Add ingress

Author: MathieuCesbron

api/v1/immudb_types.go

@@ -18,6 +18,7 @@ package v1
 
 import (
 	corev1 "k8s.io/api/core/v1"
+	knetworkingv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -46,6 +47,9 @@ type ImmudbSpec struct {
 
 	// +kubebuilder:validation:Required
 	Volume ImmudbVolumeSpec `json:"volume"`
+
+	// +kubebuilder:validation:Required
+	Ingress ImmudbIngressSpec `json:"ingress"`
 }
 
 type ImmudbVolumeSpec struct {
@@ -60,6 +64,21 @@ type ImmudbVolumeSpec struct {
 	Size string `json:"size"`
 }
 
+type ImmudbIngressSpec struct {
+	// +kubebuilder:validation:Required
+	Enabled bool `json:"enabled"`
+
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default=nginx
+	IngressClassName *string `json:"ingressClassName"`
+
+	// +kubebuilder:validation:Optional
+	TLS []knetworkingv1.IngressTLS `json:"tls"`
+
+	// +kubebuilder:validation:Optional
+	Host string `json:"host"`
+}
+
 // ImmudbStatus defines the observed state of Immudb
 type ImmudbStatus struct {
 	// Important: Run "make" to regenerate code after modifying this file

api/v1/zz_generated.deepcopy.go

@@ -2,6 +2,6 @@ apiVersion: v2
 name: immudb-operator
 description: Helm chart to deploy [unagex-immudb-operator](https://github.com/unagex/immudb-operator)
 type: application
-version: 0.0.5
-appVersion: 0.0.5
+version: 0.0.6
+appVersion: 0.0.6
 home: https://github.com/unagex/immudb-operator

charts/operator/Chart.yaml

@@ -47,6 +47,44 @@ spec:
                 - Never
                 - IfNotPresent
                 type: string
+              ingress:
+                properties:
+                  enabled:
+                    type: boolean
+                  host:
+                    type: string
+                  ingressClassName:
+                    default: nginx
+                    type: string
+                  tls:
+                    items:
+                      description: IngressTLS describes the transport layer security
+                        associated with an ingress.
+                      properties:
+                        hosts:
+                          description: hosts is a list of hosts included in the TLS
+                            certificate. The values in this list must match the name/s
+                            used in the tlsSecret. Defaults to the wildcard host setting
+                            for the loadbalancer controller fulfilling this Ingress,
+                            if left unspecified.
+                          items:
+                            type: string
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        secretName:
+                          description: secretName is the name of the secret used to
+                            terminate TLS traffic on port 443. Field is left optional
+                            to allow TLS routing based on SNI hostname alone. If the
+                            SNI host in a listener conflicts with the "Host" header
+                            field used by an IngressRule, the SNI host is used for
+                            termination and value of the "Host" header is used for
+                            routing.
+                          type: string
+                      type: object
+                    type: array
+                required:
+                - enabled
+                type: object
               replicas:
                 default: 1
                 description: Number of desired immudb pods. At the moment, you can
@@ -68,6 +106,7 @@ spec:
                 - size
                 type: object
             required:
+            - ingress
             - volume
             type: object
           status:

charts/operator/templates/crds/unagex.com_immudbs.yaml

@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: oula-immudb-http
+  namespace: default
+spec:
+  rules:
+  - host: immudb-example.localhost
+    http:
+      paths:
+      - backend:
+          service:
+            name: oula-immudb-http
+            port:
+              number: 8080
+        path: /
+        pathType: Prefix
+status:
+  loadBalancer: {}

charts/operator/templates/ingress.yaml

@@ -47,6 +47,44 @@ spec:
                 - Never
                 - IfNotPresent
                 type: string
+              ingress:
+                properties:
+                  enabled:
+                    type: boolean
+                  host:
+                    type: string
+                  ingressClassName:
+                    default: nginx
+                    type: string
+                  tls:
+                    items:
+                      description: IngressTLS describes the transport layer security
+                        associated with an ingress.
+                      properties:
+                        hosts:
+                          description: hosts is a list of hosts included in the TLS
+                            certificate. The values in this list must match the name/s
+                            used in the tlsSecret. Defaults to the wildcard host setting
+                            for the loadbalancer controller fulfilling this Ingress,
+                            if left unspecified.
+                          items:
+                            type: string
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        secretName:
+                          description: secretName is the name of the secret used to
+                            terminate TLS traffic on port 443. Field is left optional
+                            to allow TLS routing based on SNI hostname alone. If the
+                            SNI host in a listener conflicts with the "Host" header
+                            field used by an IngressRule, the SNI host is used for
+                            termination and value of the "Host" header is used for
+                            routing.
+                          type: string
+                      type: object
+                    type: array
+                required:
+                - enabled
+                type: object
               replicas:
                 default: 1
                 description: Number of desired immudb pods. At the moment, you can
@@ -68,6 +106,7 @@ spec:
                 - size
                 type: object
             required:
+            - ingress
             - volume
             type: object
           status:

config/crd/bases/unagex.com_immudbs.yaml

@@ -9,3 +9,11 @@ spec:
   volume:
     # storageClassName: "standard"
     size: 1Gi
+  ingress:
+    enabled: false
+    # ingressClassName: nginx
+    # host: example.com
+    # tls: 
+    #   - hosts: 
+    #     - example.com
+    #     secretName : immudb-sample-secret

config/samples/v1_immudb.yaml

@@ -66,6 +66,11 @@ func (r *ImmudbReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr
 		return ctrl.Result{}, err
 	}
 
+	err = r.ManageIngress(ctx, immudb)
+	if err != nil {
+		return ctrl.Result{}, err
+	}
+
 	return ctrl.Result{}, nil
 }
 

internal/controller/controller.go

@@ -0,0 +1,84 @@
+package controller
+
+import (
+	"context"
+	"fmt"
+
+	unagexcomv1 "github.com/unagex/immudb-operator/api/v1"
+	"github.com/unagex/immudb-operator/internal/controller/common"
+	knetworkingv1 "k8s.io/api/networking/v1"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/utils/ptr"
+)
+
+func (r *ImmudbReconciler) ManageIngress(ctx context.Context, immudb *unagexcomv1.Immudb) error {
+	if !immudb.Spec.Ingress.Enabled {
+		return nil
+	}
+
+	sts := &knetworkingv1.Ingress{}
+	err := r.Get(ctx, types.NamespacedName{
+		Namespace: immudb.Namespace,
+		Name:      immudb.Name,
+	}, sts)
+
+	// create if ingress does not exist
+	if k8serrors.IsNotFound(err) {
+		sts := r.GetIngress(immudb)
+		err := r.Create(ctx, sts)
+		if err != nil && !k8serrors.IsAlreadyExists(err) {
+			return fmt.Errorf("error creating ingress: %w", err)
+		}
+		if err == nil {
+			r.Log.Info("ingress created")
+		}
+		return nil
+	}
+
+	if err != nil {
+		return fmt.Errorf("error getting ingress: %w", err)
+	}
+
+	return nil
+}
+
+func (r *ImmudbReconciler) GetIngress(immudb *unagexcomv1.Immudb) *knetworkingv1.Ingress {
+	ls := common.GetLabels(immudb.Name)
+	return &knetworkingv1.Ingress{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:            immudb.Name,
+			Namespace:       immudb.Namespace,
+			OwnerReferences: common.GetOwnerReferences(immudb),
+			Labels:          ls,
+		},
+		Spec: knetworkingv1.IngressSpec{
+			IngressClassName: immudb.Spec.Ingress.IngressClassName,
+			TLS:              immudb.Spec.Ingress.TLS,
+			Rules: []knetworkingv1.IngressRule{
+				{
+					Host: immudb.Spec.Ingress.Host,
+					IngressRuleValue: knetworkingv1.IngressRuleValue{
+						HTTP: &knetworkingv1.HTTPIngressRuleValue{
+							Paths: []knetworkingv1.HTTPIngressPath{
+								{
+									Path:     "/",
+									PathType: ptr.To(knetworkingv1.PathTypePrefix),
+									Backend: knetworkingv1.IngressBackend{
+										Service: &knetworkingv1.IngressServiceBackend{
+											Name: immudb.Name + "-http",
+											Port: knetworkingv1.ServiceBackendPort{
+												Name: "http",
+											},
+										},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+}