Skip to content

Commit bb124fa

Browse files
committed
support ingress annotations for dynamic enable/disable
1 parent 8678b3e commit bb124fa

File tree

6 files changed

+88
-0
lines changed

6 files changed

+88
-0
lines changed

CHANGELOG.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,9 @@
1+
# v0.3.0
2+
3+
Released 2020-05-21
4+
5+
- introduce annotations on ingresses to support fine-grained control over creating respective DNS/HAProxy assets
6+
17
# v0.2.0
28

39
Released 2020-04-11

README.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,10 @@ and `haproxy-ingress-proxy.pfsense.org/backend` to respectively set the frontend
8181
enabled: true
8282
ingressLabelSelector:
8383
ingressFieldSelector:
84+
# works in conjunction with the ingress annotation 'haproxy-ingress.proxy.pfsense.org/enabled'
85+
# if defaultEnabled is empty or true, you can disable specific ingresses by setting the annotation to false
86+
# if defaultEnabled is false, you can enable specific ingresses by setting the annotation to true
87+
defaultEnabled: true
8488
defaultFrontend: http-80
8589
defaultBackend: traefik
8690
#allowedHostRegex: "/.*/"
@@ -119,6 +123,10 @@ support from the ingress controller to set IPs on the ingress resources.
119123
enabled: true
120124
ingressLabelSelector:
121125
ingressFieldSelector:
126+
# works in conjunction with the ingress annotation 'dns.pfsense.org/enabled'
127+
# if defaultEnabled is empty or true, you can disable specific ingresses by setting the annotation to false
128+
# if defaultEnabled is false, you can enable specific ingresses by setting the annotation to true
129+
defaultEnabled: true
122130
#allowedHostRegex: "/.*/"
123131
dnsBackends:
124132
dnsmasq:
@@ -138,6 +146,7 @@ sure the static `hostname` created in your DNS service of choice points to the/a
138146
```yaml
139147
pfsense-dns-haproxy-ingress-proxy:
140148
enabled: true
149+
# NOTE: this regex is in *addition* to the regex applied to the haproxy-ingress-proxy plugin
141150
#allowedHostRegex: "/.*/"
142151
dnsBackends:
143152
dnsmasq:

deploy/config.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,10 @@ data:
3535
enabled: true
3636
ingressLabelSelector:
3737
ingressFieldSelector:
38+
# works in conjunction with the ingress annotation 'haproxy-ingress.proxy.pfsense.org/enabled'
39+
# if defaultEnabled is empty or true, you can disable specific ingresses by setting the annotation to false
40+
# if defaultEnabled is false, you can enable specific ingresses by setting the annotation to true
41+
defaultEnabled: true
3842
defaultFrontend: http-80
3943
defaultBackend: traefik
4044
# by default anything is allowed
@@ -53,6 +57,10 @@ data:
5357
enabled: true
5458
ingressLabelSelector:
5559
ingressFieldSelector:
60+
# works in conjunction with the ingress annotation 'dns.pfsense.org/enabled'
61+
# if defaultEnabled is empty or true, you can disable specific ingresses by setting the annotation to false
62+
# if defaultEnabled is false, you can enable specific ingresses by setting the annotation to true
63+
defaultEnabled: true
5664
#allowedHostRegex: "/.*/"
5765
dnsBackends:
5866
dnsmasq:

src/KubernetesPfSenseController/Plugin/DNSHAProxyIngressProxy.php

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,10 @@ public function init()
4444
$ingressResourceWatchPath = '/apis/extensions/v1beta1/watch/ingresses';
4545
}
4646

47+
$storeNamespace = $controller->getStoreNamespace();
48+
$storeName = $controller->getStoreName();
49+
$configMapResourceWatchPath = "/api/v1/watch/namespaces/${storeNamespace}/configmaps/${storeName}";
50+
4751
// initial load of ingresses
4852
$params = [];
4953
$ingresses = $controller->getKubernetesClient()->createList($ingressResourcePath, $params)->get();
@@ -60,6 +64,14 @@ public function init()
6064
$watch = $controller->getKubernetesClient()->createWatch($ingressResourceWatchPath, $params, $this->getWatchCallback('ingresses', $options));
6165
$this->addWatch($watch);
6266

67+
$this->state['controller_store'] = [];
68+
$options = [
69+
'trigger' => false,
70+
'log' => true
71+
];
72+
$watch = $controller->getKubernetesClient()->createWatch($configMapResourceWatchPath, [], $this->getWatchCallback('controller_store', $options));
73+
$this->addWatch($watch);
74+
6375
$this->generateHash();
6476
$this->delayedAction();
6577
}

src/KubernetesPfSenseController/Plugin/DNSIngresses.php

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,11 @@ class DNSIngresses extends PfSenseAbstract
1313
*/
1414
const PLUGIN_ID = 'pfsense-dns-ingresses';
1515

16+
/**
17+
* Annotation to override default enabled
18+
*/
19+
const ENABLED_ANNOTATION_NAME = 'dns.pfsense.org/enabled';
20+
1621
use CommonTrait;
1722
use DNSResourceTrait;
1823

@@ -97,6 +102,28 @@ public function getSettleTime()
97102
*/
98103
public function buildResourceHosts(&$resourceHosts, $ingress)
99104
{
105+
$pluginConfig = $this->getConfig();
106+
if (KubernetesUtils::getResourceAnnotationExists($ingress, self::ENABLED_ANNOTATION_NAME)) {
107+
$ingressDnsEnabledAnnotationValue = KubernetesUtils::getResourceAnnotationValue($ingress, self::ENABLED_ANNOTATION_NAME);
108+
$ingressDnsEnabledAnnotationValue = strtolower($ingressDnsEnabledAnnotationValue);
109+
110+
if (in_array($ingressDnsEnabledAnnotationValue, ["true", "1"])) {
111+
$ingressDnsEnabled = true;
112+
} else {
113+
$ingressDnsEnabled = false;
114+
}
115+
} else {
116+
if (key_exists('defaultEnabled', $pluginConfig)) {
117+
$ingressDnsEnabled = (bool) $pluginConfig['defaultEnabled'];
118+
} else {
119+
$ingressDnsEnabled = true;
120+
}
121+
}
122+
123+
if (!$ingressDnsEnabled) {
124+
return;
125+
}
126+
100127
$ip = KubernetesUtils::getIngressIp($ingress);
101128
if (empty($ip)) {
102129
return;

src/KubernetesPfSenseController/Plugin/HAProxyIngressProxy.php

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,11 @@ class HAProxyIngressProxy extends PfSenseAbstract
3838
*/
3939
const BACKEND_ANNOTATION_NAME = 'haproxy-ingress-proxy.pfsense.org/backend';
4040

41+
/**
42+
* Annotation to override default enabled
43+
*/
44+
const ENABLED_ANNOTATION_NAME = 'haproxy-ingress-proxy.pfsense.org/enabled';
45+
4146
use CommonTrait;
4247

4348
/**
@@ -132,6 +137,27 @@ public function doAction()
132137
$ingressName = $item['metadata']['name'];
133138
$frontendName = $this->getController()->getControllerId().'-'.$ingressNamespace.'-'.$ingressName;
134139

140+
if (KubernetesUtils::getResourceAnnotationExists($item, self::ENABLED_ANNOTATION_NAME)) {
141+
$ingressProxyEnabledAnnotationValue = KubernetesUtils::getResourceAnnotationValue($item, self::ENABLED_ANNOTATION_NAME);
142+
$ingressProxyEnabledAnnotationValue = strtolower($ingressProxyEnabledAnnotationValue);
143+
144+
if (in_array($ingressProxyEnabledAnnotationValue, ["true", "1"])) {
145+
$ingressProxyEnabled = true;
146+
} else {
147+
$ingressProxyEnabled = false;
148+
}
149+
} else {
150+
if (key_exists('defaultEnabled', $pluginConfig)) {
151+
$ingressProxyEnabled = (bool) $pluginConfig['defaultEnabled'];
152+
} else {
153+
$ingressProxyEnabled = true;
154+
}
155+
}
156+
157+
if (!$ingressProxyEnabled) {
158+
continue;
159+
}
160+
135161
if (KubernetesUtils::getResourceAnnotationExists($item, self::FRONTEND_ANNOTATION_NAME)) {
136162
$sharedFrontendName = KubernetesUtils::getResourceAnnotationValue($item, self::FRONTEND_ANNOTATION_NAME);
137163
} else {

0 commit comments

Comments
 (0)