From 0f057656d9f9713e2d39ec953ee2d0630d70f798 Mon Sep 17 00:00:00 2001 From: Mathias Petermann Date: Wed, 24 May 2023 13:12:50 +0200 Subject: [PATCH] feature(ingress_nginx) Add ingressclass for ingress_nginx (#10091) Add option to configure class as the default class Add option to disable wathcing for ingresses without class Remove redundant if that always evaluates to true Fix default value missing for ingress_nginx_default --- inventory/sample/group_vars/k8s_cluster/addons.yml | 2 ++ .../ingress_nginx/defaults/main.yml | 4 +++- .../ingress_controller/ingress_nginx/tasks/main.yml | 1 + .../templates/ds-ingress-nginx-controller.yml.j2 | 3 +-- .../templates/ingressclass-nginx.yml.j2 | 13 +++++++++++++ .../templates/role-ingress-nginx.yml.j2 | 4 ++-- 6 files changed, 22 insertions(+), 5 deletions(-) create mode 100644 roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ingressclass-nginx.yml.j2 diff --git a/inventory/sample/group_vars/k8s_cluster/addons.yml b/inventory/sample/group_vars/k8s_cluster/addons.yml index 01d168d014f..4cf9ba45bda 100644 --- a/inventory/sample/group_vars/k8s_cluster/addons.yml +++ b/inventory/sample/group_vars/k8s_cluster/addons.yml @@ -125,6 +125,8 @@ ingress_publish_status_address: "" # - --default-ssl-certificate=default/foo-tls # ingress_nginx_termination_grace_period_seconds: 300 # ingress_nginx_class: nginx +# ingress_nginx_without_class: true +# ingress_nginx_default: false # ALB ingress controller deployment ingress_alb_enabled: false diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml b/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml index 16dfe9a4603..7a5c1348814 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml @@ -13,7 +13,9 @@ ingress_nginx_configmap_tcp_services: {} ingress_nginx_configmap_udp_services: {} ingress_nginx_extra_args: [] ingress_nginx_termination_grace_period_seconds: 300 -# ingress_nginx_class: nginx +ingress_nginx_class: nginx +ingress_nginx_without_class: true +ingress_nginx_default: false ingress_nginx_webhook_enabled: false ingress_nginx_webhook_job_ttl: 1800 diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml b/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml index cc0ed71c39b..b67a17f393b 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml @@ -22,6 +22,7 @@ - { name: clusterrolebinding-ingress-nginx, file: clusterrolebinding-ingress-nginx.yml, type: clusterrolebinding } - { name: role-ingress-nginx, file: role-ingress-nginx.yml, type: role } - { name: rolebinding-ingress-nginx, file: rolebinding-ingress-nginx.yml, type: rolebinding } + - { name: ingressclass-nginx, file: ingressclass-nginx.yml, type: ingressclass } - { name: ds-ingress-nginx-controller, file: ds-ingress-nginx-controller.yml, type: ds } ingress_nginx_templates_for_webhook: - { name: admission-webhook-configuration, file: admission-webhook-configuration.yml, type: sa } diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 index 6ab424983c6..4afb75d3aef 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 @@ -51,9 +51,8 @@ spec: - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services - --udp-services-configmap=$(POD_NAMESPACE)/udp-services - --annotations-prefix=nginx.ingress.kubernetes.io -{% if ingress_nginx_class is defined %} - --ingress-class={{ ingress_nginx_class }} -{% else %} +{% if ingress_nginx_without_class %} - --watch-ingress-without-class=true {% endif %} {% if ingress_nginx_host_network %} diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ingressclass-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ingressclass-nginx.yml.j2 new file mode 100644 index 00000000000..c3684891945 --- /dev/null +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ingressclass-nginx.yml.j2 @@ -0,0 +1,13 @@ +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: {{ ingress_nginx_class }} + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx +{% if ingress_nginx_default %} + annotations: + ingressclass.kubernetes.io/is-default-class: "true" +{%- endif %} +spec: + controller: k8s.io/ingress-nginx \ No newline at end of file diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 index f08f82fc57b..6c4b1c13fa7 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 @@ -32,7 +32,7 @@ rules: # Here: "-" # This has to be adapted if you change either parameter # when launching the nginx-ingress-controller. - resourceNames: [{% if ingress_class is defined %}"ingress-controller-leader-{{ ingress_nginx_class | default('nginx') }}"{% else %}"ingress-controller-leader"{% endif %}] + resourceNames: ["ingress-controller-leader-{{ ingress_nginx_class }}"] verbs: ["get", "update"] - apiGroups: [""] resources: ["events"] @@ -43,7 +43,7 @@ rules: # Here: "-" # This has to be adapted if you change either parameter # when launching the nginx-ingress-controller. - resourceNames: [{% if ingress_class is defined %}"ingress-controller-leader-{{ ingress_nginx_class | default('nginx') }}"{% else %}"ingress-controller-leader"{% endif %}] + resourceNames: ["ingress-controller-leader-{{ ingress_nginx_class }}"] verbs: ["get", "update"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"]