From 514aa37f9a0d32d729ac676967febf0e97a61917 Mon Sep 17 00:00:00 2001 From: ToMe25 Date: Fri, 22 Oct 2021 18:40:29 +0100 Subject: [PATCH] Add support for more then one suffix domain --- base_operator_stack.jsonnet | 21 +++++++++--------- utils.libsonnet | 44 +++++++++++++++++++------------------ vars.jsonnet | 3 +++ 3 files changed, 37 insertions(+), 31 deletions(-) diff --git a/base_operator_stack.jsonnet b/base_operator_stack.jsonnet index e8fca74..836c97a 100644 --- a/base_operator_stack.jsonnet +++ b/base_operator_stack.jsonnet @@ -7,9 +7,10 @@ local vars = import 'vars.jsonnet'; namespace: 'monitoring', urls+:: { - prom_ingress: 'prometheus.' + vars.suffixDomain, - alert_ingress: 'alertmanager.' + vars.suffixDomain, - grafana_ingress: 'grafana.' + vars.suffixDomain, + domains: [vars.suffixDomain] + vars.additionalDomains, + prom_ingress: ['prometheus.' + domain for domain in $._config.urls.domains], + alert_ingress: ['alertmanager.' + domain for domain in $._config.urls.domains], + grafana_ingress: ['grafana.' + domain for domain in $._config.urls.domains], grafana_ingress_external: 'grafana.' + vars.suffixDomain, }, @@ -76,7 +77,7 @@ local vars = import 'vars.jsonnet'; retention: vars.prometheus.retention, scrapeInterval: vars.prometheus.scrapeInterval, scrapeTimeout: vars.prometheus.scrapeTimeout, - externalUrl: 'http://' + $._config.urls.prom_ingress, + externalUrl: 'http://' + $._config.urls.prom_ingress[0], } + (if vars.enablePersistence.prometheus then { storage: { @@ -139,9 +140,9 @@ local vars = import 'vars.jsonnet'; local I = utils.newIngress('alertmanager-main', $._config.namespace, $._config.urls.alert_ingress, '/', 'alertmanager-main', 'web'); if vars.TLSingress then if vars.UseProvidedCerts then - utils.addIngressTLS(I, 'ingress-secret') + utils.addIngressTLS(I, $._config.urls.alert_ingress, 'ingress-secret') else - utils.addIngressTLS(I) + utils.addIngressTLS(I, $._config.urls.alert_ingress) else I, @@ -149,9 +150,9 @@ local vars = import 'vars.jsonnet'; local I = utils.newIngress('grafana', $._config.namespace, $._config.urls.grafana_ingress, '/', 'grafana', 'http'); if vars.TLSingress then if vars.UseProvidedCerts then - utils.addIngressTLS(I, 'ingress-secret') + utils.addIngressTLS(I, $._config.urls.grafana_ingress, 'ingress-secret') else - utils.addIngressTLS(I) + utils.addIngressTLS(I, $._config.urls.grafana_ingress) else I, @@ -159,9 +160,9 @@ local vars = import 'vars.jsonnet'; local I = utils.newIngress('prometheus-k8s', $._config.namespace, $._config.urls.prom_ingress, '/', 'prometheus-k8s', 'web'); if vars.TLSingress then if vars.UseProvidedCerts then - utils.addIngressTLS(I, 'ingress-secret') + utils.addIngressTLS(I, $._config.urls.prom_ingress, 'ingress-secret') else - utils.addIngressTLS(I) + utils.addIngressTLS(I, $._config.urls.prom_ingress) else I, diff --git a/utils.libsonnet b/utils.libsonnet index 19241fd..58a4c5b 100644 --- a/utils.libsonnet +++ b/utils.libsonnet @@ -91,7 +91,7 @@ local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet'; ), // Creates ingress objects - newIngress(name, namespace, host, path, serviceName, servicePort):: ( + newIngress(name, namespace, hosts, path, serviceName, servicePort):: ( { apiVersion: 'networking.k8s.io/v1', kind: 'Ingress', @@ -100,25 +100,28 @@ local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet'; namespace: namespace, }, spec: { - rules: [ + rules: [$.newIngressHost(host, path, serviceName, servicePort) for host in hosts], + }, + } + ), + + // Add host to Ingress resource + newIngressHost(host, path, serviceName, servicePort):: ( + { + host: host, + http: { + paths: [ { - host: host, - http: { - paths: [ - { - backend: { - service: { - name: serviceName, - port: { - name: servicePort, - }, - }, - }, - path: path, - pathType: 'Prefix', + backend: { + service: { + name: serviceName, + port: { + name: servicePort, }, - ], + }, }, + path: path, + pathType: 'Prefix', }, ], }, @@ -126,16 +129,15 @@ local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet'; ), // Add TLS to Ingress resource with secret containing the certificates if exists - addIngressTLS(I, S=''):: ( + addIngressTLS(I, hosts, secretName=''):: ( local ingress = k.networking.v1beta1.ingress; local ingressTls = ingress.mixin.spec.tlsType; - local host = I.spec.rules[0].host; local namespace = I.metadata.namespace; I + ingress.mixin.spec.withTls( ingressTls.new() + - ingressTls.withHosts(host) + - (if S != '' then { secretName: S } else {}) + ingressTls.withHosts(hosts) + + (if secretName != '' then { secretName: secretName } else {}) ) ), diff --git a/vars.jsonnet b/vars.jsonnet index 97d821d..6f6634a 100644 --- a/vars.jsonnet +++ b/vars.jsonnet @@ -54,6 +54,9 @@ // Domain suffix for the ingresses suffixDomain: '192.168.1.15.nip.io', + // Additional domain suffixes for the ingresses. + // For example suffixDomain could be an external one and this a local domain. + additionalDomains: [], // If TLSingress is true, a self-signed HTTPS ingress with redirect will be created TLSingress: true, // If UseProvidedCerts is true, provided files will be used on created HTTPS ingresses.