Feat nginx default tls (#39)

* feat(nginx-ingress): internal ingress for azure * feat(nginx-ingress): add option for default TLS cert --------- Co-authored-by: Jakob Englisch <[email protected]> Co-authored-by: Michael Riedmann <[email protected]>
cloudflightio · Nov 28, 2023 · 4a3fff5 · 4a3fff5
1 parent 7d54207
commit 4a3fff5
Showing 1 changed file with 25 additions and 3 deletions.
diff --git a/infrastructure/nginx-ingress/nginx-ingress.libsonnet b/infrastructure/nginx-ingress/nginx-ingress.libsonnet
@@ -6,21 +6,39 @@ local k = (import '../../prelude.libsonnet');
     // begin_config
     nginxingress: {
       name: 'nginx-ingress',
-      loadBalancerIP: error 'you need a static loadbalancer (public ip)',
+      type: 'external',
+      loadBalancerIP: error 'you need a static loadbalancer ip (public IP for external, internal IP for internal)',
+      internalSubnetAzure: null,
       replicas: 2,
+      defaultTlsCertificate: null,
     },
     // end_config
   },
 
   newNginxIngress(config={}):: manifest {
 
+
     local this = self,
     local cfg = $._config.nginxingress + config,
 
-    'service-ingress-nginx-controller'+: {
+    // https://github.com/google/jsonnet/issues/234#issuecomment-275489855
+    local join(a) =
+      local notNull(i) = i != null;
+      local maybeFlatten(acc, i) = if std.type(i) == 'array' then acc + i else acc + [i];
+      std.foldl(maybeFlatten, std.filter(notNull, a), []),
+
+    'service-ingress-nginx-controller'+: if cfg.type == 'external' then {
       spec+: {
         loadBalancerIP: cfg.loadBalancerIP,
       },
+    } else if cfg.type == 'internal-azure' then {
+      metadata+: {
+        annotations+: {
+          'service.beta.kubernetes.io/azure-load-balancer-internal': 'true',
+          'service.beta.kubernetes.io/azure-load-balancer-ipv4': cfg.loadBalancerIP,
+          [if cfg.internalSubnetAzure != null then 'service.beta.kubernetes.io/azure-load-balancer-internal-subnet' else null]: cfg.internalSubnetAzure,
+        },
+      },
     },
 
     'deployment-ingress-nginx-controller'+: {
@@ -30,7 +48,11 @@ local k = (import '../../prelude.libsonnet');
           spec+: {
             containers: [
               super.containers[0] {
-                args: super.args + ['--watch-ingress-without-class'],
+                args: join([
+                  super.args,
+                  '--watch-ingress-without-class',
+                  if cfg.defaultTlsCertificate != null then ['--default-ssl-certificate=' + cfg.defaultTlsCertificate],
+                ]),
               },
             ] + super.containers[1:],
           },