Skip to content

Commit

Permalink
Merge pull request #7114 from zalando-incubator/ingress/cert-enable-t…
Browse files Browse the repository at this point in the history
…ag-filter

feature: ingress enable cert tag filter [1/2]
  • Loading branch information
szuecs authored Mar 5, 2024
2 parents 744d80f + 9f6dd25 commit a949907
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 1 deletion.
5 changes: 4 additions & 1 deletion cluster/cluster.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1141,6 +1141,9 @@ Resources:
- Action: 'acm:DescribeCertificate'
Effect: Allow
Resource: '*'
- Action: 'acm:ListTagsForCertificate'
Effect: Allow
Resource: '*'
- Action: 'autoscaling:DescribeAutoScalingGroups'
Effect: Allow
Resource: '*'
Expand Down Expand Up @@ -1224,7 +1227,7 @@ Resources:
RoleName: "{{.Cluster.LocalID}}-app-ingr-ctrl"
Type: 'AWS::IAM::Role'
{{ if eq .Cluster.ConfigItems.skipper_open_policy_agent_enabled "true" }}
# Note: this is not strictly specific to Open Policy Agent and can be extend
# Note: this is not strictly specific to Open Policy Agent and can be extend
# if Skipper Ingress needs to access other AWS resources
SkipperIngressIAMRole:
Properties:
Expand Down
6 changes: 6 additions & 0 deletions cluster/config-defaults.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,12 @@ kube_aws_ingress_controller_nlb_cross_zone: "true"
kube_aws_ingress_controller_cert_polling_interval: "2m"
# sets the default LB type: "network" or "application" are valid choices (overwritten by nlb_switch)
kube_aws_ingress_default_lb_type: "application"
# cert filter
{{if eq .Cluster.Environment "production"}}
kube_aws_ingress_controller_cert_filter_tag: ""
{{else}}
kube_aws_ingress_controller_cert_filter_tag: "kubernetes=enabled"
{{end}}

# ALB to NLB switch
# "pre":
Expand Down
3 changes: 3 additions & 0 deletions cluster/manifests/ingress-controller/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,9 @@ spec:
- --load-balancer-type={{ .Cluster.ConfigItems.kube_aws_ingress_default_lb_type }}
# {{ end }}
- --cert-polling-interval={{ .Cluster.ConfigItems.kube_aws_ingress_controller_cert_polling_interval }}
# {{ if .Cluster.ConfigItems.kube_aws_ingress_controller_cert_filter_tag }}
- --cert-filter-tag={{ .Cluster.ConfigItems.kube_aws_ingress_controller_cert_filter_tag }}
# {{ end }}
env:
- name: CUSTOM_FILTERS
value: "tag:kubernetes.io/cluster/{{ .Cluster.ID }}=owned tag:node.kubernetes.io/role=worker tag:zalando.org/ingress-enabled=true"
Expand Down

0 comments on commit a949907

Please sign in to comment.