Add Ingress feature config options

charms/worker/k8s/charmcraft.yaml

@@ -213,6 +213,25 @@ config:
       default: true
       description: |
         Enables or disables the network feature.
+    ingress-enabled:
+      type: boolean
+      default: false
+      description: |
+        Determines if the ingress feature should be enabled.
+    ingress-default-tls-secret:
+      type: string
+      default: ""
+      description: |
+        Sets the name of the kubernetes secret to be used for providing default encryption to
+        ingresses.
+        This secret should be in the `kube-system` namespace.
+        Ingresses can specify another TLS secret in their resource definitions,
+        in which case the default secret won't be used.
+    ingress-enable-proxy-protocol:
+      type: boolean
+      default: false
+      description: |
+        Determines if the proxy protocol should be enabled for ingresses.
     node-labels:
       default: ""
       type: string

charms/worker/k8s/src/charm.py

@@ -41,6 +41,7 @@
     CreateClusterRequest,
     DNSConfig,
     GatewayConfig,
+    IngressConfig,
     InvalidResponseError,
     JoinClusterRequest,
     K8sdAPIManager,
@@ -427,6 +428,12 @@ def _assemble_cluster_config(self) -> UserFacingClusterConfig:
             enabled=self.config.get("network-enabled"),
         )
 
+        ingress = IngressConfig(
+            enabled=self.config.get("ingress-enabled"),
+            default_tls_secret=self.config.get("ingress-default-tls-secret"),
+            enable_proxy_protocol=self.config.get("ingress-enable-proxy-protocol"),
+        )
+
         cloud_provider = None
         if self.xcp.has_xcp:
             cloud_provider = "external"
@@ -435,6 +442,7 @@ def _assemble_cluster_config(self) -> UserFacingClusterConfig:
             local_storage=local_storage,
             gateway=gateway,
             network=network,
+            ingress=ingress,
             annotations=self._get_valid_annotations(),
             cloud_provider=cloud_provider,
         )

charms/worker/k8s/tests/unit/test_config_options.py

@@ -50,3 +50,28 @@ def test_configure_network_options(harness):
     harness.update_config({"network-enabled": True})
     ufcg = harness.charm._assemble_cluster_config()
     assert ufcg.network.enabled, "Network should be enabled"
+
+
+def test_configure_ingress_options(harness):
+    """Test configuring the ingress options.
+
+    Args:
+        harness: the harness under test
+    """
+    if harness.charm.is_worker:
+        pytest.skip("Not applicable on workers")
+
+    harness.disable_hooks()
+
+    enabled = True
+    proxy_protocol_enabled = True
+    default_tls_secret = "my-secret"
+
+    harness.update_config({"ingress-enabled": enabled})
+    harness.update_config({"ingress-enable-proxy-protocol": proxy_protocol_enabled})
+    harness.update_config({"ingress-default-tls-secret": default_tls_secret})
+
+    ufcg = harness.charm._assemble_cluster_config()
+    assert ufcg.ingress.enabled == enabled
+    assert ufcg.ingress.enable_proxy_protocol == proxy_protocol_enabled
+    assert ufcg.ingress.default_tls_secret == default_tls_secret