Add ingress and ingressroutetcp for awxmeshingress (#1646)

* fix: correct port number for internal receptor address * feat: add support for ingress for awxmeshingress cr * feat: add support for ingressroutetcp (for traefik) for awxmeshingress cr
2026-03-27 05:43:11 +00:00 · 2023-12-14 04:10:47 +09:00
parent 98d5ac126d
commit da7e227f71
5 changed files with 108 additions and 2 deletions
--- a/config/crd/bases/awx.ansible.com_awxmeshingresses.yaml
+++ b/config/crd/bases/awx.ansible.com_awxmeshingresses.yaml
@@ -47,6 +47,29 @@ spec:
              external_ipaddress:
                description: External IP address to use for the Mesh Ingress.
                type: string
+              ingress_type:
+                description: The ingress type to use to reach the deployed instance
+                type: string
+                enum:
+                - none
+                - Ingress
+                - ingress
+                - IngressRouteTCP
+                - ingressroutetcp
+                - Route
+                - route
+              ingress_api_version:
+                description: The Ingress API version to use
+                type: string
+              ingress_annotations:
+                description: Annotations to add to the Ingress Controller
+                type: string
+              ingress_class_name:
+                description: The name of ingress class to use instead of the cluster default.
+                type: string
+              ingress_controller:
+                description: Special configuration for specific Ingress Controllers
+                type: string
          status:
            description: Status defines the observed state of AWXMeshIngress
            type: object
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -124,3 +124,16 @@ rules:
      - awxrestores
    verbs:
      - '*'
+  - apiGroups:
+      - traefik.containo.us
+      - traefik.io
+    resources:
+      - ingressroutetcps
+    verbs:
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
--- a/roles/mesh_ingress/defaults/main.yml
+++ b/roles/mesh_ingress/defaults/main.yml
@@ -1,5 +1,12 @@
+---
 deployment_type: awx

+ingress_type: none
+ingress_api_version: 'networking.k8s.io/v1'
+ingress_annotations: ''
+ingress_class_name: ''
+ingress_controller: ''
+
 set_self_owneref: true

 _control_plane_ee_image: quay.io/ansible/awx-ee:latest
--- a/roles/mesh_ingress/tasks/creation.yml
+++ b/roles/mesh_ingress/tasks/creation.yml
@@ -65,7 +65,6 @@
    wait: yes
    wait_timeout: "120"
  register: route
-  when: is_openshift | bool

 # TODO: need to wait until the route is ready before we can get the hostname
 # right now this will rereconcile until the route is ready
@@ -127,7 +126,7 @@
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ awx_task_pod_name }}"
    container: "{{ deployment_name }}-task"
-    command: "awx-manage add_receptor_address --hostname {{ ansible_operator_meta.name  }} --address {{ ansible_operator_meta.name }} --port 443 --protocol ws --is_internal --peers_from_control_nodes"
+    command: "awx-manage add_receptor_address --hostname {{ ansible_operator_meta.name  }} --address {{ ansible_operator_meta.name }} --port 27199 --protocol ws --is_internal --peers_from_control_nodes"

 - name: Add external receptor address
  kubernetes.core.k8s_exec:
--- a/roles/mesh_ingress/templates/route.yml.j2
+++ b/roles/mesh_ingress/templates/route.yml.j2
@@ -1,3 +1,66 @@
+{% if ingress_type|lower == "ingress" %}
+---
+{% if ingress_api_version is defined %}
+apiVersion: '{{ ingress_api_version }}'
+{% endif %}
+kind: Ingress
+metadata:
+  name: {{ ansible_operator_meta.name }}
+  namespace: {{ ansible_operator_meta.namespace }}
+  annotations:
+{% if ingress_annotations %}
+    {{ ingress_annotations | indent(width=4) }}
+{% endif %}
+{% if ingress_controller|lower == "nginx" %}
+      nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+{% endif %}
+spec:
+{% if ingress_class_name %}
+  ingressClassName: '{{ ingress_class_name }}'
+{% endif %}
+  rules:
+    - http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ ansible_operator_meta.name }}
+                port:
+                  number: 27199
+{% if external_hostname %}
+      host: {{ external_hostname }}
+{% endif %}
+{% endif %}
+
+{% if ingress_type|lower == "ingressroutetcp" %}
+---
+{% if ingress_api_version is defined %}
+apiVersion: '{{ ingress_api_version }}'
+{% endif %}
+kind: IngressRouteTCP
+metadata:
+  name: {{ ansible_operator_meta.name }}
+  namespace: {{ ansible_operator_meta.namespace }}
+  annotations:
+{% if ingress_annotations %}
+    {{ ingress_annotations | indent(width=4) }}
+{% endif %}
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - services:
+      - name: {{ ansible_operator_meta.name }}
+        port: 27199
+{% if external_hostname %}
+      match: HostSNI(`{{ external_hostname }}`)
+{% endif %}
+  tls:
+    passthrough: true
+{% endif %}
+
+{% if ingress_type|lower == "route" %}
 ---
 apiVersion: route.openshift.io/v1
 kind: Route
@@ -17,3 +80,4 @@ spec:
    name: {{ ansible_operator_meta.name }}
    weight: 100
  wildcardPolicy: None
+{% endif %}