go/pulumi-library
2
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Releases 21 Activity

feature: public exposition ingress are shitty

Browse Source
This commit is contained in:
RouxAntoine 2023-11-18 22:20:06 +01:00
parent 41b299fc27
commit 871ec22bf4
Signed by: antoine
GPG Key ID: 098FB66FC0475E70
3 changed files with 61 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
main.go
View File

@ -21,10 +21,11 @@ func main() {
Health: "/", Health: "/",
}, },
}, },
Public: true,
Env: map[string]string{ Env: map[string]string{
"version": "1.0.0", "version": "1.0.0",
}, },
Dns: pulumi.StringRef("pulumi-test-nginx.localdomain"), //Dns: pulumi.StringRef("pulumi-test-nginx.localdomain"),
AllowAllOrigin: true, AllowAllOrigin: true,
}) })
if err != nil { if err != nil {

14
pkg/application/generic.go
View File

@ -20,6 +20,7 @@ type Configuration struct {
Replicas *int Replicas *int
Env map[string]string Env map[string]string
AllowAllOrigin bool AllowAllOrigin bool
Public bool
} }
type ImagesConfiguration struct { type ImagesConfiguration struct {
@ -43,6 +44,7 @@ type application struct {
Replicas int Replicas int
Env map[string]string Env map[string]string
AllowAllOrigin bool AllowAllOrigin bool
Public bool
shouldCreateDns bool shouldCreateDns bool
shouldCreateCertificate bool shouldCreateCertificate bool
@ -64,6 +66,7 @@ func NewApplication(ctx *pulumi.Context, configuration *Configuration) (*Created
Namespace: configuration.Namespace, Namespace: configuration.Namespace,
Env: configuration.Env, Env: configuration.Env,
AllowAllOrigin: configuration.AllowAllOrigin, AllowAllOrigin: configuration.AllowAllOrigin,
Public: configuration.Public,
} }
var preventDuplicatePath []string var preventDuplicatePath []string
@ -92,6 +95,10 @@ func NewApplication(ctx *pulumi.Context, configuration *Configuration) (*Created
application.Replicas = 1 application.Replicas = 1
} }
if configuration.Dns != nil && configuration.Public {
return nil, errors.New("public exposition and DNS are incompatible")
}
if configuration.Dns != nil { if configuration.Dns != nil {
application.Dns = *configuration.Dns application.Dns = *configuration.Dns
application.shouldCreateDns = true application.shouldCreateDns = true
@ -99,6 +106,12 @@ func NewApplication(ctx *pulumi.Context, configuration *Configuration) (*Created
application.shouldCreateIngress = true application.shouldCreateIngress = true
} }
if configuration.Public {
application.shouldCreateDns = false
application.shouldCreateCertificate = false
application.shouldCreateIngress = true
}
err := ctx.RegisterComponentResource("pkg:application:CreatedApplication", configuration.Name, application) err := ctx.RegisterComponentResource("pkg:application:CreatedApplication", configuration.Name, application)
if err != nil { if err != nil {
return nil, err return nil, err
@ -191,6 +204,7 @@ func (application *application) createResources(ctx *pulumi.Context) (*CreatedAp
application.Name, application.Name,
application.Dns, application.Dns,
application.AllowAllOrigin, application.AllowAllOrigin,
application.Public,
ingressServices, ingressServices,
) )

57
pkg/exposition/ingress.go
View File

@ -13,6 +13,7 @@ import (
type IngressConfiguration struct { type IngressConfiguration struct {
Name string Name string
Dns string Dns string
Public bool
ResponseHeaders *traefik.MiddlewareSpecHeadersArgs ResponseHeaders *traefik.MiddlewareSpecHeadersArgs
services []IngressServices services []IngressServices
} }
@ -22,11 +23,12 @@ type IngressServices struct {
Path string Path string
} }
func NewIngressConfiguration(name string, dns string, allowAllOrigin bool, services []IngressServices) *IngressConfiguration { func NewIngressConfiguration(name string, dns string, allowAllOrigin bool, public bool, services []IngressServices) *IngressConfiguration {
ingressConfiguration := &IngressConfiguration{ ingressConfiguration := &IngressConfiguration{
Name: name, Name: name,
Dns: dns, Dns: dns,
services: services, services: services,
Public: public,
} }
if allowAllOrigin { if allowAllOrigin {
@ -68,7 +70,6 @@ func (ingress *IngressConfiguration) CreateIngress(
ingressAnnotations := pulumi.StringMap{ ingressAnnotations := pulumi.StringMap{
"traefik.ingress.kubernetes.io/router.middlewares": middlewares, "traefik.ingress.kubernetes.io/router.middlewares": middlewares,
"traefik.ingress.kubernetes.io/router.entrypoints": pulumi.String("websecure"),
} }
// https routing // https routing
@ -88,15 +89,48 @@ func (ingress *IngressConfiguration) CreateIngress(
}) })
} }
var hosts pulumi.StringArray
var certificateSecretName pulumi.StringOutput
var namespaceName pulumi.StringPtrOutput
if ingress.Public {
ingressAnnotations["traefik.ingress.kubernetes.io/router.entrypoints"] = pulumi.String("exp-websecure")
hosts = toPulumiStringArray([]string{"antoine-roux.tk", "antoineroux.tk", "www.antoine-roux.tk", "www.antoineroux.tk"})
publicCertificate, err := certManager.GetCertificate(ctx, "nginxfront-certificate", pulumi.ID("default-public/nginxfront"), nil)
if err != nil {
return err
}
certificateSecretName = publicCertificate.Spec.SecretName()
publicNamespace, err := v1.GetNamespace(ctx, "default-public", pulumi.ID("default-public"), nil)
if err != nil {
return err
}
namespaceName = publicNamespace.Metadata.Name()
} else {
ingressAnnotations["traefik.ingress.kubernetes.io/router.entrypoints"] = pulumi.String("websecure")
hosts = toPulumiStringArray([]string{ingress.Dns})
certificateSecretName = certificate.Spec.SecretName()
// create http redirect to https // create http redirect to https
err := ingress.createHttpRedirectIngress(ctx, namespace, parentApplication, ingressPaths) err := ingress.createHttpRedirectIngress(ctx, namespace, parentApplication, ingressPaths)
if err != nil { if err != nil {
return err return err
} }
namespaceName = namespace.Metadata.Name()
}
_, err = networking.NewIngress(ctx, fmt.Sprintf("%s-https", ingress.Name), &networking.IngressArgs{ var ingressRules networking.IngressRuleArray
for _, host := range hosts {
ingressRules = append(ingressRules, networking.IngressRuleArgs{
Host: host,
Http: &networking.HTTPIngressRuleValueArgs{
Paths: ingressPaths,
},
})
}
_, err := networking.NewIngress(ctx, fmt.Sprintf("%s-https", ingress.Name), &networking.IngressArgs{
Metadata: &meta.ObjectMetaArgs{ Metadata: &meta.ObjectMetaArgs{
Namespace: namespace.Metadata.Name(), Namespace: namespaceName,
Labels: pulumi.StringMap{ Labels: pulumi.StringMap{
"app.kubernetes.io/part-of": pulumi.String(ingress.Name), "app.kubernetes.io/part-of": pulumi.String(ingress.Name),
"app.kubernetes.io/managed-by": pulumi.String("pulumi"), "app.kubernetes.io/managed-by": pulumi.String("pulumi"),
@ -105,20 +139,11 @@ func (ingress *IngressConfiguration) CreateIngress(
}, },
Spec: &networking.IngressSpecArgs{ Spec: &networking.IngressSpecArgs{
IngressClassName: pulumi.String("traefik-internal"), IngressClassName: pulumi.String("traefik-internal"),
Rules: &networking.IngressRuleArray{ Rules: &ingressRules,
networking.IngressRuleArgs{
Host: pulumi.StringPtr(ingress.Dns),
Http: &networking.HTTPIngressRuleValueArgs{
Paths: ingressPaths,
},
},
},
Tls: &networking.IngressTLSArray{ Tls: &networking.IngressTLSArray{
networking.IngressTLSArgs{ networking.IngressTLSArgs{
Hosts: pulumi.StringArray{ Hosts: hosts,
pulumi.String(ingress.Dns), SecretName: certificateSecretName,
},
SecretName: certificate.Spec.SecretName(),
}, },
}, },
}, },