appuio / component-openshift4-ingress Goto Github PK
View Code? Open in Web Editor NEWCommodore component to manage Ingress Controllers on OpenShift 4
License: BSD 3-Clause "New" or "Revised" License
Commodore component to manage Ingress Controllers on OpenShift 4
License: BSD 3-Clause "New" or "Revised" License
The property defaultCertificate
of an ingress takes the name of a Secret containing the certificate can key to be used by default. As of now, the component does not allow to manage those secretes. The component should allow to configure those secrets. It should also support to use cert-manager
to create those secrets.
openshift4_ingress:
ingressControllers:
default:
defaultCertificate:
name: ingress-default-cert
example.com:
defaultCertificate:
name: ingress-example-com-cert
secrets:
ingress-example-com-cert:
stringData:
tls.crt: ?{vaultkv:${cluster:tenant}/${cluster:name}/whildcard-example-com/cert}
tls.key: ?{vaultkv:${cluster:tenant}/${cluster:name}/whildcard-example-com/key}
cert_manager_certs:
ingress-default-cert:
… # Spec of cert-manager.io/v1/Certificate
Reuse keys in cert_manager_certs
as values for spec.secretName
of the created Certificate
resource by default, but allow users to override that field from the hierarchy, if they really want.
🤷🏼
If the certificate chain openshift4-ingress/wildcard-certificate/cert does not contain a newline, the deployment on the OpenShift 4 cluster fails, because chain and key are concatenated -----END CERTIFICATE----------BEGIN PRIVATE KEY-----
,.
-----END CERTIFICATE-----
secrets:
customer-apps-tls:
stringData:
tls.crt: ?{vaultkv:${cluster:tenant}/${cluster:name}/openshift4-ingress/wildcard-certificate/cert}
oc -n openshift-ingress get secret router-apps-tls -o jsonpath="{.data.tls\.crt}" | base64 -d
oc -n openshift-authentication get secret v4-0-config-system-router-certs -o jsonpath="{.data.apps\.cluster\.domain\.ch}" | base64 -d | grep "BEGIN PRIVATE KEY"
Without a newline this result in -----END CERTIFICATE----------BEGIN PRIVATE KEY-----
, which causes several base components not starting or even crashing.
The component must either check for a newline at the end of the injected certificate chain and add one if not there.
Or potentially just add always a newline to the chain (untested).
Test the certificate chain ahead could be an other solution to it, but would potentially cause downtime.
It's not acceptable that the user has to check for a newline, because it is high likely this is happening very often and we can't ensure component users read the documentation at such low level.
In projectsyn/commodore#192, some parameter values were deprecated. This component is affected by this change and needs to adapt. See the commodore change log for the details.
In order to enable HTTP/2 on an Ingress Controller, an annotation has to be added to it [1]. This should be supported by the component.
Manually managing an HTTP/2 Ingress Controller or manually enabling HTTP/2 cluster-wide:
oc annotate ingresses.config/cluster ingress.operator.openshift.io/default-enable-http2=true
The component currently uses resource-locker.libjsonnet
in
component-openshift4-ingress/component/main.jsonnet
Lines 22 to 28 in a186197
We should verify whether this patch is still required, and update it to use patch-operator.libsonnet
directly if it is still needed.
This issue provides visibility into Renovate updates and their statuses. Learn more
This repository currently has no open or pending branches.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.