-
Notifications
You must be signed in to change notification settings - Fork 162
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent by default ingress hostname collision #218
Comments
@bsctl, and can we limit this check to be only across different tenants\namespaces? On ingress-nginx, it's a quite common situation, when you had to create 2 ingresses with the same host and different paths. For example, if we had an application deployed, and we want to apply whitelists only for a single path, for example to make ---
kind: Ingress
metadata:
name: main
namespace: myns
spec:
rules:
- host: oil.corp.com
http:
paths:
- backend:
serviceName: net-oil
servicePort: http
path: /
---
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/whitelist-source-range: 192.168.0.0/16
name: admin
namespace: myns
spec:
rules:
- host: oil.corp.com
http:
paths:
- backend:
serviceName: net-oil
servicePort: http
path: /admin And there are a lot of cases like this, as the only way to work with |
@MaxFedotov that'a good point.
|
@prometherion @MaxFedotov one more reason we should go to #51 |
We can close this, already fixed with #269. However, this is interesting:
The first option is already put in place by the CRD key The latter ones can be easily implemented at the Tenant level: WDYT? |
Describe the feature
Currently it is possible to create multiple ingresses with same ingress hostname across different tenants and within the same tenant as well.
What would the new user story look like?
A new CLI flag
--allow-ingress-hostname-collision
is added, defaulted tofalse
since this seems the most common case. Capsule will check if the Ingress hostname is already assigned to another ingress across different tenants and within the same tenant as well.The check happens only in the Namespace resources managed by Capsule.
Expected behavior
A configurable way to avoid ingress hostname collision
The text was updated successfully, but these errors were encountered: