Migrate citrix-adc-istio-ingress-gateway v1.2.1

2020-08-11 10:03:56 -07:00 · 2020-08-11 10:03:56 -07:00 · f10d7fb0a7
parent b756446079
commit f10d7fb0a7
4 changed files with 339 additions and 0 deletions
--- a/packages/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway.patch
+++ b/packages/citrix-adc-istio-ingress-gateway/citrix-adc-istio-ingress-gateway.patch
@ -0,0 +1,11 @@
+diff -x '*.tgz' -x '*.lock' -uNr packages/citrix-adc-istio-ingress-gateway/charts-original/Chart.yaml packages/citrix-adc-istio-ingress-gateway/charts/Chart.yaml
+--- packages/citrix-adc-istio-ingress-gateway/charts-original/Chart.yaml
+++ packages/citrix-adc-istio-ingress-gateway/charts/Chart.yaml
+@@ -13,3 +13,7 @@
+ sources:
+ - https://github.com/citrix/citrix-istio-adaptor
+ version: 1.2.1
+annotations:
+  catalog.cattle.io/certified: partner
+  catalog.cattle.io/namespace: citrix-adc-istio-ingress-gateway
+  catalog.cattle.io/release-name: citrix-adc-istio-ingress-gateway
--- a/packages/citrix-adc-istio-ingress-gateway/overlay/app-readme.md
+++ b/packages/citrix-adc-istio-ingress-gateway/overlay/app-readme.md
@ -0,0 +1,18 @@
+# Citrix ADC as an Ingress Gateway for Istio
+
+An [Istio](https://istio.io/) ingress gateway acts as an entry point for the incoming traffic and secures and controls access to the service mesh. It also performs routing and load balancing. Citrix ADC [CPX](https://docs.citrix.com/en-us/citrix-adc-cpx), MPX, or [VPX](https://docs.citrix.com/en-us/citrix-adc.html), can be deployed as an ingress gateway to the Istio service mesh.
+
+### Prerequisites
+
+The following prerequisites are required for deploying Citrix ADC as an Ingress Gateway in Istio service mesh:
+
+- Ensure that **Istio** is enabled.
+- Ensure that your cluster has Kubernetes version 1.14.0 or later.
+- Ensure to create secret named **nslogin**  with username and password in same namespace in case of VPX/MPX . Choose the **Resources > Secrets** in the navigation bar.
+
+### Important NOTE:
+- Follow this [link](https://github.com/citrix/citrix-helm-charts/blob/master/examples/citrix-adc-in-istio/README.md
+) to deploy Citrix ADC as an ingress gateway for application.
+- For deploying Citrix ADC VPX or MPX as ingress gateway, you should establish the connectivity between Citrix ADC VPX or MPX and cluster nodes. This connectivity can be established by configuring routes on Citrix ADC as mentioned [here](https://github.com/citrix/citrix-k8s-ingress-controller/blob/master/docs/network/staticrouting.md) or by deploying [Citrix Node Controller](https://github.com/citrix/citrix-k8s-node-controller).
+
+This catalog deploys Citrix ADC VPX, MPX, or CPX as an Ingress Gateway in the Istio service mesh. For detailed information on various deployment options,checkout this [link](https://github.com/citrix/citrix-istio-adaptor).
--- a/packages/citrix-adc-istio-ingress-gateway/overlay/questions.yml
+++ b/packages/citrix-adc-istio-ingress-gateway/overlay/questions.yml
@ -0,0 +1,308 @@
+labels:
+  io.rancher.certified: partner
+questions:
+- variable: citrixCPX
+  required: true
+  type: boolean
+  default: true
+  description: "Set true to use Citrix ADC CPX as ingress device. Set false to use VPX/MPX as ingress device"
+  label: citrixCPX
+  group: "Deployment Settings"
+- variable: secrets.name
+  required: true
+  type: string
+  default: "nslogin"
+  description: "Ensure to create nslogin secret in same namespace"
+  show_if: "citrixCPX=false"
+  group: "nslogin Settings"
+- variable: istioAdaptor.image
+  required: true
+  type: string
+  default: "quay.io/citrix/citrix-istio-adaptor"
+  label: istioAdaptor Image
+  description: "Istio-adaptor Image to be used"
+  group: "Istio-adaptor Settings"
+- variable: istioAdaptor.tag
+  required: true
+  type: string
+  default: "1.2.1"
+  label: istioAdaptor tag
+  group: "Istio-adaptor Settings"
+- variable: istioAdaptor.imagePullPolicy
+  required: true
+  type: enum
+  default: IfNotPresent
+  label: istioAdaptor imagePullPolicy
+  description: "Istio-adaptor Image pull policy"
+  options:
+  - "Always"
+  - "IfNotPresent"
+  - "Never"
+  group: "Istio-adaptor Settings"
+- variable: istioAdaptor.netscalerUrl
+  required: true
+  type: string
+  default: null
+  label: istioAdaptor netscalerUrl
+  description: "URL or IP address of the Citrix ADC which Istio-adaptor configures"
+  show_if: "citrixCPX=false"
+  group: "Istio-adaptor Settings"
+- variable: istioAdaptor.secureConnect
+  required: false
+  type: boolean
+  default: true
+  label: istioAdaptor secureConnect
+  description: "If this value is set to true, Istio-adaptor establishes secure gRPC channel with Istio Pilot"
+  group: "Istio-adaptor Settings"
+- variable: istioAdaptor.vserverIP
+  required: true
+  type: string
+  label: istioAdaptor vserverIP
+  show_if: "citrixCPX=false"
+  descriptions: "Virtual server IP address on Citrix ADC"
+  group: "Istio-adaptor Settings"
+- variable: istioAdaptor.netProfile
+  required: false
+  type: string
+  label: istioAdaptor netProfile
+  description: "profile name used by CNC to configure VPX/MPX"
+  show_if: "citrixCPX=false"
+  group: "Istio-adaptor Settings"
+- variable: istioAdaptor.ADMIP
+  required: false
+  type: string
+  label: istioAdaptor ADMIP
+  description: "Citrix Application Delivery Management (ADM) IP address"
+  group: "Istio-adaptor Settings"
+- variable: istioAdaptor.ADMFingerPrint
+  required: false
+  type: string
+  label: istioAdaptor ADMFingerPrint
+  description: "Citrix Application Delivery Management (ADM) Finger Print."
+  group: "Istio-adaptor Settings"
+- variable: istioAdaptor.coeURL
+  required: false
+  type: string
+  label: istioAdaptor coeURL
+  description: "Name of Citrix Observability Exporter Service"
+  group: "Istio-adaptor Settings"
+- variable: istioPilot.name
+  required: true
+  type: string
+  default: istio-pilot
+  label: istio-pilot name
+  group: "istio-pilot Settings"
+  description: "Name of the Istio Pilot service"
+- variable: istioPilot.namespace
+  required: true
+  type: string
+  default: istio-system
+  label: istio-pilot namespace
+  description: "Namespace where Istio Pilot is running"
+  group: "istio-pilot Settings"
+- variable: istioPilot.secureGrpcPort
+  required: true
+  type: int
+  default: 15011
+  label: istio-pilot secureGrpcPort
+  show_if: "istioAdaptor.secureConnect=true"
+  description: "Secure GRPC port where Istio Pilot is listening"
+  group: "istio-pilot Settings"
+- variable: istioPilot.insecureGrpcPort
+  required: true
+  type: int
+  default: 15010
+  show_if: "istioAdaptor.secureConnect=false"
+  label: istio-pilot insecureGrpcPort
+  description: "Insecure GRPC port where Istio Pilot is listening"
+  group: "istio-pilot Settings"
+- variable: istioPilot.SAN
+  required: true
+  type: string
+  default: "spiffe://cluster.local/ns/istio-system/sa/istio-pilot-service-account"
+  label: istio-pilot SAN
+  description: "Subject alternative name for Istio Pilot which is (SPIFFE) ID of Istio Pilot"
+  show_if: "istioAdaptor.secureConnect=true"
+  group: "istio-pilot Settings"
+- variable: ingressGateway.image
+  required: true
+  type: string
+  default: "quay.io/citrix/citrix-k8s-cpx-ingress"
+  label: ingressGateway Image
+  description: "ingressGateway image to be used"
+  group: "ingressGateway Settings"
+- variable: ingressGateway.tag
+  required: true
+  type: string 
+  default: "13.0-47.22"
+  label: ingressGateway tag
+  group: "ingressGateway Settings"
+- variable: ingressGateway.imagePullPolicy
+  required: true
+  type: enum
+  default: IfNotPresent
+  label: ingressGateway imagePullPolicy
+  description: Ingress-gateway Image pull policy
+  group: "ingressGateway Settings"
+  options:
+  - "Always"
+  - "IfNotPresent"
+  - "Never"
+- variable: ingressGateway.EULA
+  required: true
+  type: enum
+  description: "End user license agreement (read EULA before accepting it yes)"
+  label: ingressGateway EULA
+  options:
+   - "YES"
+   - "NO"
+  group: "ingressGateway Settings"
+- variable: ingressGateway.mgmtHttpPort
+  required: true
+  type: int
+  default: 10080
+  label: ingressGateway mgmtHttpPort
+  description: "Management port of the Citrix ADC CPX"
+  show_if: "citrixCPX=true"
+  group: "ingressGateway Settings"
+- variable: ingressGateway.mgmtHttpsPort
+  required: true
+  type: int
+  default: 10443
+  show_if: "citrixCPX=true"
+  label: ingressGateway mgmtHttpsPort
+  description: "Secure management port of Citrix ADC CPX"
+  group: "ingressGateway Settings"
+- variable: ingressGateway.httpNodePort
+  required: true
+  type: int
+  default: 30180
+  show_if: "citrixCPX=true"
+  label: ingressGateway httpNodePort
+  description: "Port on host machine which is used to expose HTTP port of Citrix ADC CPX"
+  group: "ingressGateway Settings"
+- variable: ingressGateway.httpsNodePort
+  required: true
+  type: int
+  default: 31443
+  show_if: "citrixCPX=true"
+  label: ingressGateway httpsNodePort
+  description: "Port on host machine which is used to expose HTTPS port of Citrix ADC CPX"
+  group: "ingressGateway Settings"
+- variable: ingressGateway.exposeMutipleApps
+  required: true
+  type: boolean
+  default: false
+  description: "By default, only one service is exposed via ingress gateway. To expose another service, select it TRUE, and then specify a set of secret, volume name, mount path in subsequent fields"
+  label: exposeMutipleApps
+  group: "ingressGateway Settings"
+- variable: ingressGateway.secretVolumes[0].name
+  required: true
+  type: string
+  show_if: "ingressGateway.exposeMutipleApps=true"
+  label: ingressGateway secretVolumes name
+  group: "ingressGateway Settings"
+- variable: ingressGateway.secretVolumes[0].secretName
+  required: true
+  type: string
+  show_if: "ingressGateway.exposeMutipleApps=true"
+  label: ingressGateway secretVolumes secretName
+  description: "user defined volumes to be mounted using Kubernetes secrets name" 
+  group: "ingressGateway Settings"
+- variable: ingressGateway.secretVolumes[0].mountPath
+  required: true
+  type: string
+  show_if: "ingressGateway.exposeMutipleApps=true"
+  label: ingressGateway secretVolumes mountPath
+  group: "ingressGateway Settings"
+- variable: ingressGateway.licenseServerPort
+  required: false
+  type: int
+  default: 27000
+  label: ingressGateway licenseServerPort
+  description: "Citrix ADM port if a non-default port is used"
+  group: "ingressGateway Settings"
+- variable: ingressGateway.label
+  required: true
+  type: string
+  default: "citrix-ingressgateway"
+  label: ingressGateway label
+  description: "Custom label for the Ingress Gateway service"
+  group: "ingressGateway Settings"
+- variable: ingressGateway.exposeNonHttpService
+  required: true
+  type: boolean
+  default: false
+  description: "By default, gateway is configured to expose HTTP(S) services. To expose non-HTTP services, select exposeNonHttpService to True, and then specify a set of port, port-name, target-port, nodeport (if applicable) in subsequent field."
+  label: exposeNonHttpService
+  group: "ingressGateway Settings"
+- variable: ingressGateway.tcpPort[0].name
+  required: true
+  type: string
+  default:  
+  label: Services runing on tcpPort name
+  show_if: "ingressGateway.exposeNonHttpService=true"
+  group: "ingressGateway Settings"
+- variable: ingressGateway.tcpPort[0].nodePort
+  required: true
+  type: int
+  min: 30000
+  max: 32767
+  label: Citrix ADC CPX exposed using nodePort
+  show_if: "citrixCPX=true && ingressGateway.exposeNonHttpService=true"
+  description: "NodePort (to set explicitly, choose port between 30000-32767)"
+  group: "ingressGateway Settings"
+- variable: ingressGateway.tcpPort[0].port
+  required: true
+  type: int
+  label: Services exposed using Port on Citrix ADC
+  show_if: "ingressGateway.exposeNonHttpService=true"
+  group: "ingressGateway Settings"
+- variable: ingressGateway.tcpPort[0].targetPort
+  required: true
+  type: int
+  label: Services running on targetPort
+  show_if: "ingressGateway.exposeNonHttpService=true"
+  group: "ingressGateway Settings"
+- variable: metricExporter.image
+  required: true
+  type: string
+  default: "quay.io/citrix/citrix-adc-metrics-exporter"
+  label: Exporter Image
+  description: "Exporter Image to be used"
+  group: "metricExporter Settings"
+- variable: metricExporter.version
+  required: true
+  type: string
+  default: "1.4.0"
+  label: metricExporter Version
+  group: "metricExporter Settings"
+- variable: metricExporter.port
+  required: true
+  type: int
+  default: 8888
+  label: metricExporter Port
+  group: "metricExporter Settings"
+- variable: metricExporter.logLevel
+  required: true
+  type: enum
+  default: ERROR
+  label: metricExporter logLevel
+  group: "metricExporter Settings"
+  options:
+  - "DEBUG"
+  - "INFO"
+  - "WARNING"
+  - "ERROR"
+  - "TRACE"
+- variable: metricExporter.imagePullPolicy
+  required: true
+  type: enum
+  default: IfNotPresent
+  label: metricExporter imagePullPolicy
+  description: "Exporter Image pull policy"
+  group: "metricExporter Settings"
+  options:
+  - "Always"
+  - "IfNotPresent"
+  - "Never"
--- a/packages/citrix-adc-istio-ingress-gateway/package.yaml
+++ b/packages/citrix-adc-istio-ingress-gateway/package.yaml
@ -0,0 +1,2 @@
+url: https://citrix.github.io/citrix-helm-charts/citrix-adc-istio-ingress-gateway-1.2.1.tgz
+packageVersion: 00