From 5a2f71ebdf3b5278b43a2558820454d1d0776d18 Mon Sep 17 00:00:00 2001 From: portdirect Date: Fri, 5 Jan 2018 00:29:05 -0500 Subject: [PATCH] Ingress: Allow annotations to be dyanmicly driven This PS allows the ingress rules to be dynamicly driven from the values.yaml, permitting the ingress cotnroller to ba changed and custom rules to be applied: eg whitelisting of clients. Change-Id: Ica6b4692ff9b6b77d1efe6bae212a1227e56ca66 --- barbican/templates/ingress-api.yaml | 3 +-- barbican/values.yaml | 3 +++ ceilometer/templates/ingress-api.yaml | 4 +--- ceilometer/values.yaml | 3 +++ cinder/templates/ingress-api.yaml | 3 +-- cinder/values.yaml | 3 +++ congress/templates/ingress-api.yaml | 4 +--- congress/values.yaml | 4 +++- glance/templates/ingress-api.yaml | 4 +--- glance/templates/ingress-registry.yaml | 3 +-- glance/values.yaml | 8 +++++++- gnocchi/templates/ingress-api.yaml | 3 +-- gnocchi/values.yaml | 3 +++ heat/templates/ingress-api.yaml | 3 +-- heat/templates/ingress-cfn.yaml | 3 +-- heat/templates/ingress-cloudwatch.yaml | 3 +-- heat/values.yaml | 9 +++++++++ horizon/templates/ingress-api.yaml | 3 +-- horizon/values.yaml | 3 +++ keystone/templates/ingress-api.yaml | 3 +-- keystone/values.yaml | 3 +++ magnum/templates/ingress-api.yaml | 3 +-- magnum/values.yaml | 3 +++ mistral/templates/ingress-api.yaml | 3 +-- mistral/values.yaml | 3 +++ neutron/templates/ingress-server.yaml | 3 +-- neutron/values.yaml | 3 +++ nova/templates/ingress-metadata.yaml | 3 +-- nova/templates/ingress-osapi.yaml | 3 +-- nova/templates/ingress-placement.yaml | 3 +-- nova/values.yaml | 9 +++++++++ senlin/templates/ingress-api.yaml | 3 +-- senlin/values.yaml | 3 +++ 33 files changed, 77 insertions(+), 43 deletions(-) diff --git a/barbican/templates/ingress-api.yaml b/barbican/templates/ingress-api.yaml index d99397d3..bfcde885 100644 --- a/barbican/templates/ingress-api.yaml +++ b/barbican/templates/ingress-api.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/barbican/values.yaml b/barbican/values.yaml index 136ee17d..17be7fe0 100644 --- a/barbican/values.yaml +++ b/barbican/values.yaml @@ -134,6 +134,9 @@ network: api: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/ceilometer/templates/ingress-api.yaml b/ceilometer/templates/ingress-api.yaml index f5194d39..740e1aaa 100644 --- a/ceilometer/templates/ingress-api.yaml +++ b/ceilometer/templates/ingress-api.yaml @@ -30,9 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / - ingress.kubernetes.io/proxy-body-size: {{ .Values.network.api.ingress.proxy_body_size }} +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml index ae536586..ac549b5d 100644 --- a/ceilometer/values.yaml +++ b/ceilometer/values.yaml @@ -58,6 +58,9 @@ network: api: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / port: 8777 node_port: enabled: false diff --git a/cinder/templates/ingress-api.yaml b/cinder/templates/ingress-api.yaml index a96804fe..8e84372a 100644 --- a/cinder/templates/ingress-api.yaml +++ b/cinder/templates/ingress-api.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/cinder/values.yaml b/cinder/values.yaml index b9edd820..e9b4d980 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -218,6 +218,9 @@ network: api: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/congress/templates/ingress-api.yaml b/congress/templates/ingress-api.yaml index 7145aba4..24d51d3f 100644 --- a/congress/templates/ingress-api.yaml +++ b/congress/templates/ingress-api.yaml @@ -30,9 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / - ingress.kubernetes.io/proxy-body-size: {{ .Values.network.api.ingress.proxy_body_size | quote }} +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/congress/values.yaml b/congress/values.yaml index cb5254fc..c2d54dda 100644 --- a/congress/values.yaml +++ b/congress/values.yaml @@ -24,7 +24,9 @@ network: api: ingress: public: true - proxy_body_size: 1024M + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 1789 diff --git a/glance/templates/ingress-api.yaml b/glance/templates/ingress-api.yaml index 94442400..bf4de8cb 100644 --- a/glance/templates/ingress-api.yaml +++ b/glance/templates/ingress-api.yaml @@ -30,9 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / - ingress.kubernetes.io/proxy-body-size: {{ .Values.network.api.ingress.proxy_body_size | quote }} +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/glance/templates/ingress-registry.yaml b/glance/templates/ingress-registry.yaml index 825dc262..ab1b0a71 100644 --- a/glance/templates/ingress-registry.yaml +++ b/glance/templates/ingress-registry.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.registry.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/glance/values.yaml b/glance/values.yaml index 319ddc26..1b447823 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -274,7 +274,10 @@ network: api: ingress: public: true - proxy_body_size: 1024M + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / + ingress.kubernetes.io/proxy-body-size: "1024M" external_policy_local: false node_port: enabled: false @@ -282,6 +285,9 @@ network: registry: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/gnocchi/templates/ingress-api.yaml b/gnocchi/templates/ingress-api.yaml index 14bbf7e9..072b818d 100644 --- a/gnocchi/templates/ingress-api.yaml +++ b/gnocchi/templates/ingress-api.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/gnocchi/values.yaml b/gnocchi/values.yaml index 137150dc..35c894c8 100644 --- a/gnocchi/values.yaml +++ b/gnocchi/values.yaml @@ -27,6 +27,9 @@ network: api: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/heat/templates/ingress-api.yaml b/heat/templates/ingress-api.yaml index 1b1bf638..ef8d07e8 100644 --- a/heat/templates/ingress-api.yaml +++ b/heat/templates/ingress-api.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/heat/templates/ingress-cfn.yaml b/heat/templates/ingress-cfn.yaml index 6b7089e0..23f3c89f 100644 --- a/heat/templates/ingress-cfn.yaml +++ b/heat/templates/ingress-cfn.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.cfn.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/heat/templates/ingress-cloudwatch.yaml b/heat/templates/ingress-cloudwatch.yaml index 5e2c4178..39ea8678 100644 --- a/heat/templates/ingress-cloudwatch.yaml +++ b/heat/templates/ingress-cloudwatch.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.cloudwatch.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/heat/values.yaml b/heat/values.yaml index b0e9c327..19ea4139 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -221,6 +221,9 @@ network: api: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false @@ -228,12 +231,18 @@ network: cfn: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30800 cloudwatch: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30003 diff --git a/horizon/templates/ingress-api.yaml b/horizon/templates/ingress-api.yaml index 513d3386..2fcfffa6 100644 --- a/horizon/templates/ingress-api.yaml +++ b/horizon/templates/ingress-api.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.ingress.annotations | indent 4 }} spec: rules: {{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }} diff --git a/horizon/values.yaml b/horizon/values.yaml index e63597b8..954a0e5e 100644 --- a/horizon/values.yaml +++ b/horizon/values.yaml @@ -36,6 +36,9 @@ network: port: 80 ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/keystone/templates/ingress-api.yaml b/keystone/templates/ingress-api.yaml index 313bb605..1bb8a702 100644 --- a/keystone/templates/ingress-api.yaml +++ b/keystone/templates/ingress-api.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/keystone/values.yaml b/keystone/values.yaml index f1c0ed09..a7b064f9 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -53,6 +53,9 @@ network: port: 80 ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/magnum/templates/ingress-api.yaml b/magnum/templates/ingress-api.yaml index fed20583..7ef86542 100644 --- a/magnum/templates/ingress-api.yaml +++ b/magnum/templates/ingress-api.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/magnum/values.yaml b/magnum/values.yaml index 238b8ab1..09749ad8 100644 --- a/magnum/values.yaml +++ b/magnum/values.yaml @@ -115,6 +115,9 @@ network: api: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/mistral/templates/ingress-api.yaml b/mistral/templates/ingress-api.yaml index c11bf5ba..b5299c74 100644 --- a/mistral/templates/ingress-api.yaml +++ b/mistral/templates/ingress-api.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/mistral/values.yaml b/mistral/values.yaml index aa76fa9e..dc1fc525 100644 --- a/mistral/values.yaml +++ b/mistral/values.yaml @@ -43,6 +43,9 @@ network: api: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 28989 diff --git a/neutron/templates/ingress-server.yaml b/neutron/templates/ingress-server.yaml index b3e4bfd6..71d55768 100644 --- a/neutron/templates/ingress-server.yaml +++ b/neutron/templates/ingress-server.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.server.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/neutron/values.yaml b/neutron/values.yaml index 24b517d7..88bb775d 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -91,6 +91,9 @@ network: port: 9696 ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/nova/templates/ingress-metadata.yaml b/nova/templates/ingress-metadata.yaml index 9741d6d9..e2adc422 100644 --- a/nova/templates/ingress-metadata.yaml +++ b/nova/templates/ingress-metadata.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.metadata.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/nova/templates/ingress-osapi.yaml b/nova/templates/ingress-osapi.yaml index 5264cf9a..300de79e 100644 --- a/nova/templates/ingress-osapi.yaml +++ b/nova/templates/ingress-osapi.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.osapi.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/nova/templates/ingress-placement.yaml b/nova/templates/ingress-placement.yaml index bc16b7e6..e612c0a5 100644 --- a/nova/templates/ingress-placement.yaml +++ b/nova/templates/ingress-placement.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.placement.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/nova/values.yaml b/nova/values.yaml index f754b4a6..5b7ae7ed 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -114,6 +114,9 @@ network: port: 8774 ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false @@ -124,6 +127,9 @@ network: port: 8775 ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false @@ -132,6 +138,9 @@ network: port: 8778 ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30778 diff --git a/senlin/templates/ingress-api.yaml b/senlin/templates/ingress-api.yaml index 8253c551..d2001737 100644 --- a/senlin/templates/ingress-api.yaml +++ b/senlin/templates/ingress-api.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/senlin/values.yaml b/senlin/values.yaml index 1ffc0abe..f1afe367 100644 --- a/senlin/values.yaml +++ b/senlin/values.yaml @@ -128,6 +128,9 @@ network: api: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30778