redpanda
redpanda copied to clipboard
redpanda-data
K8s: allow to configure ingress resources
Cover letter
This allows to configure Ingress resources generated for:
- Panda proxy
- Console
Customization allowed are:
- Enable/disable their creation
- Configure the host endpoint under which they are exposed (currently "console" is hardcoded, while Pandaproxy is exposed at the root domain)
- Inject annotations (this allows configuring specific environment annotations, without having to hardcode them in the operator code)
UX changes
Adds a new field ingress, in Console->spec and Pandaproxy external listener configuration.
Release notes
Improvements
- operator: added options to configure generated Ingress resources for Console and Pandaproxy
Initial thoughts at least for console changes:
Enable/disable their creation
I'm not sure if there will be a case where we want to disable ingress as console needs it for ssl
Configure the host endpoint
Maybe what we want is to be able to specify an entirely different subdomain (e.g. console.mycompany.com)
Inject annotations
Imo I would like to keep console spec as simple as possible and add configurations if we really need to (e.g. do we need to support multiple ingress controllers or we say to support nginx at the moment, if we will support other ingresses we might want to also configure ingressclassname)
Just my 2c :v: I think @weeco might be able to give more insights regarding console
Good points. This is needed mostly to being able to customize DNS names for both console and pandaproxy ingress.
Initial thoughts at least for console changes:
Enable/disable their creation
I'm not sure if there will be a case where we want to disable ingress as console needs it for ssl
This is for operational simplicity. In case the operator does not generate the right ingress (e.g. due to hardcoded constants), one would like to disable it and configure an ingress manually, until the operator gets properly fixed.
This happened to me for the pandaproxy ingress, that I could not disable, but its default annotations triggered a wrong configuration in external-dns. I think it might be useful for the console as well.
Configure the host endpoint
Maybe what we want is to be able to specify an entirely different subdomain (e.g. console.mycompany.com)
Yes, I consider this as an initial building block for configuring ingress resources, that is common between Cluster and Console, and can be augmented when we have other requirements.
Inject annotations
Imo I would like to keep console spec as simple as possible and add configurations if we really need to (e.g. do we need to support multiple ingress controllers or we say to support nginx at the moment, if we will support other ingresses we might want to also configure ingressclassname)
Just my 2c v I think @weeco might be able to give more insights regarding console
Annotations in ingresses are very common for configuring both DNS and load balancer settings and there are many provider-specific configurations and also network-type configurations that users may want to change when deploying Redpanda. So this is a hook into that.
I didn't change the ingress controller type, which is currently hardcoded ("nginx"), but I feel this is the right place to add such configuration in case it's needed by someone. Just consider that if a k8s cluster does not define an ingress class called "nginx", then some Redpanda deployments may fail...