add tls support for the ingress

pluralsh · Oct 27, 2022 · f367c53 · f367c53
1 parent a694945
commit f367c53
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 0 deletions.
diff --git a/apis/dash/v1alpha1/dashapplication_types.go b/apis/dash/v1alpha1/dashapplication_types.go
@@ -84,6 +84,22 @@ type Ingress struct {
 	// when using PathType with value "Exact" or "Prefix".
 	// +optional
 	Path string `json:"path,omitempty"`
+	// TLS configuration.
+	// +optional
+	TLS *IngressTLS `json:"tls,omitempty"`
+}
+
+type IngressTLS struct {
+	// Hosts included in the TLS certificate. The values in
+	// +optional
+	Host string `json:"hosts,omitempty"`
+	// SecretName is the name of the secret used to terminate TLS traffic on
+	// port 443. Field is left optional to allow TLS routing based on SNI
+	// hostname alone. If the SNI host in a listener conflicts with the "Host"
+	// header field used by an IngressRule, the SNI host is used for termination
+	// and value of the Host header is used for routing.
+	// +optional
+	SecretName string `json:"secretName,omitempty" protobuf:"bytes,2,opt,name=secretName"`
 }
 
 type DashApplicationStatus struct {

diff --git a/apis/dash/v1alpha1/zz_generated.deepcopy.go b/apis/dash/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/dash.plural.sh_dashapplications.yaml b/config/crd/bases/dash.plural.sh_dashapplications.yaml
@@ -116,6 +116,22 @@ spec:
                       with a '/' and must be present when using PathType with value
                       "Exact" or "Prefix".
                     type: string
+                  tls:
+                    description: TLS configuration.
+                    properties:
+                      hosts:
+                        description: Hosts included in the TLS certificate. The values
+                          in
+                        type: string
+                      secretName:
+                        description: SecretName is the name of the secret used to
+                          terminate TLS traffic on port 443. Field is left optional
+                          to allow TLS routing based on SNI hostname alone. If the
+                          SNI host in a listener conflicts with the "Host" header
+                          field used by an IngressRule, the SNI host is used for termination
+                          and value of the Host header is used for routing.
+                        type: string
+                    type: object
                 type: object
               labels:
                 additionalProperties:

diff --git a/pkg/controller/dash_controller.go b/pkg/controller/dash_controller.go
@@ -162,6 +162,14 @@ func genIngress(dashApp *dashv1alpha1.DashApplication) *networkingv1.Ingress {
 			},
 		},
 	}
+	if dashApp.Spec.Ingress.TLS != nil {
+		ingress.Spec.TLS = []networkingv1.IngressTLS{
+			{
+				Hosts:      []string{dashApp.Spec.Ingress.TLS.Host},
+				SecretName: dashApp.Spec.Ingress.TLS.SecretName,
+			},
+		}
+	}
 
 	return ingress
 }