From da7e227f71c2cf92db6b20618be047c5a97245b4 Mon Sep 17 00:00:00 2001 From: kurokobo Date: Thu, 14 Dec 2023 04:10:47 +0900 Subject: [PATCH] Add ingress and ingressroutetcp for awxmeshingress (#1646) * fix: correct port number for internal receptor address * feat: add support for ingress for awxmeshingress cr * feat: add support for ingressroutetcp (for traefik) for awxmeshingress cr --- .../awx.ansible.com_awxmeshingresses.yaml | 23 +++++++ config/rbac/role.yaml | 13 ++++ roles/mesh_ingress/defaults/main.yml | 7 ++ roles/mesh_ingress/tasks/creation.yml | 3 +- roles/mesh_ingress/templates/route.yml.j2 | 64 +++++++++++++++++++ 5 files changed, 108 insertions(+), 2 deletions(-) diff --git a/config/crd/bases/awx.ansible.com_awxmeshingresses.yaml b/config/crd/bases/awx.ansible.com_awxmeshingresses.yaml index fcdb22ba..483a9e38 100644 --- a/config/crd/bases/awx.ansible.com_awxmeshingresses.yaml +++ b/config/crd/bases/awx.ansible.com_awxmeshingresses.yaml @@ -47,6 +47,29 @@ spec: external_ipaddress: description: External IP address to use for the Mesh Ingress. type: string + ingress_type: + description: The ingress type to use to reach the deployed instance + type: string + enum: + - none + - Ingress + - ingress + - IngressRouteTCP + - ingressroutetcp + - Route + - route + ingress_api_version: + description: The Ingress API version to use + type: string + ingress_annotations: + description: Annotations to add to the Ingress Controller + type: string + ingress_class_name: + description: The name of ingress class to use instead of the cluster default. + type: string + ingress_controller: + description: Special configuration for specific Ingress Controllers + type: string status: description: Status defines the observed state of AWXMeshIngress type: object diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 105862dd..9d2af0ce 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -124,3 +124,16 @@ rules: - awxrestores verbs: - '*' + - apiGroups: + - traefik.containo.us + - traefik.io + resources: + - ingressroutetcps + verbs: + - get + - list + - create + - delete + - patch + - update + - watch diff --git a/roles/mesh_ingress/defaults/main.yml b/roles/mesh_ingress/defaults/main.yml index 28e05ef9..8351bb82 100644 --- a/roles/mesh_ingress/defaults/main.yml +++ b/roles/mesh_ingress/defaults/main.yml @@ -1,5 +1,12 @@ +--- deployment_type: awx +ingress_type: none +ingress_api_version: 'networking.k8s.io/v1' +ingress_annotations: '' +ingress_class_name: '' +ingress_controller: '' + set_self_owneref: true _control_plane_ee_image: quay.io/ansible/awx-ee:latest diff --git a/roles/mesh_ingress/tasks/creation.yml b/roles/mesh_ingress/tasks/creation.yml index f08234f4..66cbd0fe 100644 --- a/roles/mesh_ingress/tasks/creation.yml +++ b/roles/mesh_ingress/tasks/creation.yml @@ -65,7 +65,6 @@ wait: yes wait_timeout: "120" register: route - when: is_openshift | bool # TODO: need to wait until the route is ready before we can get the hostname # right now this will rereconcile until the route is ready @@ -127,7 +126,7 @@ namespace: "{{ ansible_operator_meta.namespace }}" pod: "{{ awx_task_pod_name }}" container: "{{ deployment_name }}-task" - command: "awx-manage add_receptor_address --hostname {{ ansible_operator_meta.name }} --address {{ ansible_operator_meta.name }} --port 443 --protocol ws --is_internal --peers_from_control_nodes" + command: "awx-manage add_receptor_address --hostname {{ ansible_operator_meta.name }} --address {{ ansible_operator_meta.name }} --port 27199 --protocol ws --is_internal --peers_from_control_nodes" - name: Add external receptor address kubernetes.core.k8s_exec: diff --git a/roles/mesh_ingress/templates/route.yml.j2 b/roles/mesh_ingress/templates/route.yml.j2 index 493dfe77..d37c0a18 100644 --- a/roles/mesh_ingress/templates/route.yml.j2 +++ b/roles/mesh_ingress/templates/route.yml.j2 @@ -1,3 +1,66 @@ +{% if ingress_type|lower == "ingress" %} +--- +{% if ingress_api_version is defined %} +apiVersion: '{{ ingress_api_version }}' +{% endif %} +kind: Ingress +metadata: + name: {{ ansible_operator_meta.name }} + namespace: {{ ansible_operator_meta.namespace }} + annotations: +{% if ingress_annotations %} + {{ ingress_annotations | indent(width=4) }} +{% endif %} +{% if ingress_controller|lower == "nginx" %} + nginx.ingress.kubernetes.io/ssl-passthrough: "true" +{% endif %} +spec: +{% if ingress_class_name %} + ingressClassName: '{{ ingress_class_name }}' +{% endif %} + rules: + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ ansible_operator_meta.name }} + port: + number: 27199 +{% if external_hostname %} + host: {{ external_hostname }} +{% endif %} +{% endif %} + +{% if ingress_type|lower == "ingressroutetcp" %} +--- +{% if ingress_api_version is defined %} +apiVersion: '{{ ingress_api_version }}' +{% endif %} +kind: IngressRouteTCP +metadata: + name: {{ ansible_operator_meta.name }} + namespace: {{ ansible_operator_meta.namespace }} + annotations: +{% if ingress_annotations %} + {{ ingress_annotations | indent(width=4) }} +{% endif %} +spec: + entryPoints: + - websecure + routes: + - services: + - name: {{ ansible_operator_meta.name }} + port: 27199 +{% if external_hostname %} + match: HostSNI(`{{ external_hostname }}`) +{% endif %} + tls: + passthrough: true +{% endif %} + +{% if ingress_type|lower == "route" %} --- apiVersion: route.openshift.io/v1 kind: Route @@ -17,3 +80,4 @@ spec: name: {{ ansible_operator_meta.name }} weight: 100 wildcardPolicy: None +{% endif %}