github-personal/cozystack
1
0
Fork 0
mirror of https://github.com/outbackdingo/cozystack.git synced 2026-01-27 18:18:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

add tenant nginx-ingress

Browse Source 
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
This commit is contained in:
Andrei Kvapil
2024-06-25 12:46:11 +02:00
parent a2cc83ddc4
commit c22a6792c2
5 changed files with 49 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
packages/apps/kubernetes/README.md
View File

@@ -31,11 +31,16 @@ kubectl get secret -n <namespace> kubernetes-<clusterName>-admin-kubeconfig -o g
### Common parameters
| Name | Description | Value |
| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ------------- |
| `host` | The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host). | `""` |
| `controlPlane.replicas` | Number of replicas for Kubernetes contorl-plane components | `2` |
| `nodeGroups` | nodeGroups configuration | `{}` |
| `addons.certManager.enabled` | Enables the certificate manager which automatically creates and manages SSL/TLS certificates | `true` |
| `addons.ingressNginx.enabled` | Enables Ingress-NGINX Controller on nodes with 'ingress-nginx' role | `true` |
| `addons.ingressNginx.host` | The domain name that should be passtrough to the cluster by upper ingress. | `example.org` |
| Name | Description | Value |
| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ----- |
| `host` | The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host). | `""` |
| `controlPlane.replicas` | Number of replicas for Kubernetes contorl-plane components | `2` |
| `nodeGroups` | nodeGroups configuration | `{}` |
### Cluster Addons
| Name | Description | Value |
| ----------------------------- | ---------------------------------------------------------------------------------- | ------- |
| `addons.certManager.enabled` | Enables the cert-manager | `false` |
| `addons.ingressNginx.enabled` | Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role) | `false` |
| `addons.ingressNginx.hosts` | List of domain names that should be passed through to the cluster by upper cluster | `[]` |

2
packages/apps/kubernetes/templates/helmreleases/delete.yaml
View File

@@ -32,6 +32,7 @@ spec:
{{ .Release.Name }}-cilium
{{ .Release.Name }}-csi
{{ .Release.Name }}-cert-manager
{{ .Release.Name }}-ingress-nginx
-p '{"spec": {"suspend": true}}'
--type=merge --field-manager=flux-client-side-apply || true
---
@@ -64,6 +65,7 @@ rules:
- {{ .Release.Name }}-cilium
- {{ .Release.Name }}-csi
- {{ .Release.Name }}-cert-manager
- {{ .Release.Name }}-ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding

8
packages/apps/kubernetes/templates/ingress.yaml
View File

@@ -1,6 +1,6 @@
{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
{{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
{{- if .Values.addons.ingressNginx.enabled }}
{{- if .Values.addons.ingressNginx.hosts }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
@@ -12,16 +12,18 @@ metadata:
spec:
ingressClassName: "{{ $ingress }}"
rules:
- host: {{ .Values.addons.ingressNginx.host | quote }}
{{- range .Values.addons.ingressNginx.hosts }}
- host: {{ . | quote }}
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: {{ .Release.Name }}-ingress-nginx
name: {{ $.Release.Name }}-ingress-nginx
port:
number: 443
{{- end }}
---
apiVersion: v1
kind: Service

17
packages/apps/kubernetes/values.schema.json
View File

@@ -25,8 +25,8 @@
"properties": {
"enabled": {
"type": "boolean",
"description": "Enables the certificate manager which automatically creates and manages SSL/TLS certificates",
"default": true
"description": "Enables the cert-manager",
"default": false
}
}
},
@@ -35,13 +35,14 @@
"properties": {
"enabled": {
"type": "boolean",
"description": "Enables Ingress-NGINX Controller on nodes with 'ingress-nginx' role",
"default": true
"description": "Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)",
"default": false
},
"host": {
"type": "string",
"description": "The domain name that should be passtrough to the cluster by upper ingress.",
"default": "example.org"
"hosts": {
"type": "array",
"description": "List of domain names that should be passed through to the cluster by upper cluster",
"default": [],
"items": {}
}
}
}

27
packages/apps/kubernetes/values.yaml
View File

@@ -19,13 +19,26 @@ nodeGroups:
roles:
- ingress-nginx
## @section Cluster Addons
##
addons:
## @param addons.certManager.enabled Enables the certificate manager which automatically creates and manages SSL/TLS certificates
certManager:
enabled: true
## @param addons.ingressNginx.enabled Enables Ingress-NGINX Controller on nodes with 'ingress-nginx' role
## @param addons.ingressNginx.host The domain name that should be passtrough to the cluster by upper ingress.
## Cert-manager: automatically creates and manages SSL/TLS certificate
##
certManager:
## @param addons.certManager.enabled Enables the cert-manager
enabled: false
## Ingress-NGINX Controller
##
ingressNginx:
enabled: true
host: "example.org"
## @param addons.ingressNginx.enabled Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)
##
enabled: false
## @param addons.ingressNginx.hosts List of domain names that should be passed through to the cluster by upper cluster
## e.g:
## hosts:
## - example.org
## - foo.example.net
##
hosts: []