add external service ports, additional configs, k8s lambda executor (#64)

Co-authored-by: Daniel Fangl <[email protected]>

Author: alexrashed

charts/localstack/Chart.yaml

@@ -2,7 +2,7 @@ annotations:
   category: Infrastructure
 apiVersion: v2
 appVersion: latest
-version: 0.4.3
+version: 0.5.0
 name: localstack
 description: LocalStack - a fully functional local AWS cloud stack
 type: application

charts/localstack/README.md

@@ -106,7 +106,8 @@ The following table lists the configurable parameters of the Localstack chart an
 |------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------|
 | `service.type`                                       | Kubernetes Service type                                                                                                                                                                                                               | `NodePort`                                              |
 | `service.edgeService.targetPort`                     | Port number for Localstack edge service                                                                                                                                                                                               | `4566`                                                  |
-| `service.apiServices[0].targetPort`                  | Port number for Localstack elasticsearch service                                                                                                                                                                                      | `4571`                                                  |
+| `service.externalServicePorts.start`                   | Start of the external service port range (included). service                                                                                                                                                                                      | `4510`                                                  |
+| `service.externalServicePorts.end`                   | End of the external service port range (excluded). service                                                                                                                                                                                      | `4560`                                                  |
 | `service.loadBalancerIP`                             | loadBalancerIP if Localstack service type is `LoadBalancer`                                                                                                                                                                           | `nil`                                                   |
 | `ingress.enabled`                                    | Enable the use of the ingress controller to access Localstack service                                                                                                                                                                 | `false`                                                 |
 | `ingress.annotations`                                | Annotations for the Localstack Ingress                                                                                                                                                                                                | `{}`                                                    |

charts/localstack/templates/_helpers.tpl

@@ -60,6 +60,41 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+{{/*
+Create the role name for the pods/* role
+*/}}
+{{- define "localstack.roleName" -}}
+{{- if .Values.role.create }}
+{{- default (include "localstack.fullname" .) .Values.role.name }}
+{{- else }}
+{{- default "default" .Values.role.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the RoleBinding name for the service account
+*/}}
+{{- define "localstack.roleBindingName" -}}
+{{- if .Values.role.create }}
+{{- default (include "localstack.fullname" .) .Values.role.name }}
+{{- else }}
+{{- default "default" .Values.role.name }}
+{{- end }}
+{{- end }}
+
+{{- define "localstack.lambda.prepare_labels" -}}
+{{- if .Values.lambda.labels }}
+{{- range $key, $value := .Values.lambda.labels -}}
+  {{ $key }}={{ $value }},
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "localstack.lambda.labels" -}}
+{{- if include "localstack.lambda.prepare_labels" . -}}
+  {{ include "localstack.lambda.prepare_labels" . | trimSuffix "," }}
+{{- end }}
+{{- end }}
 
 {{/*
 Add extra annotations to every resource

charts/localstack/templates/deployment.yaml

@@ -7,6 +7,9 @@ metadata:
     {{- include "localstack.labels" . | nindent 4 }}
   annotations:
     {{- include "localstack.annotations" . | nindent 4 }}
+    {{- with .Values.service.annotations }}
+    {{- tpl (toYaml .) $ | nindent 4 }}
+    {{- end }}
 spec:
   replicas: {{ .Values.replicaCount }}
   strategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }}
@@ -39,9 +42,9 @@ spec:
             - name: {{ .Values.service.edgeService.name }}
               containerPort: {{ .Values.service.edgeService.targetPort }}
               protocol: TCP
-            {{- range .Values.service.apiServices }}
-            - name: {{ .name }}
-              containerPort: {{ .targetPort }}
+            {{- range untilStep (.Values.service.externalServicePorts.start|int) (.Values.service.externalServicePorts.end|int) 1 }}
+            - name: "ext-svc-{{ . }}"
+              containerPort: {{ . }}
               protocol: TCP
             {{- end }}
           livenessProbe:
@@ -74,6 +77,14 @@ spec:
           env:
             - name: DEBUG
               value: {{ ternary "1" "0" .Values.debug | quote }}
+            {{- if .Values.service.externalServicePorts.start }}
+            - name: EXTERNAL_SERVICE_PORTS_START
+              value: {{ .Values.service.externalServicePorts.start | quote }}
+            {{- end }}
+            {{- if .Values.service.externalServicePorts.end }}
+            - name: EXTERNAL_SERVICE_PORTS_END
+              value: {{ .Values.service.externalServicePorts.end | quote }}
+            {{- end }}
             {{- if .Values.kinesisErrorProbability }}
             - name: KINESIS_ERROR_PROBABILITY
               value: {{ .Values.kinesisErrorProbability | quote }}
@@ -82,6 +93,28 @@ spec:
             - name: LAMBDA_EXECUTOR
               value: {{ .Values.lambdaExecutor | quote }}
             {{- end }}
+            - name: LOCALSTACK_K8S_SERVICE_NAME
+              value: {{ include "localstack.fullname" . }}
+            - name: LOCALSTACK_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- if include "localstack.lambda.labels" . }}
+            - name: LAMBDA_K8S_LABELS
+              value: {{ include "localstack.lambda.labels" . | quote }}
+            {{- end }}
+            {{- if .Values.lambda.executor }}
+            - name: LAMBDA_RUNTIME_EXECUTOR
+              value: {{ .Values.lambda.executor | quote }}
+            {{- end }}
+            {{- if .Values.lambda.image_prefix }}
+            - name: LAMBDA_K8S_IMAGE_PREFIX
+              value: {{ .Values.lambda.image_prefix | quote }}
+            {{- end }}
+            {{- if .Values.lambda.environment_timeout }}
+            - name: LAMBDA_RUNTIME_ENVIRONMENT_TIMEOUT
+              value: {{ .Values.lambda.environment_timeout | quote }}
+            {{- end }}
             {{- if .Values.persistence.enabled }}
             - name: DATA_DIR
               value: /tmp/localstack/data
@@ -90,6 +123,8 @@ spec:
             - name: SERVICES
               value: {{ .Values.startServices | quote }}
             {{- end }}
+            - name: OVERRIDE_IN_DOCKER
+              value: "1"
             {{- if .Values.mountDind.enabled }}
             {{- if .Values.mountDind.forceTLS }}
             - name: DOCKER_HOST

charts/localstack/templates/role.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace | quote }}
+  name: {{ include "localstack.roleName" . }}
+  labels:
+    {{- include "localstack.labels" . | nindent 4 }}
+rules:
+- apiGroups: [""] # "" indicates the core API group
+  resources: ["pods"]
+  verbs: ["*"]
+{{- end }}

charts/localstack/templates/rolebinding.yaml

@@ -0,0 +1,17 @@
+{{- if .Values.role.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "localstack.roleBindingName" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "localstack.labels" . | nindent 4 }}
+subjects:
+# You can specify more than one "subject"
+- kind: ServiceAccount
+  name: {{ include "localstack.serviceAccountName" . }}
+roleRef:
+  kind: Role
+  name: {{ include "localstack.roleName" . }}
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}

charts/localstack/templates/service.yaml

@@ -18,20 +18,26 @@ spec:
   {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
   loadBalancerIP: {{ .Values.service.loadBalancerIP }}
   {{- end }}
+  {{- if .Values.service.ipFamilies }}
+  ipFamilies:
+    {{- with .Values.service.ipFamilies }}
+    {{- tpl (toYaml .) $ | nindent 4 }}
+    {{- end }}
+  {{- end }}
+  {{- if .Values.service.ipFamilyPolicy }}
+  ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }}
+  {{- end }}
   ports:
     - name: {{ .Values.service.edgeService.name }}
       port: {{ .Values.service.edgeService.targetPort }}
       targetPort: {{ .Values.service.edgeService.targetPort }}
       {{- if and (or (eq $.Values.service.type "NodePort") (eq $.Values.service.type "LoadBalancer")) (not (empty .Values.service.edgeService.nodePort)) }}
       nodePort: {{ .Values.service.edgeService.nodePort }}
       {{- end }}
-    {{- range .Values.service.apiServices }}
-    - name: {{ .name }}
-      port: {{ .targetPort }}
-      targetPort: {{ .targetPort }}
-      {{- if and (or (eq $.Values.service.type "NodePort") (eq $.Values.service.type "LoadBalancer")) (not (empty .nodePort)) }}
-      nodePort: {{ .nodePort }}
-      {{- end }}
+    {{- range untilStep (.Values.service.externalServicePorts.start|int) (.Values.service.externalServicePorts.end|int) 1 }}
+    - name: "external-service-port-{{ . }}"
+      port: {{ . }}
+      targetPort: "ext-svc-{{ . }}"
     {{- end }}
   selector:
     {{- include "localstack.selectorLabels" . | nindent 4 }}

charts/localstack/templates/tests/test-connection.yaml

@@ -16,12 +16,4 @@ spec:
       image: busybox
       command: ['wget']
       args: ['{{ include "localstack.fullname" . }}:{{ .Values.service.edgeService.targetPort }}/health']
-    {{- range .Values.service.apiServices -}}
-    {{- if or (empty $.Values.startServices) (contains .name ($.Values.startServices | default "")) }}
-    - name: wget-{{ .name }}
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "localstack.fullname" $ }}:{{ .targetPort }}/health']
-    {{- end -}}
-    {{- end }}
   restartPolicy: Never

charts/localstack/values.yaml

@@ -35,6 +35,16 @@ serviceAccount:
   # If not set and create is true, a name is generated using the fullname template
   name: ""
 
+role:
+  # Specifies whether a role & rolebinding with pods / * permissions should be created for the service account
+  # Necessary for kubernetes lambda executor
+  create: true
+  # Annotations to add to the role and rolebinding
+  annotations: {}
+  # The name of the role and rolebinding to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
 podAnnotations: {}
 
 podSecurityContext: {}
@@ -86,14 +96,17 @@ readinessProbe:
 
 service:
   type: NodePort
+  annotations: {}
+  ipFamilies: []
+  ipFamilyPolicy: ""
+  externalTrafficPolicy: ""
   edgeService:
     name: edge
     targetPort: 4566
     nodePort: 31566
-  apiServices:
-    - name: es
-      targetPort: 4571
-      nodePort: 31571
+  externalServicePorts:
+    start: 4510
+    end: 4560
 
 ingress:
   enabled: false
@@ -147,6 +160,30 @@ resources: {}
   #   cpu: 100m
   #   memory: 128Mi
 
+# All settings inside the lambda values section are only applicable to the new ASF lambda provider
+lambda:
+  # The lambda runtime executor. 
+  # Depending on the value, LocalStack will execute lambdas either in docker containers or in kubernetes pods
+  # The value "kubernetes" depends on the service account and pod role being activated
+  executor: "kubernetes"
+  # Image prefix for the kubernetes lambda images. The images will have to be pushed to that repository.
+  # Only applicable when executor is set to "kubernetes"
+  # Example: python3.9 runtime -> localstack/lambda-python:3.9
+  image_prefix: "localstack/lambda-"
+  # Timeout for spawning new lambda execution environments.
+  # After that timeout, the environment (in essence pod/docker container) will be killed and restarted
+  # Increase if spawning pods / docker containers takes longer in your environment
+  environment_timeout: 60
+  # Labels which will be assigned to the kubernetes pods spawned by the kubernetes executor.
+  # They will be set on all spawned pods.
+  # Only applicable when executor is set to "kubernetes"
+  labels: {}
+  # labels:
+  #   label1: value1
+  #   label2: value2
+  #   label3: value3
+
+
 nodeSelector: {}
 
 tolerations: []