add tls support for the ingress

test · test · commit f367c53d187f · 2022-10-27T13:49:22.000+02:00
diff --git a/apis/dash/v1alpha1/dashapplication_types.go b/apis/dash/v1alpha1/dashapplication_types.go
@@ -84,6 +84,22 @@ type Ingress struct {
 	// when using PathType with value "Exact" or "Prefix".
 	// +optional
 	Path string `json:"path,omitempty"`
+	// TLS configuration.
+	// +optional
+	TLS *IngressTLS `json:"tls,omitempty"`
+}
+
+type IngressTLS struct {
+	// Hosts included in the TLS certificate. The values in
+	// +optional
+	Host string `json:"hosts,omitempty"`
+	// SecretName is the name of the secret used to terminate TLS traffic on
+	// port 443. Field is left optional to allow TLS routing based on SNI
+	// hostname alone. If the SNI host in a listener conflicts with the "Host"
+	// header field used by an IngressRule, the SNI host is used for termination
+	// and value of the Host header is used for routing.
+	// +optional
+	SecretName string `json:"secretName,omitempty" protobuf:"bytes,2,opt,name=secretName"`
 }
 
 type DashApplicationStatus struct {
diff --git a/apis/dash/v1alpha1/zz_generated.deepcopy.go b/apis/dash/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/dash.plural.sh_dashapplications.yaml b/config/crd/bases/dash.plural.sh_dashapplications.yaml
@@ -116,6 +116,22 @@ spec:
                       with a '/' and must be present when using PathType with value
                       "Exact" or "Prefix".
                     type: string
+                  tls:
+                    description: TLS configuration.
+                    properties:
+                      hosts:
+                        description: Hosts included in the TLS certificate. The values
+                          in
+                        type: string
+                      secretName:
+                        description: SecretName is the name of the secret used to
+                          terminate TLS traffic on port 443. Field is left optional
+                          to allow TLS routing based on SNI hostname alone. If the
+                          SNI host in a listener conflicts with the "Host" header
+                          field used by an IngressRule, the SNI host is used for termination
+                          and value of the Host header is used for routing.
+                        type: string
+                    type: object
                 type: object
               labels:
                 additionalProperties:
diff --git a/pkg/controller/dash_controller.go b/pkg/controller/dash_controller.go
@@ -162,6 +162,14 @@ func genIngress(dashApp *dashv1alpha1.DashApplication) *networkingv1.Ingress {
 			},
 		},
 	}
+	if dashApp.Spec.Ingress.TLS != nil {
+		ingress.Spec.TLS = []networkingv1.IngressTLS{
+			{
+				Hosts:      []string{dashApp.Spec.Ingress.TLS.Host},
+				SecretName: dashApp.Spec.Ingress.TLS.SecretName,
+			},
+		}
+	}
 
 	return ingress
 }

Original file line number	Diff line number	Diff line change
`@@ -162,6 +162,14 @@ func genIngress(dashApp dashv1alpha1.DashApplication) networkingv1.Ingress {`
`162`	`162`	`},`
`163`	`163`	`},`
`164`	`164`	`}`
	`165`	`+ if dashApp.Spec.Ingress.TLS != nil {`
	`166`	`+ ingress.Spec.TLS = []networkingv1.IngressTLS{`
	`167`	`+ {`
	`168`	`+ Hosts: []string{dashApp.Spec.Ingress.TLS.Host},`
	`169`	`+ SecretName: dashApp.Spec.Ingress.TLS.SecretName,`
	`170`	`+ },`
	`171`	`+ }`
	`172`	`+ }`
`165`	`173`
`166`	`174`	`return ingress`
`167`	`175`	`}`