Compare commits
1 Commits
main
...
multi-http
| Author | SHA1 | Date | |
|---|---|---|---|
|
141ea26931 |
@ -144,33 +144,33 @@ class ClusterInfo:
|
|||||||
return nodeports
|
return nodeports
|
||||||
|
|
||||||
def get_ingress(
|
def get_ingress(
|
||||||
self, use_tls=False, certificate=None, cluster_issuer="letsencrypt-prod"
|
self, use_tls=False, certificates=None, cluster_issuer="letsencrypt-prod"
|
||||||
):
|
):
|
||||||
# No ingress for a deployment that has no http-proxy defined, for now
|
# No ingress for a deployment that has no http-proxy defined, for now
|
||||||
http_proxy_info_list = self.spec.get_http_proxy()
|
http_proxy_info_list = self.spec.get_http_proxy()
|
||||||
ingress = None
|
ingress = None
|
||||||
if http_proxy_info_list:
|
if http_proxy_info_list:
|
||||||
# TODO: handle multiple definitions
|
rules = []
|
||||||
http_proxy_info = http_proxy_info_list[0]
|
tls = [] if use_tls else None
|
||||||
|
|
||||||
|
for http_proxy_info in http_proxy_info_list:
|
||||||
if opts.o.debug:
|
if opts.o.debug:
|
||||||
print(f"http-proxy: {http_proxy_info}")
|
print(f"http-proxy: {http_proxy_info}")
|
||||||
# TODO: good enough parsing for webapp deployment for now
|
|
||||||
host_name = http_proxy_info["host-name"]
|
host_name = http_proxy_info["host-name"]
|
||||||
rules = []
|
certificate = (certificates or {}).get(host_name)
|
||||||
tls = (
|
|
||||||
[
|
if use_tls:
|
||||||
|
tls.append(
|
||||||
client.V1IngressTLS(
|
client.V1IngressTLS(
|
||||||
hosts=certificate["spec"]["dnsNames"]
|
hosts=certificate["spec"]["dnsNames"]
|
||||||
if certificate
|
if certificate
|
||||||
else [host_name],
|
else [host_name],
|
||||||
secret_name=certificate["spec"]["secretName"]
|
secret_name=certificate["spec"]["secretName"]
|
||||||
if certificate
|
if certificate
|
||||||
else f"{self.app_name}-tls",
|
else f"{self.app_name}-{host_name}-tls",
|
||||||
)
|
)
|
||||||
]
|
|
||||||
if use_tls
|
|
||||||
else None
|
|
||||||
)
|
)
|
||||||
|
|
||||||
paths = []
|
paths = []
|
||||||
for route in http_proxy_info["routes"]:
|
for route in http_proxy_info["routes"]:
|
||||||
path = route["path"]
|
path = route["path"]
|
||||||
@ -188,22 +188,26 @@ class ClusterInfo:
|
|||||||
# TODO: this looks wrong
|
# TODO: this looks wrong
|
||||||
name=f"{self.app_name}-service",
|
name=f"{self.app_name}-service",
|
||||||
# TODO: pull port number from the service
|
# TODO: pull port number from the service
|
||||||
port=client.V1ServiceBackendPort(number=proxy_to_port),
|
port=client.V1ServiceBackendPort(
|
||||||
|
number=proxy_to_port
|
||||||
|
),
|
||||||
)
|
)
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
rules.append(
|
rules.append(
|
||||||
client.V1IngressRule(
|
client.V1IngressRule(
|
||||||
host=host_name, http=client.V1HTTPIngressRuleValue(paths=paths)
|
host=host_name,
|
||||||
|
http=client.V1HTTPIngressRuleValue(paths=paths),
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
spec = client.V1IngressSpec(tls=tls, rules=rules)
|
spec = client.V1IngressSpec(tls=tls, rules=rules)
|
||||||
|
|
||||||
ingress_annotations = {
|
ingress_annotations = {
|
||||||
"kubernetes.io/ingress.class": "caddy",
|
"kubernetes.io/ingress.class": "caddy",
|
||||||
}
|
}
|
||||||
if not certificate:
|
if not certificates:
|
||||||
ingress_annotations["cert-manager.io/cluster-issuer"] = cluster_issuer
|
ingress_annotations["cert-manager.io/cluster-issuer"] = cluster_issuer
|
||||||
|
|
||||||
ingress = client.V1Ingress(
|
ingress = client.V1Ingress(
|
||||||
|
|||||||
@ -321,17 +321,19 @@ class K8sDeployer(Deployer):
|
|||||||
http_proxy_info = self.cluster_info.spec.get_http_proxy()
|
http_proxy_info = self.cluster_info.spec.get_http_proxy()
|
||||||
# Note: we don't support tls for kind (enabling tls causes errors)
|
# Note: we don't support tls for kind (enabling tls causes errors)
|
||||||
use_tls = http_proxy_info and not self.is_kind()
|
use_tls = http_proxy_info and not self.is_kind()
|
||||||
certificate = (
|
certificates = None
|
||||||
self._find_certificate_for_host_name(http_proxy_info[0]["host-name"])
|
if use_tls:
|
||||||
if use_tls
|
certificates = {}
|
||||||
else None
|
for proxy in http_proxy_info:
|
||||||
)
|
host_name = proxy["host-name"]
|
||||||
|
cert = self._find_certificate_for_host_name(host_name)
|
||||||
|
if cert:
|
||||||
|
certificates[host_name] = cert
|
||||||
if opts.o.debug:
|
if opts.o.debug:
|
||||||
if certificate:
|
print(f"Using existing certificate for {host_name}: {cert}")
|
||||||
print(f"Using existing certificate: {certificate}")
|
|
||||||
|
|
||||||
ingress = self.cluster_info.get_ingress(
|
ingress = self.cluster_info.get_ingress(
|
||||||
use_tls=use_tls, certificate=certificate
|
use_tls=use_tls, certificates=certificates
|
||||||
)
|
)
|
||||||
if ingress:
|
if ingress:
|
||||||
if opts.o.debug:
|
if opts.o.debug:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user