Add support for more then one suffix domain

3 years ago · 514aa37f9a
parent c0807b6477
commit 514aa37f9a
3 changed files with 37 additions and 31 deletions
--- a/base_operator_stack.jsonnet
+++ b/base_operator_stack.jsonnet
@ -7,9 +7,10 @@ local vars = import 'vars.jsonnet';
    namespace: 'monitoring',

    urls+:: {
-      prom_ingress: 'prometheus.' + vars.suffixDomain,
-      alert_ingress: 'alertmanager.' + vars.suffixDomain,
-      grafana_ingress: 'grafana.' + vars.suffixDomain,
+      domains: [vars.suffixDomain] + vars.additionalDomains,
+      prom_ingress: ['prometheus.' + domain for domain in $._config.urls.domains],
+      alert_ingress: ['alertmanager.' + domain for domain in $._config.urls.domains],
+      grafana_ingress: ['grafana.' + domain for domain in $._config.urls.domains],
      grafana_ingress_external: 'grafana.' + vars.suffixDomain,
    },

@ -76,7 +77,7 @@ local vars = import 'vars.jsonnet';
               retention: vars.prometheus.retention,
               scrapeInterval: vars.prometheus.scrapeInterval,
               scrapeTimeout: vars.prometheus.scrapeTimeout,
-               externalUrl: 'http://' + $._config.urls.prom_ingress,
+               externalUrl: 'http://' + $._config.urls.prom_ingress[0],
             }
             + (if vars.enablePersistence.prometheus then {
                  storage: {
@ -139,9 +140,9 @@ local vars = import 'vars.jsonnet';
      local I = utils.newIngress('alertmanager-main', $._config.namespace, $._config.urls.alert_ingress, '/', 'alertmanager-main', 'web');
      if vars.TLSingress then
        if vars.UseProvidedCerts then
-          utils.addIngressTLS(I, 'ingress-secret')
+          utils.addIngressTLS(I, $._config.urls.alert_ingress, 'ingress-secret')
        else
-          utils.addIngressTLS(I)
+          utils.addIngressTLS(I, $._config.urls.alert_ingress)
      else
        I,

@ -149,9 +150,9 @@ local vars = import 'vars.jsonnet';
      local I = utils.newIngress('grafana', $._config.namespace, $._config.urls.grafana_ingress, '/', 'grafana', 'http');
      if vars.TLSingress then
        if vars.UseProvidedCerts then
-          utils.addIngressTLS(I, 'ingress-secret')
+          utils.addIngressTLS(I, $._config.urls.grafana_ingress, 'ingress-secret')
        else
-          utils.addIngressTLS(I)
+          utils.addIngressTLS(I, $._config.urls.grafana_ingress)
      else
        I,

@ -159,9 +160,9 @@ local vars = import 'vars.jsonnet';
      local I = utils.newIngress('prometheus-k8s', $._config.namespace, $._config.urls.prom_ingress, '/', 'prometheus-k8s', 'web');
      if vars.TLSingress then
        if vars.UseProvidedCerts then
-          utils.addIngressTLS(I, 'ingress-secret')
+          utils.addIngressTLS(I, $._config.urls.prom_ingress, 'ingress-secret')
        else
-          utils.addIngressTLS(I)
+          utils.addIngressTLS(I, $._config.urls.prom_ingress)
      else
        I,

--- a/utils.libsonnet
+++ b/utils.libsonnet
@ -91,7 +91,7 @@ local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
  ),

  // Creates ingress objects
-  newIngress(name, namespace, host, path, serviceName, servicePort):: (
+  newIngress(name, namespace, hosts, path, serviceName, servicePort):: (
    {
      apiVersion: 'networking.k8s.io/v1',
      kind: 'Ingress',
@ -100,25 +100,28 @@ local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
        namespace: namespace,
      },
      spec: {
-        rules: [
+        rules: [$.newIngressHost(host, path, serviceName, servicePort) for host in hosts],
+      },
+    }
+  ),
+
+  // Add host to Ingress resource
+  newIngressHost(host, path, serviceName, servicePort):: (
+    {
+      host: host,
+      http: {
+        paths: [
          {
-            host: host,
-            http: {
-              paths: [
-                {
-                  backend: {
-                    service: {
-                      name: serviceName,
-                      port: {
-                        name: servicePort,
-                      },
-                    },
-                  },
-                  path: path,
-                  pathType: 'Prefix',
+            backend: {
+              service: {
+                name: serviceName,
+                port: {
+                  name: servicePort,
                },
-              ],
+              },
            },
+            path: path,
+            pathType: 'Prefix',
          },
        ],
      },
@ -126,16 +129,15 @@ local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
  ),

  // Add TLS to Ingress resource with secret containing the certificates if exists
-  addIngressTLS(I, S=''):: (
+  addIngressTLS(I, hosts, secretName=''):: (
    local ingress = k.networking.v1beta1.ingress;
    local ingressTls = ingress.mixin.spec.tlsType;
-    local host = I.spec.rules[0].host;
    local namespace = I.metadata.namespace;

    I + ingress.mixin.spec.withTls(
      ingressTls.new() +
-      ingressTls.withHosts(host) +
-      (if S != '' then { secretName: S } else {})
+      ingressTls.withHosts(hosts) +
+      (if secretName != '' then { secretName: secretName } else {})
    )
  ),

--- a/vars.jsonnet
+++ b/vars.jsonnet
@ -54,6 +54,9 @@

  // Domain suffix for the ingresses
  suffixDomain: '192.168.1.15.nip.io',
+  // Additional domain suffixes for the ingresses.
+  // For example suffixDomain could be an external one and this a local domain.
+  additionalDomains: [],
  // If TLSingress is true, a self-signed HTTPS ingress with redirect will be created
  TLSingress: true,
  // If UseProvidedCerts is true, provided files will be used on created HTTPS ingresses.