Skip to content

Commit 5160cb7

Browse files
priyankash-citrixpriyankash-citrix
authored
Merge pull request #554 from citrix/docUpdate
Operator and Dual tier topology Doc update
2 parents 771d41b + dc46d74 commit 5160cb7

36 files changed

Lines changed: 520 additions & 516 deletions

deployment/dual-tier/README.md

Lines changed: 62 additions & 54 deletions
Large diffs are not rendered by default.

deployment/dual-tier/manifest/all-in-one-dual-tier-demo.yaml

Lines changed: 176 additions & 149 deletions
Large diffs are not rendered by default.

deployment/dual-tier/manifest/apache.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
apiVersion: apps/v1beta2
1+
apiVersion: apps/v1
22
kind: Deployment
33
metadata:
44
name: apache

deployment/dual-tier/manifest/ingress-tier-1-vpx.yaml

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@ apiVersion: networking.k8s.io/v1
22
kind: Ingress
33
metadata:
44
annotations:
5-
ingress.citrix.com/insecure-termination: allow
65
kubernetes.io/ingress.class: tier-1-vpx
76
name: vpx-ingress
87
spec:
@@ -12,10 +11,8 @@ spec:
1211
paths:
1312
- backend:
1413
service:
15-
name: cpx-ingress
14+
name: cpx-service
1615
port:
1716
number: 80
1817
path: /
1918
pathType: Prefix
20-
tls:
21-
- secretName: cert2k

deployment/dual-tier/manifest/ingress-tier-2-cpx.yaml

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@ apiVersion: networking.k8s.io/v1
22
kind: Ingress
33
metadata:
44
annotations:
5-
ingress.citrix.com/insecure-termination: allow
65
kubernetes.io/ingress.class: tier-2-cpx
76
name: citrix-ingress
87
spec:
@@ -17,5 +16,3 @@ spec:
1716
number: 80
1817
path: /
1918
pathType: Prefix
20-
tls:
21-
- secretName: cert-key

deployment/dual-tier/manifest/tier-1-vpx-cic.yaml

Lines changed: 45 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -8,42 +8,38 @@
88
# value: "<NSIP of the Tier-1 VPX>"
99
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - #
1010
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - #
11-
12-
---
1311
kind: ClusterRole
1412
apiVersion: rbac.authorization.k8s.io/v1
1513
metadata:
1614
name: cic-k8s-role
1715
rules:
1816
- apiGroups: [""]
19-
resources: ["endpoints", "ingresses", "pods", "secrets", "nodes", "routes", "namespaces"]
17+
resources: ["endpoints", "pods", "secrets", "nodes", "routes", "namespaces", "configmaps", "services"]
2018
verbs: ["get", "list", "watch"]
21-
# services/status is needed to update the loadbalancer IP in service status for integrating
22-
# service of type LoadBalancer with external-dns
2319
- apiGroups: [""]
2420
resources: ["services/status"]
2521
verbs: ["patch"]
26-
- apiGroups: [""]
27-
resources: ["services"]
28-
verbs: ["get", "list", "watch", "patch"]
2922
- apiGroups: [""]
3023
resources: ["events"]
3124
verbs: ["create"]
3225
- apiGroups: ["extensions"]
3326
resources: ["ingresses", "ingresses/status"]
34-
verbs: ["get", "list", "watch"]
27+
verbs: ["get", "list", "watch", "patch"]
28+
- apiGroups: ["networking.k8s.io"]
29+
resources: ["ingresses", "ingresses/status", "ingressclasses"]
30+
verbs: ["get", "list", "watch", "patch"]
3531
- apiGroups: ["apiextensions.k8s.io"]
3632
resources: ["customresourcedefinitions"]
3733
verbs: ["get", "list", "watch"]
3834
- apiGroups: ["apps"]
3935
resources: ["deployments"]
4036
verbs: ["get", "list", "watch"]
4137
- apiGroups: ["citrix.com"]
42-
resources: ["rewritepolicies", "canarycrds", "authpolicies", "ratelimits"]
43-
verbs: ["get", "list", "watch"]
38+
resources: ["rewritepolicies", "authpolicies", "ratelimits", "listeners", "httproutes", "continuousdeployments", "apigatewaypolicies", "wafs", "bots", "corspolicies", "appqoepolicies"]
39+
verbs: ["get", "list", "watch", "create", "delete", "patch"]
4440
- apiGroups: ["citrix.com"]
45-
resources: ["rewritepolicies/status", "canarycrds/status", "authpolicies/status", "ratelimits/status"]
46-
verbs: ["get", "list", "patch"]
41+
resources: ["rewritepolicies/status", "continuousdeployments/status", "authpolicies/status", "ratelimits/status", "listeners/status", "httproutes/status", "wafs/status", "apigatewaypolicies/status", "bots/status", "corspolicies/status", "appqoepolicies/status"]
42+
verbs: ["patch"]
4743
- apiGroups: ["citrix.com"]
4844
resources: ["vips"]
4945
verbs: ["get", "list", "watch", "create", "delete"]
@@ -59,7 +55,9 @@ rules:
5955
- apiGroups: ["crd.projectcalico.org"]
6056
resources: ["ipamblocks"]
6157
verbs: ["get", "list", "watch"]
58+
6259
---
60+
6361
kind: ClusterRoleBinding
6462
apiVersion: rbac.authorization.k8s.io/v1
6563
metadata:
@@ -72,49 +70,60 @@ subjects:
7270
- kind: ServiceAccount
7371
name: cic-k8s-role
7472
namespace: default
75-
apiVersion: rbac.authorization.k8s.io/v1
73+
7674
---
75+
7776
apiVersion: v1
7877
kind: ServiceAccount
7978
metadata:
8079
name: cic-k8s-role
8180
namespace: default
81+
8282
---
83-
apiVersion: v1
84-
kind: Pod
83+
apiVersion: apps/v1
84+
kind: Deployment
8585
metadata:
8686
name: cic-k8s-ingress-controller
87-
labels:
88-
app: cic-k8s-ingress-controller
8987
spec:
88+
selector:
89+
matchLabels:
90+
app: cic-k8s-ingress-controller
91+
replicas: 1
92+
template:
93+
metadata:
94+
name: cic-k8s-ingress-controller
95+
labels:
96+
app: cic-k8s-ingress-controller
97+
annotations:
98+
spec:
9099
serviceAccountName: cic-k8s-role
91100
containers:
92101
- name: cic-k8s-ingress-controller
93102
image: "quay.io/citrix/citrix-k8s-ingress-controller:1.26.7"
94103
env:
95-
# Set NetScaler Management IP or SNIP in case of HA
96-
- name: "NS_IP"
97-
value: "<Kubernetes facing SNIP of VPX where MGMT access is enabled> or <NS IP of the VPX if it is reachable from K8s cluster>"
98-
# Set username for Nitro
99-
- name: "NS_USER"
100-
valueFrom:
104+
# Set NetScaler NSIP/SNIP, SNIP in case of HA (mgmt has to be enabled)
105+
- name: "NS_IP"
106+
value: "<Kubernetes facing SNIP of VPX where MGMT access is enabled> or <NS IP of the VPX if it is reachable from K8s cluster>"
107+
- name: "NS_VIP"
108+
value: "<VIP of the Tier-1 VPX>"
109+
# Set username for Nitro
110+
- name: "NS_USER"
111+
valueFrom:
101112
secretKeyRef:
102113
name: nslogin
103114
key: username
104-
# Set user password for Nitro
105-
- name: "NS_PASSWORD"
106-
valueFrom:
115+
- name: "LOGLEVEL"
116+
value: "INFO"
117+
# Set user password for Nitro
118+
- name: "NS_PASSWORD"
119+
valueFrom:
107120
secretKeyRef:
108121
name: nslogin
109122
key: password
110-
- name: "EULA"
111-
value: "yes"
112-
- name: "NS_VIP"
113-
value: "<VIP of the Tier-1 VPX>"
123+
# Set log level
124+
- name: "EULA"
125+
value: "yes"
114126
args:
115-
- --ingress-classes
116-
tier-1-vpx
117-
- --feature-node-watch
118-
true
127+
- --ingress-classes tier-1-vpx
128+
- --feature-node-watch true
119129
imagePullPolicy: Always
120-
---

0 commit comments

Comments
 (0)