Skip to content

Commit

Permalink
Fix NCP ingress issues
Browse files Browse the repository at this point in the history 
Signed-off-by: Wenkai Yin <yinw@vmware.com>
  • Loading branch information
@ywk253100
ywk253100 committed Dec 22, 2020
1 parent d524210 commit a13e7ff
Showing 1 changed file with 76 additions and 17 deletions.
93 changes: 76 additions & 17 deletions controllers/goharbor/harbor/ingresses.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import (
const (
DefaultIngressAnnotationsEnabled = true
IngressAnnotationsEnabledCOnfigKey = "ingress-annotations-enabled"
NCPIngressValueTrue = "true"
)

type CoreIngress graph.Resource
Expand Down Expand Up @@ -99,7 +100,7 @@ func (r *Reconciler) GetCoreIngressRules(ctx context.Context, harbor *goharborv1
type NotaryIngress graph.Resource

func (r *Reconciler) AddNotaryIngress(ctx context.Context, harbor *goharborv1alpha2.Harbor, notary NotaryServer) (NotaryIngress, error) {
ingress, err := r.GetNotaryServerIngresse(ctx, harbor)
ingress, err := r.GetNotaryServerIngress(ctx, harbor)
if err != nil {
return nil, errors.Wrap(err, "cannot get notary ingress")
}
Expand All @@ -109,7 +110,7 @@ func (r *Reconciler) AddNotaryIngress(ctx context.Context, harbor *goharborv1alp
return NotaryIngress(ingressRes), errors.Wrapf(err, "cannot add notary ingress")
}

func (r *Reconciler) GetNotaryServerIngresse(ctx context.Context, harbor *goharborv1alpha2.Harbor) (*netv1.Ingress, error) {
func (r *Reconciler) GetNotaryServerIngress(ctx context.Context, harbor *goharborv1alpha2.Harbor) (*netv1.Ingress, error) {
if harbor.Spec.Notary == nil {
return nil, nil
}
Expand All @@ -126,28 +127,74 @@ func (r *Reconciler) GetNotaryServerIngresse(ctx context.Context, harbor *goharb
}}
}

ingressRules, err := r.GetNotaryIngressRules(ctx, harbor)
if err != nil {
return nil, errors.Wrap(err, "cannot get notary ingress rules")
}

return &netv1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: r.NormalizeName(ctx, harbor.GetName(), controllers.NotaryServer.String()),
Namespace: harbor.GetNamespace(),
Annotations: r.GetNotaryIngressAnnotations(ctx, harbor),
},
Spec: netv1.IngressSpec{
TLS: tls,
Rules: []netv1.IngressRule{{
Host: harbor.Spec.Expose.Notary.Ingress.Host,
IngressRuleValue: netv1.IngressRuleValue{
HTTP: &netv1.HTTPIngressRuleValue{
Paths: []netv1.HTTPIngressPath{{
Path: "/",
Backend: netv1.IngressBackend{
ServiceName: r.NormalizeName(ctx, harbor.GetName(), controllers.NotaryServer.String()),
ServicePort: intstr.FromInt(notaryserver.PublicPort),
},
}},
TLS: tls,
Rules: ingressRules,
},
}, nil
}

func (r *Reconciler) GetNotaryIngressRules(ctx context.Context, harbor *goharborv1alpha2.Harbor) ([]netv1.IngressRule, error) { // nolint:funlen
var ingressRuleValue netv1.IngressRuleValue

backend := netv1.IngressBackend{
ServiceName: r.NormalizeName(ctx, harbor.GetName(), controllers.NotaryServer.String()),
ServicePort: intstr.FromInt(notaryserver.PublicPort),
}

switch harbor.Spec.Expose.Core.Ingress.Controller {
case harbormetav1.IngressControllerDefault:
ingressRuleValue = netv1.IngressRuleValue{
HTTP: &netv1.HTTPIngressRuleValue{
Paths: []netv1.HTTPIngressPath{
{
Path: "/",
Backend: backend,
},
},
},
}
case harbormetav1.IngressControllerGCE:
ingressRuleValue = netv1.IngressRuleValue{
HTTP: &netv1.HTTPIngressRuleValue{
Paths: []netv1.HTTPIngressPath{
{
Path: "/*",
Backend: backend,
},
},
},
}
case harbormetav1.IngressControllerNCP:
ingressRuleValue = netv1.IngressRuleValue{
HTTP: &netv1.HTTPIngressRuleValue{
Paths: []netv1.HTTPIngressPath{
{
Path: "/.*",
Backend: backend,
},
},
}},
},
}
default:
return nil, ErrInvalidIngressController{harbor.Spec.Expose.Core.Ingress.Controller}
}

return []netv1.IngressRule{
{
Host: harbor.Spec.Expose.Notary.Ingress.Host,
IngressRuleValue: ingressRuleValue,
},
}, nil
}
Expand All @@ -165,6 +212,12 @@ func (r *Reconciler) GetCoreIngressAnnotations(ctx context.Context, harbor *goha
// resolve 413(Too Large Entity) error when push large image. It only works for NGINX ingress.
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
}
if harbor.Spec.Expose.Core.Ingress.Controller == harbormetav1.IngressControllerNCP {
annotations["ncp/use-regex"] = NCPIngressValueTrue
if harbor.Spec.InternalTLS.IsEnabled() {
annotations["ncp/http-redirect"] = NCPIngressValueTrue
}
}

for key, value := range harbor.Spec.Expose.Core.Ingress.Annotations {
annotations[key] = value
Expand All @@ -186,6 +239,12 @@ func (r *Reconciler) GetNotaryIngressAnnotations(ctx context.Context, harbor *go
// resolve 413(Too Large Entity) error when push large image. It only works for NGINX ingress.
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
}
if harbor.Spec.Expose.Core.Ingress.Controller == harbormetav1.IngressControllerNCP {
annotations["ncp/use-regex"] = NCPIngressValueTrue
if harbor.Spec.InternalTLS.IsEnabled() {
annotations["ncp/http-redirect"] = NCPIngressValueTrue
}
}

for key, value := range harbor.Spec.Expose.Notary.Ingress.Annotations {
annotations[key] = value
Expand All @@ -202,7 +261,7 @@ func (err ErrInvalidIngressController) Error() string {
return fmt.Sprintf("controller %s unsupported", err.Controller)
}

func (r *Reconciler) GetCoreIngressRuleValue(ctx context.Context, harbor *goharborv1alpha2.Harbor, core, portal netv1.IngressBackend) (*netv1.IngressRuleValue, error) { // nolint:funlen
func (r *Reconciler) GetCoreIngressRuleValue(ctx context.Context, harbor *goharborv1alpha2.Harbor, core, portal netv1.IngressBackend) (*netv1.IngressRuleValue, error) {
switch harbor.Spec.Expose.Core.Ingress.Controller {
case harbormetav1.IngressControllerDefault:
return &netv1.IngressRuleValue{
Expand Down Expand Up @@ -256,7 +315,7 @@ func (r *Reconciler) GetCoreIngressRuleValue(ctx context.Context, harbor *goharb
return &netv1.IngressRuleValue{
HTTP: &netv1.HTTPIngressRuleValue{
Paths: []netv1.HTTPIngressPath{{
Path: "/",
Path: "/.*",
Backend: portal,
}, {
Path: "/api/.*",
Expand Down

0 comments on commit a13e7ff

Please sign in to comment.