charm-k8s-ingress

Merge ~mthaddon/charm-k8s-ingress/+git/charm-k8s-ingress:tls into charm-k8s-ingress:master

  1. Git
  2. lp:~mthaddon/charm-k8s-ingress/+git/charm-k8s-ingress
  3. tls
  4. Merge into master
Proposed by Tom Haddon
Status: Merged
Approved by: Jon Seager
Approved revision: c8e467cd4432896107685a886826c85aea3ea0bd
Merged at revision: 1eac8971aa12609e24a5c2c4056093333ccdbbc4
Proposed branch: ~mthaddon/charm-k8s-ingress/+git/charm-k8s-ingress:tls
Merge into: charm-k8s-ingress:master
Diff against target: 129 lines (+71/-22)
3 files modified
config.yaml (+4/-0)
src/charm.py (+32/-22)
tests/unit/test_charm.py (+35/-0)
Reviewer Review Type Date Requested Status
🤖 prod-jenkaas-is (community) continuous-integration Approve
ingress-charmers Pending
Review via email: mp+400174@code.launchpad.net

Commit message

Add support for TLS

To post a comment you must log in.
Revision history for this message
🤖 prod-jenkaas-is (prod-jenkaas-is) wrote :

A CI job is currently in progress. A follow up comment will be added when it completes.

Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
🤖 prod-jenkaas-is (prod-jenkaas-is) wrote :

PASSED: Continuous integration, rev:c8e467cd4432896107685a886826c85aea3ea0bd
https://jenkins.canonical.com/is/job/lp-charm-k8s-ingress-ci/5/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/is/job/lp-charm-test/35/
    None: https://jenkins.canonical.com/is/job/lp-update-mp/49240/

Click here to trigger a rebuild:
https://jenkins.canonical.com/is/job/lp-charm-k8s-ingress-ci/5//rebuild

review: Approve (continuous-integration)
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision 1eac8971aa12609e24a5c2c4056093333ccdbbc4

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/config.yaml b/config.yaml
2index fe2691d..e9d5df8 100644
3--- a/config.yaml
4+++ b/config.yaml
5@@ -21,3 +21,7 @@ options:
6 default: 0
7 description: The port of the service to create an ingress for.
8 type: int
9+ tls_secret_name:
10+ default: ""
11+ description: The name of the TLS secret to use. Leaving this empty will configure an Ingress with TLS disabled.
12+ type: string
13diff --git a/src/charm.py b/src/charm.py
14index 5e48538..7639bdb 100755
15--- a/src/charm.py
16+++ b/src/charm.py
17@@ -102,34 +102,44 @@ class CharmK8SIngressCharm(CharmBase):
18
19 def _get_k8s_ingress(self):
20 """Get a K8s ingress definition."""
21+ spec = kubernetes.client.NetworkingV1beta1IngressSpec(
22+ rules=[
23+ kubernetes.client.NetworkingV1beta1IngressRule(
24+ host=self.config["service-hostname"],
25+ http=kubernetes.client.NetworkingV1beta1HTTPIngressRuleValue(
26+ paths=[
27+ kubernetes.client.NetworkingV1beta1HTTPIngressPath(
28+ path="/",
29+ backend=kubernetes.client.NetworkingV1beta1IngressBackend(
30+ service_port=self.config["service-port"],
31+ service_name=self._service_name,
32+ ),
33+ )
34+ ]
35+ ),
36+ )
37+ ]
38+ )
39+ annotations = {
40+ "nginx.ingress.kubernetes.io/rewrite-target": "/",
41+ }
42+ tls_secret_name = self.config.get("tls_secret_name")
43+ if tls_secret_name:
44+ spec.tls = kubernetes.client.NetworkingV1beta1IngressTLS(
45+ hosts=[self.config["service-hostname"]],
46+ secret_name=tls_secret_name,
47+ )
48+ else:
49+ annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = "false"
50+
51 return kubernetes.client.NetworkingV1beta1Ingress(
52 api_version="networking.k8s.io/v1beta1",
53 kind="Ingress",
54 metadata=kubernetes.client.V1ObjectMeta(
55 name=self._ingress_name,
56- annotations={
57- "nginx.ingress.kubernetes.io/rewrite-target": "/",
58- "nginx.ingress.kubernetes.io/ssl-redirect": "false",
59- },
60- ),
61- spec=kubernetes.client.NetworkingV1beta1IngressSpec(
62- rules=[
63- kubernetes.client.NetworkingV1beta1IngressRule(
64- host=self.config["service-hostname"],
65- http=kubernetes.client.NetworkingV1beta1HTTPIngressRuleValue(
66- paths=[
67- kubernetes.client.NetworkingV1beta1HTTPIngressPath(
68- path="/",
69- backend=kubernetes.client.NetworkingV1beta1IngressBackend(
70- service_port=self.config["service-port"],
71- service_name=self._service_name,
72- ),
73- )
74- ]
75- ),
76- )
77- ]
78+ annotations=annotations,
79 ),
80+ spec=spec,
81 )
82
83 def _report_service_ips(self):
84diff --git a/tests/unit/test_charm.py b/tests/unit/test_charm.py
85index b861cb0..2d335c7 100644
86--- a/tests/unit/test_charm.py
87+++ b/tests/unit/test_charm.py
88@@ -88,6 +88,41 @@ class TestCharm(unittest.TestCase):
89 ),
90 )
91 self.assertEqual(self.harness.charm._get_k8s_ingress(), expected)
92+ # Test with TLS.
93+ expected = kubernetes.client.NetworkingV1beta1Ingress(
94+ api_version="networking.k8s.io/v1beta1",
95+ kind="Ingress",
96+ metadata=kubernetes.client.V1ObjectMeta(
97+ name="gunicorn-ingress",
98+ annotations={
99+ "nginx.ingress.kubernetes.io/rewrite-target": "/",
100+ },
101+ ),
102+ spec=kubernetes.client.NetworkingV1beta1IngressSpec(
103+ rules=[
104+ kubernetes.client.NetworkingV1beta1IngressRule(
105+ host="foo.internal",
106+ http=kubernetes.client.NetworkingV1beta1HTTPIngressRuleValue(
107+ paths=[
108+ kubernetes.client.NetworkingV1beta1HTTPIngressPath(
109+ path="/",
110+ backend=kubernetes.client.NetworkingV1beta1IngressBackend(
111+ service_port=80,
112+ service_name="gunicorn-service",
113+ ),
114+ )
115+ ]
116+ ),
117+ )
118+ ],
119+ tls=kubernetes.client.NetworkingV1beta1IngressTLS(
120+ hosts=["foo.internal"],
121+ secret_name="gunicorn_tls",
122+ ),
123+ ),
124+ )
125+ self.harness.update_config({"tls_secret_name": "gunicorn_tls"})
126+ self.assertEqual(self.harness.charm._get_k8s_ingress(), expected)
127
128 def test_get_k8s_service(self):
129 """Test getting our definition of a k8s service."""

Subscribers

People subscribed via source and target branches

to all changes: