
22 | remove_default_node_pool = true
23 | initial_node_count = 1
24 |
25 | }
26 |
27 | resource "google_container_node_pool" "primary_preemptible_nodes" {
28 | name = "node-pool"
29 | location = var.region
30 | cluster = google_container_cluster.primary.name
31 | node_count = 1
32 |
33 | node_config {
34 | preemptible = true
35 | machine_type = "e2-standard-8" # 8 CPU and 32 GB Memory
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/terraform/outputs.tf:
--------------------------------------------------------------------------------
1 | // This will create the output likes this
2 | // Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
3 |
4 | // Outputs:
5 | // kubernetes_cluster_host = "34.28.90.0"
6 | // kubernetes_cluster_name = "mle-course-gke"
7 | // project_id = "mlops-414313"
8 | // region = "us-west4-b"
9 |
10 | output "project_id" {
11 | value = var.project_id
12 | description = "Project ID"
13 | }
14 |
15 | output "kubernetes_cluster_name" {
16 | value = google_container_cluster.primary.name
17 | description = "GKE Cluster Name"
18 | }
19 |
20 | output "kubernetes_cluster_host" {
21 | value = google_container_cluster.primary.endpoint
22 | description = "GKE Cluster Host"
23 | }
24 |
25 | output "region" {
26 | value = var.region
27 | description = "GKE region"
28 | }
29 |
--------------------------------------------------------------------------------
/terraform/variables.tf:
--------------------------------------------------------------------------------
1 | // Variables to use accross the project
2 | // which can be accessed by var.project_id
3 | variable "project_id" {
4 | description = "The project ID to host the cluster in"
5 | default = "mlops-414313"
6 | }
7 |
8 | variable "region" {
9 | description = "The region the cluster in"
10 | default = "us-central1"
11 | }
12 |
13 | variable "bucket" {
14 | description = "GCS bucket for MLE project"
15 | default = "mlops-414313"
16 | }
17 |
--------------------------------------------------------------------------------