From 7796c2104181a23cf360ca9b76aebf7eff98f639 Mon Sep 17 00:00:00 2001 From: PPawlowski Date: Mon, 6 Oct 2025 14:39:30 +0200 Subject: [PATCH 1/3] Add ingress annotations logic --- kubernetes.js | 74 ++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 70 insertions(+), 4 deletions(-) diff --git a/kubernetes.js b/kubernetes.js index 6b016a6..512ef1e 100644 --- a/kubernetes.js +++ b/kubernetes.js @@ -261,8 +261,37 @@ const createIngress = async (project, options) => { const localIngress = JSON.parse(JSON.stringify(ingressTemplate)) + let addIngressTls = false + if (this._certManagerIssuer) { localIngress.metadata.annotations['cert-manager.io/cluster-issuer'] = this._certManagerIssuer + addIngressTls = true + + // Add non-cert-manager annotations from projectIngressAnnotations if they exist + if (this._projectIngressAnnotations) { + Object.keys(this._projectIngressAnnotations).forEach((key) => { + if (!key.startsWith('cert-manager.io/')) { + localIngress.metadata.annotations[key] = this._projectIngressAnnotations[key] + } + }) + } + } else if (this._projectIngressAnnotations) { + const hasCertManagerAnnotation = Object.keys(this._projectIngressAnnotations).some(key => + key.startsWith('cert-manager.io/') + ) + + if (hasCertManagerAnnotation) { + addIngressTls = true + } + + // Add all annotations from projectIngressAnnotations + Object.keys(this._projectIngressAnnotations).forEach((key) => { + localIngress.metadata.annotations[key] = this._projectIngressAnnotations[key] + }) + } + + // Add TLS configuration if needed + if (addIngressTls) { localIngress.spec.tls = [ { hosts: [ @@ -309,9 +338,38 @@ const createCustomIngress = async (project, hostname, options) => { customIngress.spec.rules[0].host = hostname customIngress.spec.rules[0].http.paths[0].backend.service.name = `${prefix}${project.safeName}` + let addCustomIngressTls = false + if (this._customHostname?.certManagerIssuer) { - customIngress.metadata.annotations['cert-manager.io/cluster-issuer'] = this._customHostname.certManagerIssuer - customIngress.spec.tls = [ + localIngress.metadata.annotations['cert-manager.io/cluster-issuer'] = this._customHostname.certManagerIssuer + addCustomIngressTls = true + + // Add non-cert-manager annotations from projectIngressAnnotations if they exist + if (this._customHostname?.ingressAnnotations) { + Object.keys(this._customHostname?.ingressAnnotations).forEach((key) => { + if (!key.startsWith('cert-manager.io/')) { + localIngress.metadata.annotations[key] = this._customHostname?.ingressAnnotations[key] + } + }) + } + } else if (this._customHostname?.ingressAnnotations) { + const hasCertManagerAnnotation = Object.keys(this._customHostname?.ingressAnnotations).some(key => + key.startsWith('cert-manager.io/') + ) + + if (hasCertManagerAnnotation) { + addCustomIngressTls = true + } + + // Add all annotations from projectIngressAnnotations + Object.keys(this._customHostname?.ingressAnnotations).forEach((key) => { + localIngress.metadata.annotations[key] = this._customHostname?.ingressAnnotations[key] + }) + } + + // Add TLS configuration if needed + if (addCustomIngressTls) { + localIngress.spec.tls = [ { hosts: [ hostname @@ -628,6 +686,7 @@ module.exports = { this._k8sDelay = this._app.config.driver.options?.k8sDelay || 1000 this._k8sRetries = this._app.config.driver.options?.k8sRetries || 10 this._certManagerIssuer = this._app.config.driver.options?.certManagerIssuer + this._certManagerAnnotations = this._app.config.driver.options?.certManagerAnnotations this._logPassthrough = this._app.config.driver.options?.logPassthrough || false this._cloudProvider = this._app.config.driver.options?.cloudProvider if (this._app.config.driver.options?.customHostname?.enabled) { @@ -829,6 +888,13 @@ module.exports = { this._app.log.error(`[k8s] Instance ${project.id} - error deleting tls secret: ${err.toString()} ${err.stack}`) } } + if (this._certManagerAnnotations) { + try { + await this._k8sApi.deleteNamespacedSecret({ name: project.safeName, namespace: this._namespace }) + } catch (err) { + this._app.log.error(`[k8s] Instance ${project.id} - error deleting tls secret (annotations): ${err.toString()} ${err.stack}`) + } + } if (this._customHostname?.enabled) { try { @@ -953,7 +1019,7 @@ module.exports = { } catch (err) { this._app.log.error(`[k8s] Instance ${project.id} - error deleting ingress: ${err.toString()}`) } - if (this._certManagerIssuer) { + if (this._certManagerIssuer || this._certManagerAnnotations) { try { await this._k8sApi.deleteNamespacedSecret({ name: project.safeName, namespace: this._namespace }) } catch (err) { @@ -966,7 +1032,7 @@ module.exports = { } catch (err) { this._app.log.error(`[k8s] Instance ${project.id} - error deleting custom ingress: ${err.toString()}`) } - if (this._customHostname?.certManagerIssuer) { + if (this._customHostname?.certManagerIssuer || this._customHostname?.certManagerAnnotations) { try { await this._k8sApi.deleteNamespacedSecret({ name: `${project.safeName}-custom`, namespace: this._namespace }) } catch (err) { From b5c07befe776f7ffc5aeacba71691a39ed678ceb Mon Sep 17 00:00:00 2001 From: PPawlowski Date: Mon, 6 Oct 2025 14:50:11 +0200 Subject: [PATCH 2/3] Fix lint errors --- kubernetes.js | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/kubernetes.js b/kubernetes.js index 512ef1e..d90b648 100644 --- a/kubernetes.js +++ b/kubernetes.js @@ -262,7 +262,7 @@ const createIngress = async (project, options) => { const localIngress = JSON.parse(JSON.stringify(ingressTemplate)) let addIngressTls = false - + if (this._certManagerIssuer) { localIngress.metadata.annotations['cert-manager.io/cluster-issuer'] = this._certManagerIssuer addIngressTls = true @@ -276,20 +276,20 @@ const createIngress = async (project, options) => { }) } } else if (this._projectIngressAnnotations) { - const hasCertManagerAnnotation = Object.keys(this._projectIngressAnnotations).some(key => + const hasCertManagerAnnotation = Object.keys(this._projectIngressAnnotations).some(key => key.startsWith('cert-manager.io/') ) - + if (hasCertManagerAnnotation) { addIngressTls = true } - + // Add all annotations from projectIngressAnnotations Object.keys(this._projectIngressAnnotations).forEach((key) => { localIngress.metadata.annotations[key] = this._projectIngressAnnotations[key] }) } - + // Add TLS configuration if needed if (addIngressTls) { localIngress.spec.tls = [ @@ -339,16 +339,16 @@ const createCustomIngress = async (project, hostname, options) => { customIngress.spec.rules[0].http.paths[0].backend.service.name = `${prefix}${project.safeName}` let addCustomIngressTls = false - + if (this._customHostname?.certManagerIssuer) { - localIngress.metadata.annotations['cert-manager.io/cluster-issuer'] = this._customHostname.certManagerIssuer + customIngress.metadata.annotations['cert-manager.io/cluster-issuer'] = this._customHostname.certManagerIssuer addCustomIngressTls = true // Add non-cert-manager annotations from projectIngressAnnotations if they exist if (this._customHostname?.ingressAnnotations) { Object.keys(this._customHostname?.ingressAnnotations).forEach((key) => { if (!key.startsWith('cert-manager.io/')) { - localIngress.metadata.annotations[key] = this._customHostname?.ingressAnnotations[key] + customIngress.metadata.annotations[key] = this._customHostname?.ingressAnnotations[key] } }) } @@ -356,20 +356,20 @@ const createCustomIngress = async (project, hostname, options) => { const hasCertManagerAnnotation = Object.keys(this._customHostname?.ingressAnnotations).some(key => key.startsWith('cert-manager.io/') ) - + if (hasCertManagerAnnotation) { addCustomIngressTls = true } - + // Add all annotations from projectIngressAnnotations Object.keys(this._customHostname?.ingressAnnotations).forEach((key) => { - localIngress.metadata.annotations[key] = this._customHostname?.ingressAnnotations[key] + customIngress.metadata.annotations[key] = this._customHostname?.ingressAnnotations[key] }) } - + // Add TLS configuration if needed if (addCustomIngressTls) { - localIngress.spec.tls = [ + customIngress.spec.tls = [ { hosts: [ hostname From 716ddc6642b637d56010c44517ebbd01357f73af Mon Sep 17 00:00:00 2001 From: PPawlowski Date: Mon, 6 Oct 2025 19:02:37 +0200 Subject: [PATCH 3/3] Define _projectIngress annotations, fix stop and removal methods --- kubernetes.js | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/kubernetes.js b/kubernetes.js index d90b648..d7d15c7 100644 --- a/kubernetes.js +++ b/kubernetes.js @@ -686,7 +686,7 @@ module.exports = { this._k8sDelay = this._app.config.driver.options?.k8sDelay || 1000 this._k8sRetries = this._app.config.driver.options?.k8sRetries || 10 this._certManagerIssuer = this._app.config.driver.options?.certManagerIssuer - this._certManagerAnnotations = this._app.config.driver.options?.certManagerAnnotations + this._projectIngressAnnotations = this._app.config.driver.options?.projectIngressAnnotations this._logPassthrough = this._app.config.driver.options?.logPassthrough || false this._cloudProvider = this._app.config.driver.options?.cloudProvider if (this._app.config.driver.options?.customHostname?.enabled) { @@ -887,12 +887,16 @@ module.exports = { } catch (err) { this._app.log.error(`[k8s] Instance ${project.id} - error deleting tls secret: ${err.toString()} ${err.stack}`) } - } - if (this._certManagerAnnotations) { - try { - await this._k8sApi.deleteNamespacedSecret({ name: project.safeName, namespace: this._namespace }) - } catch (err) { - this._app.log.error(`[k8s] Instance ${project.id} - error deleting tls secret (annotations): ${err.toString()} ${err.stack}`) + } else if (this._projectIngressAnnotations) { + const hasCertManagerAnnotation = Object.keys(this._projectIngressAnnotations).some(key => + key.startsWith('cert-manager.io/') + ) + if (hasCertManagerAnnotation) { + try { + await this._k8sApi.deleteNamespacedSecret({ name: project.safeName, namespace: this._namespace }) + } catch (err) { + this._app.log.error(`[k8s] Instance ${project.id} - error deleting tls secret: ${err.toString()} ${err.stack}`) + } } } @@ -1019,12 +1023,23 @@ module.exports = { } catch (err) { this._app.log.error(`[k8s] Instance ${project.id} - error deleting ingress: ${err.toString()}`) } - if (this._certManagerIssuer || this._certManagerAnnotations) { + if (this._certManagerIssuer) { try { await this._k8sApi.deleteNamespacedSecret({ name: project.safeName, namespace: this._namespace }) } catch (err) { this._app.log.error(`[k8s] Instance ${project.id} - error deleting tls secret: ${err.toString()}`) } + } else if (this._projectIngressAnnotations) { + const hasCertManagerAnnotation = Object.keys(this._projectIngressAnnotations).some(key => + key.startsWith('cert-manager.io/') + ) + if (hasCertManagerAnnotation) { + try { + await this._k8sApi.deleteNamespacedSecret({ name: project.safeName, namespace: this._namespace }) + } catch (err) { + this._app.log.error(`[k8s] Instance ${project.id} - error deleting tls secret: ${err.toString()}`) + } + } } if (this._customHostname?.enabled) { try {