Add ingress and ingressroutetcp for awxmeshingress (#1646)

* fix: correct port number for internal receptor address * feat: add support for ingress for awxmeshingress cr * feat: add support for ingressroutetcp (for traefik) for awxmeshingress cr
ansible · Dec 13, 2023 · d1719cb · d1719cb
1 parent f09561c
commit d1719cb
Show file tree

Hide file tree

Showing 5 changed files with 108 additions and 2 deletions.
diff --git a/config/crd/bases/awx.ansible.com_awxmeshingresses.yaml b/config/crd/bases/awx.ansible.com_awxmeshingresses.yaml
@@ -47,6 +47,29 @@ spec:
               external_ipaddress:
                 description: External IP address to use for the Mesh Ingress.
                 type: string
+              ingress_type:
+                description: The ingress type to use to reach the deployed instance
+                type: string
+                enum:
+                - none
+                - Ingress
+                - ingress
+                - IngressRouteTCP
+                - ingressroutetcp
+                - Route
+                - route
+              ingress_api_version:
+                description: The Ingress API version to use
+                type: string
+              ingress_annotations:
+                description: Annotations to add to the Ingress Controller
+                type: string
+              ingress_class_name:
+                description: The name of ingress class to use instead of the cluster default.
+                type: string
+              ingress_controller:
+                description: Special configuration for specific Ingress Controllers
+                type: string
           status:
             description: Status defines the observed state of AWXMeshIngress
             type: object

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -124,3 +124,16 @@ rules:
       - awxrestores
     verbs:
       - '*'
+  - apiGroups:
+      - traefik.containo.us
+      - traefik.io
+    resources:
+      - ingressroutetcps
+    verbs:
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
diff --git a/roles/mesh_ingress/defaults/main.yml b/roles/mesh_ingress/defaults/main.yml
@@ -1,5 +1,12 @@
+---
 deployment_type: awx
 
+ingress_type: none
+ingress_api_version: 'networking.k8s.io/v1'
+ingress_annotations: ''
+ingress_class_name: ''
+ingress_controller: ''
+
 set_self_owneref: true
 
 _control_plane_ee_image: quay.io/ansible/awx-ee:latest

diff --git a/roles/mesh_ingress/tasks/creation.yml b/roles/mesh_ingress/tasks/creation.yml
@@ -65,7 +65,6 @@
     wait: yes
     wait_timeout: "120"
   register: route
-  when: is_openshift | bool
 
 # TODO: need to wait until the route is ready before we can get the hostname
 # right now this will rereconcile until the route is ready
@@ -127,7 +126,7 @@
     namespace: "{{ ansible_operator_meta.namespace }}"
     pod: "{{ awx_task_pod_name }}"
     container: "{{ deployment_name }}-task"
-    command: "awx-manage add_receptor_address --hostname {{ ansible_operator_meta.name  }} --address {{ ansible_operator_meta.name }} --port 443 --protocol ws --is_internal --peers_from_control_nodes"
+    command: "awx-manage add_receptor_address --hostname {{ ansible_operator_meta.name  }} --address {{ ansible_operator_meta.name }} --port 27199 --protocol ws --is_internal --peers_from_control_nodes"
 
 - name: Add external receptor address
   kubernetes.core.k8s_exec:

diff --git a/roles/mesh_ingress/templates/route.yml.j2 b/roles/mesh_ingress/templates/route.yml.j2
@@ -1,3 +1,66 @@
+{% if ingress_type|lower == "ingress" %}
+---
+{% if ingress_api_version is defined %}
+apiVersion: '{{ ingress_api_version }}'
+{% endif %}
+kind: Ingress
+metadata:
+  name: {{ ansible_operator_meta.name }}
+  namespace: {{ ansible_operator_meta.namespace }}
+  annotations:
+{% if ingress_annotations %}
+    {{ ingress_annotations | indent(width=4) }}
+{% endif %}
+{% if ingress_controller|lower == "nginx" %}
+      nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+{% endif %}
+spec:
+{% if ingress_class_name %}
+  ingressClassName: '{{ ingress_class_name }}'
+{% endif %}
+  rules:
+    - http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ ansible_operator_meta.name }}
+                port:
+                  number: 27199
+{% if external_hostname %}
+      host: {{ external_hostname }}
+{% endif %}
+{% endif %}
+
+{% if ingress_type|lower == "ingressroutetcp" %}
+---
+{% if ingress_api_version is defined %}
+apiVersion: '{{ ingress_api_version }}'
+{% endif %}
+kind: IngressRouteTCP
+metadata:
+  name: {{ ansible_operator_meta.name }}
+  namespace: {{ ansible_operator_meta.namespace }}
+  annotations:
+{% if ingress_annotations %}
+    {{ ingress_annotations | indent(width=4) }}
+{% endif %}
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - services:
+      - name: {{ ansible_operator_meta.name }}
+        port: 27199
+{% if external_hostname %}
+      match: HostSNI(`{{ external_hostname }}`)
+{% endif %}
+  tls:
+    passthrough: true
+{% endif %}
+
+{% if ingress_type|lower == "route" %}
 ---
 apiVersion: route.openshift.io/v1
 kind: Route
@@ -17,3 +80,4 @@ spec:
     name: {{ ansible_operator_meta.name }}
     weight: 100
   wildcardPolicy: None
+{% endif %}