From 5a2f71ebdf3b5278b43a2558820454d1d0776d18 Mon Sep 17 00:00:00 2001 From: portdirect Date: Fri, 5 Jan 2018 00:29:05 -0500 Subject: [PATCH] Ingress: Allow annotations to be dyanmicly driven This PS allows the ingress rules to be dynamicly driven from the values.yaml, permitting the ingress cotnroller to ba changed and custom rules to be applied: eg whitelisting of clients. Change-Id: Ica6b4692ff9b6b77d1efe6bae212a1227e56ca66 --- barbican/templates/ingress-api.yaml | 3 +-- barbican/values.yaml | 3 +++ ceilometer/templates/ingress-api.yaml | 4 +--- ceilometer/values.yaml | 3 +++ cinder/templates/ingress-api.yaml | 3 +-- cinder/values.yaml | 3 +++ congress/templates/ingress-api.yaml | 4 +--- congress/values.yaml | 4 +++- glance/templates/ingress-api.yaml | 4 +--- glance/templates/ingress-registry.yaml | 3 +-- glance/values.yaml | 8 +++++++- gnocchi/templates/ingress-api.yaml | 3 +-- gnocchi/values.yaml | 3 +++ heat/templates/ingress-api.yaml | 3 +-- heat/templates/ingress-cfn.yaml | 3 +-- heat/templates/ingress-cloudwatch.yaml | 3 +-- heat/values.yaml | 9 +++++++++ horizon/templates/ingress-api.yaml | 3 +-- horizon/values.yaml | 3 +++ keystone/templates/ingress-api.yaml | 3 +-- keystone/values.yaml | 3 +++ magnum/templates/ingress-api.yaml | 3 +-- magnum/values.yaml | 3 +++ mistral/templates/ingress-api.yaml | 3 +-- mistral/values.yaml | 3 +++ neutron/templates/ingress-server.yaml | 3 +-- neutron/values.yaml | 3 +++ nova/templates/ingress-metadata.yaml | 3 +-- nova/templates/ingress-osapi.yaml | 3 +-- nova/templates/ingress-placement.yaml | 3 +-- nova/values.yaml | 9 +++++++++ senlin/templates/ingress-api.yaml | 3 +-- senlin/values.yaml | 3 +++ 33 files changed, 77 insertions(+), 43 deletions(-) diff --git a/barbican/templates/ingress-api.yaml b/barbican/templates/ingress-api.yaml index d99397d36f..bfcde885a0 100644 --- a/barbican/templates/ingress-api.yaml +++ b/barbican/templates/ingress-api.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/barbican/values.yaml b/barbican/values.yaml index 136ee17dfb..17be7fe065 100644 --- a/barbican/values.yaml +++ b/barbican/values.yaml @@ -134,6 +134,9 @@ network: api: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/ceilometer/templates/ingress-api.yaml b/ceilometer/templates/ingress-api.yaml index f5194d39a9..740e1aaac8 100644 --- a/ceilometer/templates/ingress-api.yaml +++ b/ceilometer/templates/ingress-api.yaml @@ -30,9 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / - ingress.kubernetes.io/proxy-body-size: {{ .Values.network.api.ingress.proxy_body_size }} +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml index ae53658659..ac549b5ddf 100644 --- a/ceilometer/values.yaml +++ b/ceilometer/values.yaml @@ -58,6 +58,9 @@ network: api: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / port: 8777 node_port: enabled: false diff --git a/cinder/templates/ingress-api.yaml b/cinder/templates/ingress-api.yaml index a96804fed5..8e84372af6 100644 --- a/cinder/templates/ingress-api.yaml +++ b/cinder/templates/ingress-api.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/cinder/values.yaml b/cinder/values.yaml index b9edd82021..e9b4d980c8 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -218,6 +218,9 @@ network: api: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/congress/templates/ingress-api.yaml b/congress/templates/ingress-api.yaml index 7145aba48f..24d51d3f94 100644 --- a/congress/templates/ingress-api.yaml +++ b/congress/templates/ingress-api.yaml @@ -30,9 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / - ingress.kubernetes.io/proxy-body-size: {{ .Values.network.api.ingress.proxy_body_size | quote }} +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/congress/values.yaml b/congress/values.yaml index cb5254fcdf..c2d54ddaa1 100644 --- a/congress/values.yaml +++ b/congress/values.yaml @@ -24,7 +24,9 @@ network: api: ingress: public: true - proxy_body_size: 1024M + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 1789 diff --git a/glance/templates/ingress-api.yaml b/glance/templates/ingress-api.yaml index 9444240043..bf4de8cbd8 100644 --- a/glance/templates/ingress-api.yaml +++ b/glance/templates/ingress-api.yaml @@ -30,9 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / - ingress.kubernetes.io/proxy-body-size: {{ .Values.network.api.ingress.proxy_body_size | quote }} +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/glance/templates/ingress-registry.yaml b/glance/templates/ingress-registry.yaml index 825dc262d2..ab1b0a71a4 100644 --- a/glance/templates/ingress-registry.yaml +++ b/glance/templates/ingress-registry.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.registry.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/glance/values.yaml b/glance/values.yaml index 319ddc2638..1b447823d3 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -274,7 +274,10 @@ network: api: ingress: public: true - proxy_body_size: 1024M + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / + ingress.kubernetes.io/proxy-body-size: "1024M" external_policy_local: false node_port: enabled: false @@ -282,6 +285,9 @@ network: registry: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/gnocchi/templates/ingress-api.yaml b/gnocchi/templates/ingress-api.yaml index 14bbf7e961..072b818d67 100644 --- a/gnocchi/templates/ingress-api.yaml +++ b/gnocchi/templates/ingress-api.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/gnocchi/values.yaml b/gnocchi/values.yaml index 137150dc90..35c894c832 100644 --- a/gnocchi/values.yaml +++ b/gnocchi/values.yaml @@ -27,6 +27,9 @@ network: api: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/heat/templates/ingress-api.yaml b/heat/templates/ingress-api.yaml index 1b1bf6389a..ef8d07e86c 100644 --- a/heat/templates/ingress-api.yaml +++ b/heat/templates/ingress-api.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/heat/templates/ingress-cfn.yaml b/heat/templates/ingress-cfn.yaml index 6b7089e082..23f3c89fa0 100644 --- a/heat/templates/ingress-cfn.yaml +++ b/heat/templates/ingress-cfn.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.cfn.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/heat/templates/ingress-cloudwatch.yaml b/heat/templates/ingress-cloudwatch.yaml index 5e2c4178d4..39ea8678ef 100644 --- a/heat/templates/ingress-cloudwatch.yaml +++ b/heat/templates/ingress-cloudwatch.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.cloudwatch.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/heat/values.yaml b/heat/values.yaml index b0e9c32794..19ea413973 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -221,6 +221,9 @@ network: api: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false @@ -228,12 +231,18 @@ network: cfn: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30800 cloudwatch: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30003 diff --git a/horizon/templates/ingress-api.yaml b/horizon/templates/ingress-api.yaml index 513d338698..2fcfffa654 100644 --- a/horizon/templates/ingress-api.yaml +++ b/horizon/templates/ingress-api.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.ingress.annotations | indent 4 }} spec: rules: {{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }} diff --git a/horizon/values.yaml b/horizon/values.yaml index e63597b8f7..954a0e5ead 100644 --- a/horizon/values.yaml +++ b/horizon/values.yaml @@ -36,6 +36,9 @@ network: port: 80 ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/keystone/templates/ingress-api.yaml b/keystone/templates/ingress-api.yaml index 313bb605f1..1bb8a702aa 100644 --- a/keystone/templates/ingress-api.yaml +++ b/keystone/templates/ingress-api.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/keystone/values.yaml b/keystone/values.yaml index f1c0ed095a..a7b064f921 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -53,6 +53,9 @@ network: port: 80 ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/magnum/templates/ingress-api.yaml b/magnum/templates/ingress-api.yaml index fed2058303..7ef86542f2 100644 --- a/magnum/templates/ingress-api.yaml +++ b/magnum/templates/ingress-api.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/magnum/values.yaml b/magnum/values.yaml index 238b8ab10c..09749ad812 100644 --- a/magnum/values.yaml +++ b/magnum/values.yaml @@ -115,6 +115,9 @@ network: api: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/mistral/templates/ingress-api.yaml b/mistral/templates/ingress-api.yaml index c11bf5ba86..b5299c74dd 100644 --- a/mistral/templates/ingress-api.yaml +++ b/mistral/templates/ingress-api.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/mistral/values.yaml b/mistral/values.yaml index aa76fa9e72..dc1fc525bc 100644 --- a/mistral/values.yaml +++ b/mistral/values.yaml @@ -43,6 +43,9 @@ network: api: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 28989 diff --git a/neutron/templates/ingress-server.yaml b/neutron/templates/ingress-server.yaml index b3e4bfd69a..71d55768e1 100644 --- a/neutron/templates/ingress-server.yaml +++ b/neutron/templates/ingress-server.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.server.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/neutron/values.yaml b/neutron/values.yaml index 24b517d78f..88bb775d2a 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -91,6 +91,9 @@ network: port: 9696 ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/nova/templates/ingress-metadata.yaml b/nova/templates/ingress-metadata.yaml index 9741d6d9b1..e2adc4226f 100644 --- a/nova/templates/ingress-metadata.yaml +++ b/nova/templates/ingress-metadata.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.metadata.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/nova/templates/ingress-osapi.yaml b/nova/templates/ingress-osapi.yaml index 5264cf9ab7..300de79e00 100644 --- a/nova/templates/ingress-osapi.yaml +++ b/nova/templates/ingress-osapi.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.osapi.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/nova/templates/ingress-placement.yaml b/nova/templates/ingress-placement.yaml index bc16b7e6eb..e612c0a5f3 100644 --- a/nova/templates/ingress-placement.yaml +++ b/nova/templates/ingress-placement.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.placement.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/nova/values.yaml b/nova/values.yaml index f754b4a637..5b7ae7edbe 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -114,6 +114,9 @@ network: port: 8774 ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false @@ -124,6 +127,9 @@ network: port: 8775 ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false @@ -132,6 +138,9 @@ network: port: 8778 ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30778 diff --git a/senlin/templates/ingress-api.yaml b/senlin/templates/ingress-api.yaml index 8253c551e8..d200173731 100644 --- a/senlin/templates/ingress-api.yaml +++ b/senlin/templates/ingress-api.yaml @@ -30,8 +30,7 @@ kind: Ingress metadata: name: {{ $ingressName }} annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / +{{ toJson .Values.network.api.ingress.annotations | indent 4 }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/senlin/values.yaml b/senlin/values.yaml index 1ffc0abe56..f1afe36775 100644 --- a/senlin/values.yaml +++ b/senlin/values.yaml @@ -128,6 +128,9 @@ network: api: ingress: public: true + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30778