Azure
/
AKS-Construction
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Nginx Ingress Profile (#380) 

* initialcut

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* formatting

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* removing externaldns for war

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* reframed war ingress

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* remove dns and reorder

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* reformatted the ingress options

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* fixed param and promoted NatGw out of preview flag

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* postdeploy check ingress on affirmitive

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

Signed-off-by: Gordonby <gordon.byers@microsoft.com>
This commit is contained in:
Gordon Byers 2022-09-13 09:49:47 +01:00 коммит произвёл GitHub
Родитель f8a4433c99
Коммит 01b666ada3
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
4 изменённых файлов: 21 добавлений и 12 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

7
bicep/main.bicep
Просмотреть файл

@ -891,6 +891,8 @@ param oidcIssuer bool = false
@description('Installs Azure Workload Identity into the cluster')
param workloadIdentity bool = false
param warIngressNginx bool = false
@description('System Pool presets are derived from the recommended system pool specs')
var systemPoolPresets = {
CostOptimised : {
@ -1096,6 +1098,11 @@ var aksProperties = union({
enabled: workloadIdentity
}
}
ingressProfile: {
webAppRouting: {
enabled: warIngressNginx
}
}
},
aksOutboundTrafficType == 'managedNATGateway' ? managedNATGatewayProfile : {},
defenderForContainers && createLaw ? azureDefenderSecurityProfile : {}

14
helper/src/components/addonsTab.js
Просмотреть файл

@ -45,17 +45,17 @@ export default function ({ tabValues, updateFn, featureFlag, invalidArray }) {
<Stack.Item align="start">
<Label required={true}>
Securely Expose your applications via Layer 7 HTTP(S) proxies (Ingress Controller)
Ingress Controllers: Securely expose your applications via Layer 7 HTTP(S) proxies
</Label>
<ChoiceGroup
styles={{ root: { marginLeft: '50px' } }}
selectedKey={addons.ingress}
options={[
{ key: 'none', text: 'No, I do not need a Layer7 proxy, or I will configure my own solution' },
{ key: 'appgw', text: 'Yes, I want a Azure Managed Application Gateway with WAF protection' },
{ key: 'contour', text: 'Yes, deploy contour in the cluster to expose my apps to the internet (https://projectcontour.io/)' },
{ key: 'nginx', text: 'Yes, deploy nginx in the cluster to expose my apps to the internet (nginx ingress controller)' }
{ key: 'none', text: 'Not required' },
{ key: 'appgw', text: 'Azure Application Gateway Ingress Controller add-on (https://azure.github.io/application-gateway-kubernetes-ingress)' },
{ key: 'warNginx', text: 'AKS Web App Routing Solution, simple Nginx Ingress Controller (https://docs.microsoft.com/en-us/azure/aks/web-app-routing *preview)' },
{ key: 'contour', text: 'Contour (https://projectcontour.io/)' },
{ key: 'nginx', text: 'Nginx ingress controller' }
]}
onChange={(ev, { key }) => updateFn("ingress", key)}
/>
@ -165,7 +165,6 @@ export default function ({ tabValues, updateFn, featureFlag, invalidArray }) {
<MessageBar messageBarType={MessageBarType.warning}>If using a Public DNS Zone, you need to own a custom domain, you can easily purchase a custom domain through Azure <Link target="_t1" href="https://docs.microsoft.com/en-us/azure/app-service/manage-custom-dns-buy-domain"> <b>details here</b></Link></MessageBar>
<TextField value={addons.dnsZoneId} onChange={(ev, v) => updateFn("dnsZoneId", v)} errorMessage={getError(invalidArray, 'dnsZoneId')} required placeholder="Resource Id" label={<Text style={{ fontWeight: 600 }}>Enter your Public or Private Azure DNS Zone ResourceId <Link target="_t2" href="https://ms.portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Network%2FdnsZones">find it here</Link></Text>} />
<Checkbox inputProps={{ "data-testid": "addons-certMan"}} disabled={hasError(invalidArray, 'dnsZoneId')} checked={addons.certMan} onChange={(ev, v) => updateFn("certMan", v)} label="Automatically Issue Certificates for HTTPS using cert-manager (with Lets Encrypt - requires email" />
{addons.certMan &&
<TextField value={addons.certEmail} onChange={(ev, v) => updateFn("certEmail", v)} errorMessage={getError(invalidArray, 'certEmail') ? "Enter valid email" : ''} label="Enter mail address for certificate notification:" required />
@ -205,7 +204,6 @@ export default function ({ tabValues, updateFn, featureFlag, invalidArray }) {
<MessageBar messageBarType={MessageBarType.warning}>This will expose your your grafana dashboards to the internet, please login and change the default credentials asap (admin/prom-operator)</MessageBar>
<Checkbox styles={{ root: { marginTop: '10px'}}} checked={addons.enableMonitorIngress} onChange={(ev, v) => updateFn("enableMonitorIngress", v)} label={`Enable Public Ingress for Grafana (https://grafana.${addons.dnsZoneId && addons.dnsZoneId.split('/')[8]})`} />
</Stack.Item>
}
{ addons.monitor === "aci" &&

11
helper/src/components/deployTab.js
Просмотреть файл

@ -85,6 +85,9 @@ export default function DeployTab({ defaults, updateFn, tabValues, invalidArray,
...(addons.appgwKVIntegration && addons.csisecret === 'akvNew' && { appgwKVIntegration: true })
})
}),
...(net.vnet_opt === "byo" && {
...(net.aksOutboundTrafficType !== defaults.net.aksOutboundTrafficType && {aksOutboundTrafficType: net.aksOutboundTrafficType})
}),
...(addons.csisecret !== "none" && { keyVaultAksCSI: true }),
...(addons.csisecret === 'akvNew' && { keyVaultCreate: true, ...(deploy.kvCertSecretRole && { keyVaultOfficerRolePrincipalId: "$(az ad signed-in-user show --query id --out tsv)"}) }),
...(addons.csisecret !== "none" && addons.keyVaultAksCSIPollInterval !== defaults.addons.keyVaultAksCSIPollInterval && { keyVaultAksCSIPollInterval: addons.keyVaultAksCSIPollInterval }),
@ -105,15 +108,15 @@ export default function DeployTab({ defaults, updateFn, tabValues, invalidArray,
...(net.natGwIpCount !== defaults.net.natGwIpCount && {natGwIpCount: net.natGwIpCount}),
...(net.natGwIdleTimeout !== defaults.net.natGwIdleTimeout && {natGwIdleTimeout: net.natGwIdleTimeout})
}),
...(net.vnet_opt === "byo" && {
...(net.aksOutboundTrafficType !== defaults.net.aksOutboundTrafficType && {aksOutboundTrafficType: net.aksOutboundTrafficType})
}),
...(net.vnet_opt === "custom" && net.vnetprivateend && {
...(addons.registry !== "none" && {
...(addons.acrPrivatePool !== defaults.addons.acrPrivatePool && {acrPrivatePool: addons.acrPrivatePool}),
...(addons.acrPrivatePool && defaults.net.acrAgentPoolSubnetAddressPrefix !== net.acrAgentPoolSubnetAddressPrefix && {acrAgentPoolSubnetAddressPrefix: net.acrAgentPoolSubnetAddressPrefix})
})
}),
...(addons.ingress === "warNginx" && {
...(addons.ingress !== defaults.addons.ingress && {warIngressNginx: true})
}),
...(defaults.addons.kedaAddon !== addons.kedaAddon && {kedaAddon: addons.kedaAddon }),
...(defaults.addons.workloadIdentity !== addons.workloadIdentity && {workloadIdentity: addons.workloadIdentity }),
...(urlParams.getAll('feature').includes('defender') && cluster.DefenderForContainers !== defaults.cluster.DefenderForContainers && { DefenderForContainers: cluster.DefenderForContainers })
@ -142,7 +145,7 @@ export default function DeployTab({ defaults, updateFn, tabValues, invalidArray,
}),
...(addons.monitor === "oss" && {
monitor: addons.monitor,
...(addons.ingress !== "none" && {
...(addons.ingress === "appgw" || addons.ingress === "contour" || addons.ingress === "nginx" && {
ingress: addons.ingress,
...(addons.enableMonitorIngress && { enableMonitorIngress: addons.enableMonitorIngress})
})

1
helper/src/config.json
Просмотреть файл

@ -50,6 +50,7 @@
"DefenderForContainers" : false
},
"addons": {
"warIngressNginx": false,
"daprAddon": false,
"daprAddonHA": false,
"fluxGitOpsAddon": false,