add tenant nginx-ingress

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Baga6312 · Jun 26, 2024 · c22a679 · c22a679
1 parent a2cc83d
commit c22a679
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 25 deletions.
diff --git a/packages/apps/kubernetes/README.md b/packages/apps/kubernetes/README.md
@@ -31,11 +31,16 @@ kubectl get secret -n <namespace> kubernetes-<clusterName>-admin-kubeconfig -o g
 
 ### Common parameters
 
-| Name                          | Description                                                                                                                            | Value         |
-| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ------------- |
-| `host`                        | The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host). | `""`          |
-| `controlPlane.replicas`       | Number of replicas for Kubernetes contorl-plane components                                                                             | `2`           |
-| `nodeGroups`                  | nodeGroups configuration                                                                                                               | `{}`          |
-| `addons.certManager.enabled`  | Enables the certificate manager which automatically creates and manages SSL/TLS certificates                                           | `true`        |
-| `addons.ingressNginx.enabled` | Enables Ingress-NGINX Controller on nodes with 'ingress-nginx' role                                                                    | `true`        |
-| `addons.ingressNginx.host`    | The domain name that should be passtrough to the cluster by upper ingress.                                                             | `example.org` |
+| Name                    | Description                                                                                                                            | Value |
+| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ----- |
+| `host`                  | The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host). | `""`  |
+| `controlPlane.replicas` | Number of replicas for Kubernetes contorl-plane components                                                                             | `2`   |
+| `nodeGroups`            | nodeGroups configuration                                                                                                               | `{}`  |
+
+### Cluster Addons
+
+| Name                          | Description                                                                        | Value   |
+| ----------------------------- | ---------------------------------------------------------------------------------- | ------- |
+| `addons.certManager.enabled`  | Enables the cert-manager                                                           | `false` |
+| `addons.ingressNginx.enabled` | Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)           | `false` |
+| `addons.ingressNginx.hosts`   | List of domain names that should be passed through to the cluster by upper cluster | `[]`    |
diff --git a/packages/apps/kubernetes/templates/helmreleases/delete.yaml b/packages/apps/kubernetes/templates/helmreleases/delete.yaml
@@ -32,6 +32,7 @@ spec:
                 {{ .Release.Name }}-cilium
                 {{ .Release.Name }}-csi
                 {{ .Release.Name }}-cert-manager
+                {{ .Release.Name }}-ingress-nginx
                 -p '{"spec": {"suspend": true}}'
                 --type=merge --field-manager=flux-client-side-apply || true
 ---
@@ -64,6 +65,7 @@ rules:
       - {{ .Release.Name }}-cilium
       - {{ .Release.Name }}-csi
       - {{ .Release.Name }}-cert-manager
+      - {{ .Release.Name }}-ingress-nginx
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding

diff --git a/packages/apps/kubernetes/templates/ingress.yaml b/packages/apps/kubernetes/templates/ingress.yaml
@@ -1,6 +1,6 @@
 {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
 {{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
-{{- if .Values.addons.ingressNginx.enabled }}
+{{- if .Values.addons.ingressNginx.hosts }}
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
@@ -12,16 +12,18 @@ metadata:
 spec:
   ingressClassName: "{{ $ingress }}"
   rules:
-  - host: {{ .Values.addons.ingressNginx.host | quote }}
+  {{- range .Values.addons.ingressNginx.hosts }}
+  - host: {{ . | quote }}
     http:
       paths:
       - path: /
         pathType: ImplementationSpecific
         backend:
           service:
-            name: {{ .Release.Name }}-ingress-nginx
+            name: {{ $.Release.Name }}-ingress-nginx
             port:
               number: 443
+  {{- end }}
 ---
 apiVersion: v1
 kind: Service

diff --git a/packages/apps/kubernetes/values.schema.json b/packages/apps/kubernetes/values.schema.json
@@ -25,8 +25,8 @@
                     "properties": {
                         "enabled": {
                             "type": "boolean",
-                            "description": "Enables the certificate manager which automatically creates and manages SSL/TLS certificates",
-                            "default": true
+                            "description": "Enables the cert-manager",
+                            "default": false
                         }
                     }
                 },
@@ -35,13 +35,14 @@
                     "properties": {
                         "enabled": {
                             "type": "boolean",
-                            "description": "Enables Ingress-NGINX Controller on nodes with 'ingress-nginx' role",
-                            "default": true
+                            "description": "Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)",
+                            "default": false
                         },
-                        "host": {
-                            "type": "string",
-                            "description": "The domain name that should be passtrough to the cluster by upper ingress.",
-                            "default": "example.org"
+                        "hosts": {
+                            "type": "array",
+                            "description": "List of domain names that should be passed through to the cluster by upper cluster",
+                            "default": [],
+                            "items": {}
                         }
                     }
                 }

diff --git a/packages/apps/kubernetes/values.yaml b/packages/apps/kubernetes/values.yaml
@@ -19,13 +19,26 @@ nodeGroups:
     roles:
     - ingress-nginx
 
+## @section Cluster Addons
+##
 addons:
-  ## @param addons.certManager.enabled Enables the certificate manager which automatically creates and manages SSL/TLS certificates
+
+  ## Cert-manager: automatically creates and manages SSL/TLS certificate
+  ##
   certManager:
-    enabled: true
+    ## @param addons.certManager.enabled Enables the cert-manager
+    enabled: false
 
-  ## @param addons.ingressNginx.enabled Enables Ingress-NGINX Controller on nodes with 'ingress-nginx' role
-  ## @param addons.ingressNginx.host The domain name that should be passtrough to the cluster by upper ingress.
+  ## Ingress-NGINX Controller
+  ##
   ingressNginx:
-    enabled: true
-    host: "example.org"
+    ## @param addons.ingressNginx.enabled Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)
+    ##
+    enabled: false
+    ## @param addons.ingressNginx.hosts List of domain names that should be passed through to the cluster by upper cluster
+    ## e.g:
+    ## hosts:
+    ## - example.org
+    ## - foo.example.net
+    ##
+    hosts: []