ai-workspace-infra/artifacts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #148 from svc-design/codex/refactor-deploy-kong-gateway-script

Browse Source 
refactor kong gateway scripts
This commit is contained in:
shenlan 2025-09-14 19:54:25 +08:00 committed by GitHub
commit 0d3e307926
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 117 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/offline-package-kong-gateway.yaml vendored
View File

@ -4,6 +4,7 @@ on:
push:
paths:
- 'gitops/scripts/kong-gateway/deploy-kong-gateway.sh'
- 'gitops/scripts/kong-gateway/configure-example-app.sh'
- '.github/workflows/offline-package-kong-gateway.yaml'
workflow_dispatch:
inputs:
@ -63,11 +64,12 @@ jobs:
set -euo pipefail
mkdir -p offline-installer/{images,charts,scripts,bin}
- name: Stage deploy script
- name: Stage scripts
run: |
set -euo pipefail
cp gitops/scripts/kong-gateway/deploy-kong-gateway.sh offline-installer/scripts/
chmod +x offline-installer/scripts/deploy-kong-gateway.sh
cp gitops/scripts/kong-gateway/configure-example-app.sh offline-installer/scripts/
chmod +x offline-installer/scripts/deploy-kong-gateway.sh offline-installer/scripts/configure-example-app.sh
- name: Download nerdctl binary for ${{ matrix.arch }}
run: |

98
gitops/scripts/kong-gateway/configure-example-app.sh Executable file
View File

@ -0,0 +1,98 @@
#!/usr/bin/env bash
set -euo pipefail
NODE_NAME=$(hostname)
kubectl label nodes "${NODE_NAME}" ingress-node=true --overwrite
cat <<'YEOF' | kubectl apply -f -
---
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
name: kong
annotations:
konghq.com/gatewayclass-unmanaged: 'true'
spec:
controllerName: konghq.com/kic-gateway-controller
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
namespace: default
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
type: ClusterIP
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: demo-gateway
namespace: default
annotations:
konghq.com/publish-service: kong/kong-gateway-proxy
spec:
gatewayClassName: kong
listeners:
- name: https
port: 443
protocol: HTTPS
hostname: "example.com"
tls:
mode: Terminate
certificateRefs:
- name: example-tls
allowedRoutes:
namespaces:
from: All
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: demo-route
namespace: default
spec:
parentRefs:
- name: demo-gateway
namespace: default
hostnames:
- example.com
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: nginx-svc
port: 80
YEOF
EXTERNAL_IP=$(hostname -I | awk '{print $1}')
curl -ksv https://example.com --resolve example.com:443:${EXTERNAL_IP}

130
gitops/scripts/kong-gateway/deploy-kong-gateway.sh
View File

@ -10,14 +10,21 @@ helm repo update
cat > kong-values.yaml <<'VEOF'
kong:
secretVolumes:
- onwalk-tls
- example-tls
env:
ssl_cert: /etc/secrets/onwalk-tls/tls.crt
ssl_cert_key: /etc/secrets/onwalk-tls/tls.key
ssl_cert: /etc/secrets/example-tls/tls.crt
ssl_cert_key: /etc/secrets/example-tls/tls.key
VEOF
kubectl create ns kong || true
kubectl create secret tls onwalk-tls --cert=/etc/ssl/onwalk.net.pem --key=/etc/ssl/onwalk.net.key -n kong
# Generate self-signed certificate for example.com
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-subj "/CN=example.com" \
-keyout example.com.key \
-out example.com.pem
kubectl create secret tls example-tls --cert=example.com.pem --key=example.com.key -n kong
helm upgrade --install kong kong/ingress -n kong --create-namespace -f kong-values.yaml
# Expose Kong proxy via NodePort and external IP
@ -45,119 +52,12 @@ kubectl patch svc kong-gateway-proxy -n kong \
}
}'
EXTERNAL_IP=$(hostname -I | awk '{print $1}')
kubectl patch svc kong-gateway-proxy -n kong \
--type='merge' \
-p '{
"spec": {
"externalIPs": [
"47.120.61.35"
]
}
}'
-p "{\"spec\": {\"externalIPs\": [\"${EXTERNAL_IP}\"]}}"
NODE_NAME=$(hostname)
kubectl patch deployment kong-gateway -n kong \
--type='merge' \
-p '{
"spec": {
"template": {
"spec": {
"nodeName": "icp-aliyun.svc.plus"
}
}
}
}'
# Configure GatewayClass and example application
cat <<'YEOF' | kubectl apply -f -
---
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
name: kong
annotations:
konghq.com/gatewayclass-unmanaged: 'true'
spec:
controllerName: konghq.com/kic-gateway-controller
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
namespace: default
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
type: ClusterIP
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: demo-gateway
namespace: default
annotations:
konghq.com/publish-service: kong/kong-gateway-proxy
spec:
gatewayClassName: kong
listeners:
- name: https
port: 443
protocol: HTTPS
hostname: "demo.onwalk.net"
tls:
mode: Terminate
certificateRefs:
- name: onwalk-tls
allowedRoutes:
namespaces:
from: All
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: demo-route
namespace: default
spec:
parentRefs:
- name: demo-gateway
namespace: default
hostnames:
- demo.onwalk.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: nginx-svc
port: 80
YEOF
kubectl label nodes icp-aliyun.svc.plus ingress-node=true
curl -ksv https://demo.onwalk.net/ --resolve demo.onwalk.net:443:172.30.0.10
-p "{\"spec\": {\"template\": {\"spec\": {\"nodeName\": \"${NODE_NAME}\"}}}}"