Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewNginxIngressReconciler ¶
func NewNginxIngressReconciler(manager ctrl.Manager, ingConfig *manifests.NginxIngressConfig) error
Types ¶
type NginxIngressReconciler ¶
type NginxIngressReconciler struct {
// contains filtered or unexported fields
}
NginxIngressReconciler manages an opinionated ingress resource for services that define certain annotations. The resulting ingress uses Keyvault for TLS, never exposes insecure (plain http) routes, and uses OSM for upstream mTLS. If those integrations aren't enabled, it won't work correctly.
Annotations: - kubernetes.azure.com/ingress-host: host of the ingress resource - kubernetes.azure.com/tls-cert-keyvault-uri: URI of the Keyvault certificate to present - kubernetes.azure.com/service-account-name: name of the service account used by upstream pods (defaults to "default") - kubernetes.azure.com/insecure-disable-osm: don't use OSM integration. Connections between ingreses controller and app will be insecure.
This functionality allows easy adoption of good ingress practices while providing an exit strategy. Users can remove the annotations and take ownership of the generated resources at any time.