diff --git a/main.go b/main.go index 7a846a1..27a3dce 100644 --- a/main.go +++ b/main.go @@ -21,10 +21,11 @@ func main() { Health: "/", }, }, + Public: true, Env: map[string]string{ "version": "1.0.0", }, - Dns: pulumi.StringRef("pulumi-test-nginx.localdomain"), + //Dns: pulumi.StringRef("pulumi-test-nginx.localdomain"), AllowAllOrigin: true, }) if err != nil { diff --git a/pkg/application/generic.go b/pkg/application/generic.go index e532530..0e164c7 100644 --- a/pkg/application/generic.go +++ b/pkg/application/generic.go @@ -20,6 +20,7 @@ type Configuration struct { Replicas *int Env map[string]string AllowAllOrigin bool + Public bool } type ImagesConfiguration struct { @@ -43,6 +44,7 @@ type application struct { Replicas int Env map[string]string AllowAllOrigin bool + Public bool shouldCreateDns bool shouldCreateCertificate bool @@ -64,6 +66,7 @@ func NewApplication(ctx *pulumi.Context, configuration *Configuration) (*Created Namespace: configuration.Namespace, Env: configuration.Env, AllowAllOrigin: configuration.AllowAllOrigin, + Public: configuration.Public, } var preventDuplicatePath []string @@ -92,6 +95,10 @@ func NewApplication(ctx *pulumi.Context, configuration *Configuration) (*Created application.Replicas = 1 } + if configuration.Dns != nil && configuration.Public { + return nil, errors.New("public exposition and DNS are incompatible") + } + if configuration.Dns != nil { application.Dns = *configuration.Dns application.shouldCreateDns = true @@ -99,6 +106,12 @@ func NewApplication(ctx *pulumi.Context, configuration *Configuration) (*Created application.shouldCreateIngress = true } + if configuration.Public { + application.shouldCreateDns = false + application.shouldCreateCertificate = false + application.shouldCreateIngress = true + } + err := ctx.RegisterComponentResource("pkg:application:CreatedApplication", configuration.Name, application) if err != nil { return nil, err @@ -191,6 +204,7 @@ func (application *application) createResources(ctx *pulumi.Context) (*CreatedAp application.Name, application.Dns, application.AllowAllOrigin, + application.Public, ingressServices, ) diff --git a/pkg/exposition/ingress.go b/pkg/exposition/ingress.go index 5f2ad82..c7ae240 100644 --- a/pkg/exposition/ingress.go +++ b/pkg/exposition/ingress.go @@ -13,6 +13,7 @@ import ( type IngressConfiguration struct { Name string Dns string + Public bool ResponseHeaders *traefik.MiddlewareSpecHeadersArgs services []IngressServices } @@ -22,11 +23,12 @@ type IngressServices struct { Path string } -func NewIngressConfiguration(name string, dns string, allowAllOrigin bool, services []IngressServices) *IngressConfiguration { +func NewIngressConfiguration(name string, dns string, allowAllOrigin bool, public bool, services []IngressServices) *IngressConfiguration { ingressConfiguration := &IngressConfiguration{ Name: name, Dns: dns, services: services, + Public: public, } if allowAllOrigin { @@ -68,7 +70,6 @@ func (ingress *IngressConfiguration) CreateIngress( ingressAnnotations := pulumi.StringMap{ "traefik.ingress.kubernetes.io/router.middlewares": middlewares, - "traefik.ingress.kubernetes.io/router.entrypoints": pulumi.String("websecure"), } // https routing @@ -88,15 +89,48 @@ func (ingress *IngressConfiguration) CreateIngress( }) } - // create http redirect to https - err := ingress.createHttpRedirectIngress(ctx, namespace, parentApplication, ingressPaths) - if err != nil { - return err + var hosts pulumi.StringArray + var certificateSecretName pulumi.StringOutput + var namespaceName pulumi.StringPtrOutput + if ingress.Public { + ingressAnnotations["traefik.ingress.kubernetes.io/router.entrypoints"] = pulumi.String("exp-websecure") + hosts = toPulumiStringArray([]string{"antoine-roux.tk", "antoineroux.tk", "www.antoine-roux.tk", "www.antoineroux.tk"}) + publicCertificate, err := certManager.GetCertificate(ctx, "nginxfront-certificate", pulumi.ID("default-public/nginxfront"), nil) + if err != nil { + return err + } + certificateSecretName = publicCertificate.Spec.SecretName() + publicNamespace, err := v1.GetNamespace(ctx, "default-public", pulumi.ID("default-public"), nil) + if err != nil { + return err + } + namespaceName = publicNamespace.Metadata.Name() + + } else { + ingressAnnotations["traefik.ingress.kubernetes.io/router.entrypoints"] = pulumi.String("websecure") + hosts = toPulumiStringArray([]string{ingress.Dns}) + certificateSecretName = certificate.Spec.SecretName() + + // create http redirect to https + err := ingress.createHttpRedirectIngress(ctx, namespace, parentApplication, ingressPaths) + if err != nil { + return err + } + namespaceName = namespace.Metadata.Name() } - _, err = networking.NewIngress(ctx, fmt.Sprintf("%s-https", ingress.Name), &networking.IngressArgs{ + var ingressRules networking.IngressRuleArray + for _, host := range hosts { + ingressRules = append(ingressRules, networking.IngressRuleArgs{ + Host: host, + Http: &networking.HTTPIngressRuleValueArgs{ + Paths: ingressPaths, + }, + }) + } + _, err := networking.NewIngress(ctx, fmt.Sprintf("%s-https", ingress.Name), &networking.IngressArgs{ Metadata: &meta.ObjectMetaArgs{ - Namespace: namespace.Metadata.Name(), + Namespace: namespaceName, Labels: pulumi.StringMap{ "app.kubernetes.io/part-of": pulumi.String(ingress.Name), "app.kubernetes.io/managed-by": pulumi.String("pulumi"), @@ -105,20 +139,11 @@ func (ingress *IngressConfiguration) CreateIngress( }, Spec: &networking.IngressSpecArgs{ IngressClassName: pulumi.String("traefik-internal"), - Rules: &networking.IngressRuleArray{ - networking.IngressRuleArgs{ - Host: pulumi.StringPtr(ingress.Dns), - Http: &networking.HTTPIngressRuleValueArgs{ - Paths: ingressPaths, - }, - }, - }, + Rules: &ingressRules, Tls: &networking.IngressTLSArray{ networking.IngressTLSArgs{ - Hosts: pulumi.StringArray{ - pulumi.String(ingress.Dns), - }, - SecretName: certificate.Spec.SecretName(), + Hosts: hosts, + SecretName: certificateSecretName, }, }, },