feature: ingress enable cert tag filter

Enabled for test as first step. Test certs are all tagged so nothing should happen.
It is also enabled for e2e clusters

Signed-off-by: Sandor Szücs <[email protected]>

Author: szuecs

cluster/config-defaults.yaml

@@ -46,6 +46,12 @@ kube_aws_ingress_controller_nlb_cross_zone: "true"
 kube_aws_ingress_controller_cert_polling_interval: "2m"
 # sets the default LB type: "network" or "application" are valid choices (overwritten by nlb_switch)
 kube_aws_ingress_default_lb_type: "application"
+# cert filter
+{{if eq .Cluster.Environment "production"}}
+kube_aws_ingress_controller_cert_filter_tag: ""
+{{else}}
+kube_aws_ingress_controller_cert_filter_tag: "kubernetes=enabled"
+{{end}}
 
 # ALB to NLB switch
 # "pre":

cluster/manifests/ingress-controller/deployment.yaml

@@ -56,6 +56,9 @@ spec:
             - --load-balancer-type={{ .Cluster.ConfigItems.kube_aws_ingress_default_lb_type }}
             # {{ end }}
             - --cert-polling-interval={{ .Cluster.ConfigItems.kube_aws_ingress_controller_cert_polling_interval }}
+            # {{ if .Cluster.ConfigItems.kube_aws_ingress_controller_cert_filter_tag }}
+            - --cert-filter-tag="{{ .Cluster.ConfigItems.kube_aws_ingress_controller_cert_filter_tag }}"
+            # {{ end }}
           env:
             - name: CUSTOM_FILTERS
               value: "tag:kubernetes.io/cluster/{{ .Cluster.ID }}=owned tag:node.kubernetes.io/role=worker tag:zalando.org/ingress-enabled=true"