From a9e8e5fa54b89c1440727a7ecfdab9591b14e742 Mon Sep 17 00:00:00 2001 From: "Homayoon (Hue) Alimohammadi" Date: Fri, 22 Nov 2024 12:11:03 +0400 Subject: [PATCH] Add Ingress feature config options --- charms/worker/k8s/charmcraft.yaml | 19 ++++++++++++++ charms/worker/k8s/src/charm.py | 8 ++++++ .../k8s/tests/unit/test_config_options.py | 25 +++++++++++++++++++ 3 files changed, 52 insertions(+) diff --git a/charms/worker/k8s/charmcraft.yaml b/charms/worker/k8s/charmcraft.yaml index 72b2b452..1adf33a7 100644 --- a/charms/worker/k8s/charmcraft.yaml +++ b/charms/worker/k8s/charmcraft.yaml @@ -213,6 +213,25 @@ config: default: true description: | Enables or disables the network feature. + ingress-enabled: + type: boolean + default: false + description: | + Determines if the ingress feature should be enabled. + ingress-default-tls-secret: + type: string + default: "" + description: | + Sets the name of the kubernetes secret to be used for providing default encryption to + ingresses. + This secret should be in the `kube-system` namespace. + Ingresses can specify another TLS secret in their resource definitions, + in which case the default secret won't be used. + ingress-enable-proxy-protocol: + type: boolean + default: false + description: | + Determines if the proxy protocol should be enabled for ingresses. node-labels: default: "" type: string diff --git a/charms/worker/k8s/src/charm.py b/charms/worker/k8s/src/charm.py index 95fa9950..c41e8c4b 100755 --- a/charms/worker/k8s/src/charm.py +++ b/charms/worker/k8s/src/charm.py @@ -41,6 +41,7 @@ CreateClusterRequest, DNSConfig, GatewayConfig, + IngressConfig, InvalidResponseError, JoinClusterRequest, K8sdAPIManager, @@ -427,6 +428,12 @@ def _assemble_cluster_config(self) -> UserFacingClusterConfig: enabled=self.config.get("network-enabled"), ) + ingress = IngressConfig( + enabled=self.config.get("ingress-enabled"), + default_tls_secret=self.config.get("ingress-default-tls-secret"), + enable_proxy_protocol=self.config.get("ingress-enable-proxy-protocol"), + ) + cloud_provider = None if self.xcp.has_xcp: cloud_provider = "external" @@ -435,6 +442,7 @@ def _assemble_cluster_config(self) -> UserFacingClusterConfig: local_storage=local_storage, gateway=gateway, network=network, + ingress=ingress, annotations=self._get_valid_annotations(), cloud_provider=cloud_provider, ) diff --git a/charms/worker/k8s/tests/unit/test_config_options.py b/charms/worker/k8s/tests/unit/test_config_options.py index 13bb4f49..6470b4b8 100644 --- a/charms/worker/k8s/tests/unit/test_config_options.py +++ b/charms/worker/k8s/tests/unit/test_config_options.py @@ -50,3 +50,28 @@ def test_configure_network_options(harness): harness.update_config({"network-enabled": True}) ufcg = harness.charm._assemble_cluster_config() assert ufcg.network.enabled, "Network should be enabled" + + +def test_configure_ingress_options(harness): + """Test configuring the ingress options. + + Args: + harness: the harness under test + """ + if harness.charm.is_worker: + pytest.skip("Not applicable on workers") + + harness.disable_hooks() + + enabled = True + proxy_protocol_enabled = True + default_tls_secret = "my-secret" + + harness.update_config({"ingress-enabled": enabled}) + harness.update_config({"ingress-enable-proxy-protocol": proxy_protocol_enabled}) + harness.update_config({"ingress-default-tls-secret": default_tls_secret}) + + ufcg = harness.charm._assemble_cluster_config() + assert ufcg.ingress.enabled == enabled + assert ufcg.ingress.enable_proxy_protocol == proxy_protocol_enabled + assert ufcg.ingress.default_tls_secret == default_tls_secret