From c22a6792c2e8f997178a9fa3bd27a22ed0b7abd1 Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Tue, 25 Jun 2024 12:46:11 +0200 Subject: [PATCH] add tenant nginx-ingress Signed-off-by: Andrei Kvapil --- packages/apps/kubernetes/README.md | 21 +++++++++------ .../templates/helmreleases/delete.yaml | 2 ++ .../apps/kubernetes/templates/ingress.yaml | 8 +++--- packages/apps/kubernetes/values.schema.json | 17 ++++++------ packages/apps/kubernetes/values.yaml | 27 ++++++++++++++----- 5 files changed, 49 insertions(+), 26 deletions(-) diff --git a/packages/apps/kubernetes/README.md b/packages/apps/kubernetes/README.md index 434ca7ee..e3134e00 100644 --- a/packages/apps/kubernetes/README.md +++ b/packages/apps/kubernetes/README.md @@ -31,11 +31,16 @@ kubectl get secret -n kubernetes--admin-kubeconfig -o g ### Common parameters -| Name | Description | Value | -| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ------------- | -| `host` | The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host). | `""` | -| `controlPlane.replicas` | Number of replicas for Kubernetes contorl-plane components | `2` | -| `nodeGroups` | nodeGroups configuration | `{}` | -| `addons.certManager.enabled` | Enables the certificate manager which automatically creates and manages SSL/TLS certificates | `true` | -| `addons.ingressNginx.enabled` | Enables Ingress-NGINX Controller on nodes with 'ingress-nginx' role | `true` | -| `addons.ingressNginx.host` | The domain name that should be passtrough to the cluster by upper ingress. | `example.org` | +| Name | Description | Value | +| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ----- | +| `host` | The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host). | `""` | +| `controlPlane.replicas` | Number of replicas for Kubernetes contorl-plane components | `2` | +| `nodeGroups` | nodeGroups configuration | `{}` | + +### Cluster Addons + +| Name | Description | Value | +| ----------------------------- | ---------------------------------------------------------------------------------- | ------- | +| `addons.certManager.enabled` | Enables the cert-manager | `false` | +| `addons.ingressNginx.enabled` | Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role) | `false` | +| `addons.ingressNginx.hosts` | List of domain names that should be passed through to the cluster by upper cluster | `[]` | diff --git a/packages/apps/kubernetes/templates/helmreleases/delete.yaml b/packages/apps/kubernetes/templates/helmreleases/delete.yaml index f89ac771..5874e878 100644 --- a/packages/apps/kubernetes/templates/helmreleases/delete.yaml +++ b/packages/apps/kubernetes/templates/helmreleases/delete.yaml @@ -32,6 +32,7 @@ spec: {{ .Release.Name }}-cilium {{ .Release.Name }}-csi {{ .Release.Name }}-cert-manager + {{ .Release.Name }}-ingress-nginx -p '{"spec": {"suspend": true}}' --type=merge --field-manager=flux-client-side-apply || true --- @@ -64,6 +65,7 @@ rules: - {{ .Release.Name }}-cilium - {{ .Release.Name }}-csi - {{ .Release.Name }}-cert-manager + - {{ .Release.Name }}-ingress-nginx --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/packages/apps/kubernetes/templates/ingress.yaml b/packages/apps/kubernetes/templates/ingress.yaml index 3951e1de..e677afab 100644 --- a/packages/apps/kubernetes/templates/ingress.yaml +++ b/packages/apps/kubernetes/templates/ingress.yaml @@ -1,6 +1,6 @@ {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }} {{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }} -{{- if .Values.addons.ingressNginx.enabled }} +{{- if .Values.addons.ingressNginx.hosts }} --- apiVersion: networking.k8s.io/v1 kind: Ingress @@ -12,16 +12,18 @@ metadata: spec: ingressClassName: "{{ $ingress }}" rules: - - host: {{ .Values.addons.ingressNginx.host | quote }} + {{- range .Values.addons.ingressNginx.hosts }} + - host: {{ . | quote }} http: paths: - path: / pathType: ImplementationSpecific backend: service: - name: {{ .Release.Name }}-ingress-nginx + name: {{ $.Release.Name }}-ingress-nginx port: number: 443 + {{- end }} --- apiVersion: v1 kind: Service diff --git a/packages/apps/kubernetes/values.schema.json b/packages/apps/kubernetes/values.schema.json index 2455d5f8..8d3fa1c7 100644 --- a/packages/apps/kubernetes/values.schema.json +++ b/packages/apps/kubernetes/values.schema.json @@ -25,8 +25,8 @@ "properties": { "enabled": { "type": "boolean", - "description": "Enables the certificate manager which automatically creates and manages SSL/TLS certificates", - "default": true + "description": "Enables the cert-manager", + "default": false } } }, @@ -35,13 +35,14 @@ "properties": { "enabled": { "type": "boolean", - "description": "Enables Ingress-NGINX Controller on nodes with 'ingress-nginx' role", - "default": true + "description": "Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)", + "default": false }, - "host": { - "type": "string", - "description": "The domain name that should be passtrough to the cluster by upper ingress.", - "default": "example.org" + "hosts": { + "type": "array", + "description": "List of domain names that should be passed through to the cluster by upper cluster", + "default": [], + "items": {} } } } diff --git a/packages/apps/kubernetes/values.yaml b/packages/apps/kubernetes/values.yaml index 8d8f536a..d591a107 100644 --- a/packages/apps/kubernetes/values.yaml +++ b/packages/apps/kubernetes/values.yaml @@ -19,13 +19,26 @@ nodeGroups: roles: - ingress-nginx +## @section Cluster Addons +## addons: - ## @param addons.certManager.enabled Enables the certificate manager which automatically creates and manages SSL/TLS certificates - certManager: - enabled: true - ## @param addons.ingressNginx.enabled Enables Ingress-NGINX Controller on nodes with 'ingress-nginx' role - ## @param addons.ingressNginx.host The domain name that should be passtrough to the cluster by upper ingress. + ## Cert-manager: automatically creates and manages SSL/TLS certificate + ## + certManager: + ## @param addons.certManager.enabled Enables the cert-manager + enabled: false + + ## Ingress-NGINX Controller + ## ingressNginx: - enabled: true - host: "example.org" + ## @param addons.ingressNginx.enabled Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role) + ## + enabled: false + ## @param addons.ingressNginx.hosts List of domain names that should be passed through to the cluster by upper cluster + ## e.g: + ## hosts: + ## - example.org + ## - foo.example.net + ## + hosts: []