Support TransportServer in Helm

* Register TransportServer CRD * Add controller.enableTLSPassthrough parameter
nginx · Apr 15, 2020 · 75e4970 · 75e4970
1 parent c16942b
commit 75e4970
Show file tree

Hide file tree

Showing 7 changed files with 93 additions and 0 deletions.
diff --git a/deployments/helm-chart/README.md b/deployments/helm-chart/README.md
@@ -146,6 +146,7 @@ Parameter | Description | Default
 `controller.useIngressClassOnly` | Ignore Ingress resources without the `"kubernetes.io/ingress.class"` annotation. | false
 `controller.watchNamespace` | Namespace to watch for Ingress resources. By default the Ingress controller watches all namespaces. | ""
 `controller.enableCustomResources` | Enable the custom resources. | true
+`controller.enableTLSPassthrough` | Enable TLS Passthrough on port 443. Requires `controller.enableCustomResources`. | false 
 `controller.healthStatus` | Add a location "/nginx-health" to the default server. The location responds with the 200 status code for any request. Useful for external health-checking of the Ingress controller. | false
 `controller.healthStatusURI` | Sets the URI of health status location in the default server. Requires `contoller.healthStatus`. | "/nginx-health"
 `controller.nginxStatus.enable` | Enable the NGINX stub_status, or the NGINX Plus API. | true

diff --git a/deployments/helm-chart/templates/controller-daemonset.yaml b/deployments/helm-chart/templates/controller-daemonset.yaml
@@ -128,4 +128,7 @@ spec:
           - -enable-prometheus-metrics={{ .Values.prometheus.create }}
           - -prometheus-metrics-listen-port={{ .Values.prometheus.port }}
           - -enable-custom-resources={{ .Values.controller.enableCustomResources }}
+{{- if .Values.controller.enableCustomResources  }}
+          - -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }}
+{{- end }}
 {{- end }}
diff --git a/deployments/helm-chart/templates/controller-deployment.yaml b/deployments/helm-chart/templates/controller-deployment.yaml
@@ -126,4 +126,7 @@ spec:
           - -enable-prometheus-metrics={{ .Values.prometheus.create }}
           - -prometheus-metrics-listen-port={{ .Values.prometheus.port }}
           - -enable-custom-resources={{ .Values.controller.enableCustomResources }}
+{{- if .Values.controller.enableCustomResources  }}
+          - -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }}
+{{- end }}
 {{- end }}
diff --git a/deployments/helm-chart/templates/controller-ts-definition.yaml b/deployments/helm-chart/templates/controller-ts-definition.yaml
@@ -0,0 +1,79 @@
+{{- if .Values.controller.enableCustomResources }}
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: transportservers.k8s.nginx.org
+  labels:
+    {{- include "nginx-ingress.labels" . | nindent 4 }}
+spec:
+  group: k8s.nginx.org
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+  scope: Namespaced
+  names:
+    plural: transportservers
+    singular: transportserver
+    kind: TransportServer
+    shortNames:
+    - ts
+  preserveUnknownFields: false
+  validation:
+    openAPIV3Schema:
+      description: TransportServer defines the TransportServer resource.
+      type: object
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: TransportServerSpec is the spec of the TransportServer resource.
+          type: object
+          properties:
+            action:
+              description: Action defines an action.
+              type: object
+              properties:
+                pass:
+                  type: string
+            host:
+              type: string
+            listener:
+              description: TransportServerListener defines a listener for a TransportServer.
+              type: object
+              properties:
+                name:
+                  type: string
+                protocol:
+                  type: string
+            upstreamParameters:
+              description: UpstreamParameters defines parameters for an upstream.
+              type: object
+              properties:
+                udpRequests:
+                  type: integer
+                udpResponses:
+                  type: integer
+            upstreams:
+              type: array
+              items:
+                description: Upstream defines an upstream.
+                type: object
+                properties:
+                  name:
+                    type: string
+                  port:
+                    type: integer
+                  service:
+                    type: string
+{{- end }}
diff --git a/deployments/helm-chart/templates/rbac.yaml b/deployments/helm-chart/templates/rbac.yaml
@@ -71,6 +71,7 @@ rules:
   resources:
   - virtualservers
   - virtualserverroutes
+  - transportservers
   verbs:
   - list
   - watch

diff --git a/deployments/helm-chart/values.yaml b/deployments/helm-chart/values.yaml
@@ -118,6 +118,9 @@ controller:
   ## Enable the custom resources.
   enableCustomResources: true
 
+  ## Enable TLS Passthrough on port 443. Requires controller.enableCustomResources.
+  enableTLSPassthrough: false
+
   ## Add a location based on the value of health-status-uri to the default server. The location responds with the 200 status code for any request.
   ## Useful for external health-checking of the Ingress controller.
   healthStatus: false

diff --git a/docs-web/installation/installation-with-helm.md b/docs-web/installation/installation-with-helm.md
@@ -208,6 +208,9 @@ The following tables lists the configurable parameters of the NGINX Ingress cont
    * - ``controller.enableCustomResources``
      - Enable the custom resources.
      - true
+   * - ``controller.enableTLSPassthrough``
+     - Enable TLS Passthrough on port 443. Requires ``controller.enableCustomResources``.
+     - false
    * - ``controller.healthStatus``
      - Add a location "/nginx-health" to the default server. The location responds with the 200 status code for any request. Useful for external health-checking of the Ingress controller.
      - false