Allow to configure multiple hosts for Ingress
Summary
AWS ingress controller creates a load balancer with rules to allow only the known host names, which means if a large enterprise has multiple hostnames, the AWS load balancer blocks it.
Possible solution
Add a range to allow addition of multiple hosts in ingress yaml of webservice and pages.
For example:
Below is an example of the current ingress provided with GitLab charts and an example of an ingress that allows a range:
Current available ingress
Click to expand!
{{- if .Values.enabled -}}{{/* ENABLED */}}
{{- if eq (include "gitlab.ingress.enabled" $) "true" -}}{{/* INGRESS ENABLED */}}
{{- $gitlabHostname := include "gitlab.gitlab.hostname" $ -}}
{{- if .Values.global.hosts.gitlab.hostnameOverride -}}
{{- $gitlabHostname = .Values.global.hosts.gitlab.hostnameOverride -}}
{{- end -}}
{{- $tlsSecret := include "webservice.tlsSecret" $ -}}
{{- include "webservice.datamodel.prepare" $ -}}
{{/* BEGIN range deployments */}}
{{- range $.Values.deployments -}}
{{- if .ingress.path -}}{{/* SET .ingress.path */}}
{{/*
From here on:
- `.` is `.deployments.xyz` value
- `.name` is the key (xyz)
*/}}
---
apiVersion: {{ template "ingress.apiVersion" $}}
kind: Ingress
metadata:
name: {{ template "webservice.fullname.withSuffix" . }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "gitlab.standardLabels" $ | nindent 4 }}
{{- include "webservice.labels" . | nindent 4 }}
{{- include "webservice.commonLabels" . | nindent 4 }}
annotations:
kubernetes.io/ingress.class: "{{ template "gitlab.ingressclass" $ }}"
{{- if default .ingress.provider $.Values.global.ingress.provider }}
kubernetes.io/ingress.provider: {{ default .ingress.provider $.Values.global.ingress.provider }}
{{- end }}
{{- if eq "nginx" (default .ingress.provider $.Values.global.ingress.provider) }}
nginx.ingress.kubernetes.io/proxy-body-size: {{ .ingress.proxyBodySize | quote }}
nginx.ingress.kubernetes.io/proxy-read-timeout: {{ .ingress.proxyReadTimeout | quote }}
nginx.ingress.kubernetes.io/proxy-connect-timeout: {{ .ingress.proxyConnectTimeout | quote }}
{{- end }}
{{ include "gitlab.certmanager_annotations" $ }}
{{- range $key, $value := merge .ingress.annotations $.Values.global.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
rules:
- host: {{ $gitlabHostname }}
http:
paths:
- path: {{ .ingress.path }}
{{ if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}}
pathType: {{ default .ingress.pathType $.Values.global.ingress.pathType }}
backend:
service:
name: {{ template "webservice.fullname.withSuffix" . }}
port:
number: {{ $.Values.service.workhorseExternalPort }}
{{- else -}}
backend:
serviceName: {{ template "webservice.fullname.withSuffix" . }}
servicePort: {{ $.Values.service.workhorseExternalPort }}
{{- end -}}
{{- if (and $tlsSecret (eq (include "gitlab.ingress.tls.enabled" $) "true" )) }}
tls:
- hosts:
- {{ $gitlabHostname }}
- <HOSTNAME_ONE>
- <HOSTNAME_TWO>
secretName: {{ $tlsSecret }}
{{- else }}
tls: []
{{- end }}
{{- end -}}
{{- end -}}{{/* SET .ingress.path */}}
{{- end -}}{{/* INGRESS ENABLED */}}
{{- end -}}{{/* ENABLED */}}
example of an ingress that allows a range
Click to expand!
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "nn-stellar.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "nn-stellar.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ . }}
pathType: Prefix
backend:
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}