-
Notifications
You must be signed in to change notification settings - Fork 470
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(conf): support multiple hosts and tls certificates when kong is… #813
Conversation
@bergemalm Thank you for the contribution. Have you considered making this change non-breaking by keeping the old keys and merging paths and TLS config from both? As I can see the only clash we'd have would be the |
20b430a
to
57a38af
Compare
Ok, if that is preferred I can have a look at it @czeslavo . |
57a38af
to
f831a44
Compare
f831a44
to
8b96753
Compare
Hi again @czeslavo, how about solving it like what's in this PR now? (edited the description above removing the breaking change related text) |
Hey @bergemalm, thank you for adjusting the PR 🙂 I think we're on a good track, but I still find a couple of issues we may have here:
proxy:
ingress:
enabled: true Before the changes, it was generating a valid Ingress (it has an empty # Source: kong/templates/service-kong-proxy.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kong-ingress-controller-kong-proxy
namespace: kong
labels:
app.kubernetes.io/name: kong
helm.sh/chart: kong-2.22.0
app.kubernetes.io/instance: "kong-ingress-controller"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/version: "3.2"
spec:
rules:
- host:
http:
paths:
- backend:
service:
name: kong-ingress-controller-kong-proxy
port:
number: 443
path: /
pathType: ImplementationSpecific After the changes, it generates no rules: # Source: kong/templates/service-kong-proxy.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kong-ingress-controller-kong-proxy
namespace: kong
labels:
app.kubernetes.io/name: kong
helm.sh/chart: kong-2.22.0
app.kubernetes.io/instance: "kong-ingress-controller"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/version: "3.2"
spec:
rules: I'd suggest not requiring the
For 2 and 3 I suggest adding the following |
Oh, I've never used an empty host and assumed it was an error. Sorry, I'll have another look then... |
8b96753
to
dede267
Compare
I have made changes now @czeslavo, sorry for the delay. I used your patch for tests but with some modifications, for example the "combined" hostname and hosts test since there would otherwise be a duplication of the |
dede267
to
eb1e476
Compare
I guess we would need a tls secret... Or multiple actually. Keep those in tests or not or how to solve for it @czeslavo ? |
I see now that there are some certificate generation/cert-manager support on other places. The question is if we want similar support for the ingress? |
Perhaps skip adding ingress tls in tests for now and get this merged? More comments? Ping @czeslavo |
It's perfectly fine to define the secrets in test ( to rely on concrete, the same values across test runs). Since that's a non trivial change I'd suggest we try to pursue the route of adding some basic tests for this change. |
eb1e476
to
130b98b
Compare
Ok, so could you point me in the direction of where to create and apply the tls secret(s) before the helm installs? |
@bergemalm You can leverage the extraObjects:
- apiVersion: v1
kind: Secret
metadata:
name: kong.proxy.example.secret |
345bbe5
to
755acfa
Compare
Changes has been pushed, checks are passing. Ready for another review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Beside one tiny nit I commented, LGTM now. 👍
…exposed via ingress
755acfa
to
e882523
Compare
Updated now @czeslavo. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
✅
I cannot merge, please do when appropriate. |
… exposed via ingress
What this PR does / why we need it:
An Ingress support multiple hosts and it's common to use CNAME using "simpler" dns records pointing to the same ingress. We need to support this.
Which issue this PR fixes
Special notes for your reviewer:
Checklist
[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]
main
branch.