From 267e297ecaae07ef16adb40866646a70108b08e2 Mon Sep 17 00:00:00 2001 From: Khaled Elkhawaga Date: Fri, 11 Oct 2019 00:50:52 +0200 Subject: [PATCH 1/2] add variable to set tls secret for kubernetes ingress Signed-off-by: Khaled Elkhawaga --- installer/inventory | 1 + installer/roles/kubernetes/templates/deployment.yml.j2 | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/installer/inventory b/installer/inventory index 39e8b6b433..4f056499e5 100644 --- a/installer/inventory +++ b/installer/inventory @@ -31,6 +31,7 @@ dockerhub_base=ansible # The example below shows an annotation to be used with Traefik but other Ingress controllers are also supported. #kubernetes_ingress_hostname=awx.example.org #kubernetes_ingress_annotations={'kubernetes.io/ingress.class': 'traefik', 'traefik.ingress.kubernetes.io/redirect-entry-point': 'https'} +#kubernetes_ingress_tls_secret=awx-cert # Kubernetes and Openshift Install Resource Requests # These are the request and limit values for a pod's container for task/web/rabbitmq/memcached/management. diff --git a/installer/roles/kubernetes/templates/deployment.yml.j2 b/installer/roles/kubernetes/templates/deployment.yml.j2 index 8e9f234c20..dfb76cbc7b 100644 --- a/installer/roles/kubernetes/templates/deployment.yml.j2 +++ b/installer/roles/kubernetes/templates/deployment.yml.j2 @@ -433,6 +433,12 @@ metadata: {% endfor %} spec: +{% if kubernetes_ingress_tls_secret is defined %} + tls: + - hosts: + - {{ kubernetes_ingress_hostname }} + secretName: {{ kubernetes_ingress_tls_secret }} +{% endif %} rules: - host: {{ kubernetes_ingress_hostname }} http: From e38ed6574c1bee529f5cd7596bced7cf16794576 Mon Sep 17 00:00:00 2001 From: Khaled Elkhawaga Date: Fri, 11 Oct 2019 01:00:22 +0200 Subject: [PATCH 2/2] update comments for kubernetes ingress Signed-off-by: Khaled Elkhawaga --- installer/inventory | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/installer/inventory b/installer/inventory index 4f056499e5..ef025a9dbd 100644 --- a/installer/inventory +++ b/installer/inventory @@ -26,12 +26,14 @@ dockerhub_base=ansible # pg_cpu_limit=1000 # pg_mem_limit=2 -# Kubernetes Ingress Annotations -# You can use the variables below to pass annotations to Kubernetes Ingress -# The example below shows an annotation to be used with Traefik but other Ingress controllers are also supported. -#kubernetes_ingress_hostname=awx.example.org -#kubernetes_ingress_annotations={'kubernetes.io/ingress.class': 'traefik', 'traefik.ingress.kubernetes.io/redirect-entry-point': 'https'} -#kubernetes_ingress_tls_secret=awx-cert +# Kubernetes Ingress Configuration +# You can use the variables below to configure Kubernetes Ingress +# Set hostname +# kubernetes_ingress_hostname=awx.example.org +# Add annotations. The example below shows an annotation to be used with Traefik but other Ingress controllers are also supported +# kubernetes_ingress_annotations={'kubernetes.io/ingress.class': 'traefik', 'traefik.ingress.kubernetes.io/redirect-entry-point': 'https'} +# Specify a secret for TLS termination +# kubernetes_ingress_tls_secret=awx-cert # Kubernetes and Openshift Install Resource Requests # These are the request and limit values for a pod's container for task/web/rabbitmq/memcached/management.