From 862fd2c5c4139914e7aa128739378ab782da0ab6 Mon Sep 17 00:00:00 2001
From: Mathias Petermann <mathias.petermann@gmail.com>
Date: Wed, 24 May 2023 13:12:50 +0200
Subject: [PATCH] feature(ingress_nginx) Add ingressclass for ingress_nginx
 (#10091)

Add option to configure class as the default class
Add option to disable wathcing for ingresses without class

Remove redundant if that always evaluates to true

Fix default value missing for ingress_nginx_default
---
 inventory/sample/group_vars/k8s_cluster/addons.yml  |  2 ++
 .../ingress_nginx/defaults/main.yml                 |  4 +++-
 .../ingress_controller/ingress_nginx/tasks/main.yml |  1 +
 .../templates/ds-ingress-nginx-controller.yml.j2    |  3 +--
 .../templates/ingressclass-nginx.yml.j2             | 13 +++++++++++++
 .../templates/role-ingress-nginx.yml.j2             |  4 ++--
 6 files changed, 22 insertions(+), 5 deletions(-)
 create mode 100644 roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ingressclass-nginx.yml.j2

diff --git a/inventory/sample/group_vars/k8s_cluster/addons.yml b/inventory/sample/group_vars/k8s_cluster/addons.yml
index 01d168d01..4cf9ba45b 100644
--- a/inventory/sample/group_vars/k8s_cluster/addons.yml
+++ b/inventory/sample/group_vars/k8s_cluster/addons.yml
@@ -125,6 +125,8 @@ ingress_publish_status_address: ""
 #   - --default-ssl-certificate=default/foo-tls
 # ingress_nginx_termination_grace_period_seconds: 300
 # ingress_nginx_class: nginx
+# ingress_nginx_without_class: true
+# ingress_nginx_default: false
 
 # ALB ingress controller deployment
 ingress_alb_enabled: false
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml b/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml
index 16dfe9a46..7a5c13488 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/defaults/main.yml
@@ -13,7 +13,9 @@ ingress_nginx_configmap_tcp_services: {}
 ingress_nginx_configmap_udp_services: {}
 ingress_nginx_extra_args: []
 ingress_nginx_termination_grace_period_seconds: 300
-# ingress_nginx_class: nginx
+ingress_nginx_class: nginx
+ingress_nginx_without_class: true
+ingress_nginx_default: false
 ingress_nginx_webhook_enabled: false
 ingress_nginx_webhook_job_ttl: 1800
 
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml b/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml
index cc0ed71c3..b67a17f39 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml
@@ -22,6 +22,7 @@
       - { name: clusterrolebinding-ingress-nginx, file: clusterrolebinding-ingress-nginx.yml, type: clusterrolebinding }
       - { name: role-ingress-nginx, file: role-ingress-nginx.yml, type: role }
       - { name: rolebinding-ingress-nginx, file: rolebinding-ingress-nginx.yml, type: rolebinding }
+      - { name: ingressclass-nginx, file: ingressclass-nginx.yml, type: ingressclass }
       - { name: ds-ingress-nginx-controller, file: ds-ingress-nginx-controller.yml, type: ds }
     ingress_nginx_templates_for_webhook:
       - { name: admission-webhook-configuration, file: admission-webhook-configuration.yml, type: sa }
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
index 6ab424983..4afb75d3a 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
@@ -51,9 +51,8 @@ spec:
             - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
             - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
             - --annotations-prefix=nginx.ingress.kubernetes.io
-{% if ingress_nginx_class is defined %}
             - --ingress-class={{ ingress_nginx_class }}
-{% else %}
+{% if ingress_nginx_without_class %}
             - --watch-ingress-without-class=true
 {% endif %}
 {% if ingress_nginx_host_network %}
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ingressclass-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ingressclass-nginx.yml.j2
new file mode 100644
index 000000000..c36848919
--- /dev/null
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ingressclass-nginx.yml.j2
@@ -0,0 +1,13 @@
+apiVersion: networking.k8s.io/v1
+kind: IngressClass
+metadata:
+  name: {{ ingress_nginx_class }}
+  labels:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+{% if ingress_nginx_default %}
+  annotations:
+    ingressclass.kubernetes.io/is-default-class: "true"
+{%- endif %}
+spec:
+  controller: k8s.io/ingress-nginx
\ No newline at end of file
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
index f08f82fc5..6c4b1c13f 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
@@ -32,7 +32,7 @@ rules:
     # Here: "<ingress-controller-leader>-<nginx>"
     # This has to be adapted if you change either parameter
     # when launching the nginx-ingress-controller.
-    resourceNames: [{% if ingress_class is defined %}"ingress-controller-leader-{{ ingress_nginx_class | default('nginx') }}"{% else %}"ingress-controller-leader"{% endif %}]
+    resourceNames: ["ingress-controller-leader-{{ ingress_nginx_class }}"]
     verbs: ["get", "update"]
   - apiGroups: [""]
     resources: ["events"]
@@ -43,7 +43,7 @@ rules:
     # Here: "<ingress-controller-leader>-<nginx>"
     # This has to be adapted if you change either parameter
     # when launching the nginx-ingress-controller.
-    resourceNames: [{% if ingress_class is defined %}"ingress-controller-leader-{{ ingress_nginx_class | default('nginx') }}"{% else %}"ingress-controller-leader"{% endif %}]
+    resourceNames: ["ingress-controller-leader-{{ ingress_nginx_class }}"]
     verbs: ["get", "update"]
   - apiGroups: ["coordination.k8s.io"]
     resources: ["leases"]
-- 
GitLab