feature: public exposition ingress are shitty

This commit is contained in:
RouxAntoine 2023-11-18 22:20:06 +01:00
parent 41b299fc27
commit 871ec22bf4
Signed by: antoine
GPG Key ID: 098FB66FC0475E70
3 changed files with 61 additions and 21 deletions

View File

@ -21,10 +21,11 @@ func main() {
Health: "/",
},
},
Public: true,
Env: map[string]string{
"version": "1.0.0",
},
Dns: pulumi.StringRef("pulumi-test-nginx.localdomain"),
//Dns: pulumi.StringRef("pulumi-test-nginx.localdomain"),
AllowAllOrigin: true,
})
if err != nil {

View File

@ -20,6 +20,7 @@ type Configuration struct {
Replicas *int
Env map[string]string
AllowAllOrigin bool
Public bool
}
type ImagesConfiguration struct {
@ -43,6 +44,7 @@ type application struct {
Replicas int
Env map[string]string
AllowAllOrigin bool
Public bool
shouldCreateDns bool
shouldCreateCertificate bool
@ -64,6 +66,7 @@ func NewApplication(ctx *pulumi.Context, configuration *Configuration) (*Created
Namespace: configuration.Namespace,
Env: configuration.Env,
AllowAllOrigin: configuration.AllowAllOrigin,
Public: configuration.Public,
}
var preventDuplicatePath []string
@ -92,6 +95,10 @@ func NewApplication(ctx *pulumi.Context, configuration *Configuration) (*Created
application.Replicas = 1
}
if configuration.Dns != nil && configuration.Public {
return nil, errors.New("public exposition and DNS are incompatible")
}
if configuration.Dns != nil {
application.Dns = *configuration.Dns
application.shouldCreateDns = true
@ -99,6 +106,12 @@ func NewApplication(ctx *pulumi.Context, configuration *Configuration) (*Created
application.shouldCreateIngress = true
}
if configuration.Public {
application.shouldCreateDns = false
application.shouldCreateCertificate = false
application.shouldCreateIngress = true
}
err := ctx.RegisterComponentResource("pkg:application:CreatedApplication", configuration.Name, application)
if err != nil {
return nil, err
@ -191,6 +204,7 @@ func (application *application) createResources(ctx *pulumi.Context) (*CreatedAp
application.Name,
application.Dns,
application.AllowAllOrigin,
application.Public,
ingressServices,
)

View File

@ -13,6 +13,7 @@ import (
type IngressConfiguration struct {
Name string
Dns string
Public bool
ResponseHeaders *traefik.MiddlewareSpecHeadersArgs
services []IngressServices
}
@ -22,11 +23,12 @@ type IngressServices struct {
Path string
}
func NewIngressConfiguration(name string, dns string, allowAllOrigin bool, services []IngressServices) *IngressConfiguration {
func NewIngressConfiguration(name string, dns string, allowAllOrigin bool, public bool, services []IngressServices) *IngressConfiguration {
ingressConfiguration := &IngressConfiguration{
Name: name,
Dns: dns,
services: services,
Public: public,
}
if allowAllOrigin {
@ -68,7 +70,6 @@ func (ingress *IngressConfiguration) CreateIngress(
ingressAnnotations := pulumi.StringMap{
"traefik.ingress.kubernetes.io/router.middlewares": middlewares,
"traefik.ingress.kubernetes.io/router.entrypoints": pulumi.String("websecure"),
}
// https routing
@ -88,15 +89,48 @@ func (ingress *IngressConfiguration) CreateIngress(
})
}
var hosts pulumi.StringArray
var certificateSecretName pulumi.StringOutput
var namespaceName pulumi.StringPtrOutput
if ingress.Public {
ingressAnnotations["traefik.ingress.kubernetes.io/router.entrypoints"] = pulumi.String("exp-websecure")
hosts = toPulumiStringArray([]string{"antoine-roux.tk", "antoineroux.tk", "www.antoine-roux.tk", "www.antoineroux.tk"})
publicCertificate, err := certManager.GetCertificate(ctx, "nginxfront-certificate", pulumi.ID("default-public/nginxfront"), nil)
if err != nil {
return err
}
certificateSecretName = publicCertificate.Spec.SecretName()
publicNamespace, err := v1.GetNamespace(ctx, "default-public", pulumi.ID("default-public"), nil)
if err != nil {
return err
}
namespaceName = publicNamespace.Metadata.Name()
} else {
ingressAnnotations["traefik.ingress.kubernetes.io/router.entrypoints"] = pulumi.String("websecure")
hosts = toPulumiStringArray([]string{ingress.Dns})
certificateSecretName = certificate.Spec.SecretName()
// create http redirect to https
err := ingress.createHttpRedirectIngress(ctx, namespace, parentApplication, ingressPaths)
if err != nil {
return err
}
namespaceName = namespace.Metadata.Name()
}
_, err = networking.NewIngress(ctx, fmt.Sprintf("%s-https", ingress.Name), &networking.IngressArgs{
var ingressRules networking.IngressRuleArray
for _, host := range hosts {
ingressRules = append(ingressRules, networking.IngressRuleArgs{
Host: host,
Http: &networking.HTTPIngressRuleValueArgs{
Paths: ingressPaths,
},
})
}
_, err := networking.NewIngress(ctx, fmt.Sprintf("%s-https", ingress.Name), &networking.IngressArgs{
Metadata: &meta.ObjectMetaArgs{
Namespace: namespace.Metadata.Name(),
Namespace: namespaceName,
Labels: pulumi.StringMap{
"app.kubernetes.io/part-of": pulumi.String(ingress.Name),
"app.kubernetes.io/managed-by": pulumi.String("pulumi"),
@ -105,20 +139,11 @@ func (ingress *IngressConfiguration) CreateIngress(
},
Spec: &networking.IngressSpecArgs{
IngressClassName: pulumi.String("traefik-internal"),
Rules: &networking.IngressRuleArray{
networking.IngressRuleArgs{
Host: pulumi.StringPtr(ingress.Dns),
Http: &networking.HTTPIngressRuleValueArgs{
Paths: ingressPaths,
},
},
},
Rules: &ingressRules,
Tls: &networking.IngressTLSArray{
networking.IngressTLSArgs{
Hosts: pulumi.StringArray{
pulumi.String(ingress.Dns),
},
SecretName: certificate.Spec.SecretName(),
Hosts: hosts,
SecretName: certificateSecretName,
},
},
},