From e3da5a50e459e911e7bb0da81c734a52fb156982 Mon Sep 17 00:00:00 2001 From: okozachenko Date: Mon, 18 May 2020 16:25:07 +0300 Subject: [PATCH] Add tls,and enable multi hosts in horizon ingress Aassuming the usge of nginx ingress controller, cert-manager and letsencrypt clusterissuer. Multi hosts are based on the same backend service. Change-Id: Ia4c02847afa380a234fa738d467ddbd011270100 --- .../samples/dashboard_v1alpha1_horizon.yaml | 3 ++- .../templates/horizon/ingress.yml.j2 | 26 +++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/config/samples/dashboard_v1alpha1_horizon.yaml b/config/samples/dashboard_v1alpha1_horizon.yaml index 33a12120..e84cd92a 100644 --- a/config/samples/dashboard_v1alpha1_horizon.yaml +++ b/config/samples/dashboard_v1alpha1_horizon.yaml @@ -6,4 +6,5 @@ metadata: prometheus: helm spec: ingress: - host: "horizon.vexxhost.com" \ No newline at end of file + - host: "horizon1.vexxhost.com" + - host: "horizon2.vexxhost.com" \ No newline at end of file diff --git a/openstack_operator/templates/horizon/ingress.yml.j2 b/openstack_operator/templates/horizon/ingress.yml.j2 index 9f0a13a7..e275781e 100644 --- a/openstack_operator/templates/horizon/ingress.yml.j2 +++ b/openstack_operator/templates/horizon/ingress.yml.j2 @@ -18,7 +18,11 @@ kind: Ingress metadata: name: horizon namespace: openstack + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" + cert-manager.k8s.io/cluster-issuer: "letsencrypt-prod" spec: +{% if spec.ingress.host is defined %} rules: - host: {{ spec.ingress.host }} http: @@ -27,3 +31,25 @@ spec: backend: serviceName: horizon servicePort: 80 + tls: + - hosts: + - {{ spec.ingress.host }} + secretName: horizon-tls +{% else %} + rules: + {% for v in spec.ingress %} + - host: {{ v.host }} + http: + paths: + - path: / + backend: + serviceName: horizon + servicePort: 80 + {% endfor %} + tls: + - hosts: + {% for v in spec.ingress %} + - {{ v.host }} + {% endfor %} + secretName: horizon-tls +{% endif %} \ No newline at end of file