@flowfuse/driver-kubernetes 1.15.1-51d5f79-202312211334.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/README.md +2 -0
- package/kubernetes.js +28 -0
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
package/README.md
CHANGED
|
@@ -17,6 +17,7 @@ driver:
|
|
|
17
17
|
projectNamespace: flowforge
|
|
18
18
|
cloudProvider: aws
|
|
19
19
|
privateCA: ff-ca-certs
|
|
20
|
+
certManagerIssuer: lets-encrypt
|
|
20
21
|
k8sDelay: 1000
|
|
21
22
|
k8sRetries: 10
|
|
22
23
|
```
|
|
@@ -28,6 +29,7 @@ should run on
|
|
|
28
29
|
- `cloudProvider` can be left unset for none `aws` deployments. This triggers the adding of
|
|
29
30
|
AWS EKS specific annotation for ALB Ingress.
|
|
30
31
|
- `privateCA` name of ConfigMap holding PEM CA Cert Bundle (file name `certs.pem`) Optional
|
|
32
|
+
- `certManagerIssuer` name of the ClusterIssuer to use to create HTTPS certs for instances (default not set)
|
|
31
33
|
- `k8sRetries` how many times to retry actions against the K8s API
|
|
32
34
|
- `k8sDelay` how long to wait (in ms) between retries to the K8s API
|
|
33
35
|
|
package/kubernetes.js
CHANGED
|
@@ -360,6 +360,18 @@ const createIngress = async (project, options) => {
|
|
|
360
360
|
|
|
361
361
|
const localIngress = JSON.parse(JSON.stringify(ingressTemplate))
|
|
362
362
|
|
|
363
|
+
if (this._certManagerIssuer) {
|
|
364
|
+
localIngress.metadata.annotations['cert-manager.io/cluster-issuer'] = this._certManagerIssuer
|
|
365
|
+
localIngress.spec.tls = [
|
|
366
|
+
{
|
|
367
|
+
hosts: [
|
|
368
|
+
url.host
|
|
369
|
+
],
|
|
370
|
+
secretName: project.safeName
|
|
371
|
+
}
|
|
372
|
+
]
|
|
373
|
+
}
|
|
374
|
+
|
|
363
375
|
// process annotations with potential replacements
|
|
364
376
|
Object.keys(localIngress.metadata.annotations).forEach((key) => {
|
|
365
377
|
localIngress.metadata.annotations[key] = mustache(localIngress.metadata.annotations[key], exposedData)
|
|
@@ -593,6 +605,7 @@ module.exports = {
|
|
|
593
605
|
this._namespace = this._app.config.driver.options.projectNamespace || 'flowforge'
|
|
594
606
|
this._k8sDelay = this._app.config.driver.options.k8sDelay || 1000
|
|
595
607
|
this._k8sRetries = this._app.config.driver.options.k8sRetries || 10
|
|
608
|
+
this._certManagerIssuer = this._app.config.driver.options._certManagerIssuer
|
|
596
609
|
|
|
597
610
|
const kc = new k8s.KubeConfig()
|
|
598
611
|
|
|
@@ -753,6 +766,14 @@ module.exports = {
|
|
|
753
766
|
this._app.log.error(`[k8s] Project ${project.id} - error deleting ingress: ${err.toString()}`)
|
|
754
767
|
}
|
|
755
768
|
|
|
769
|
+
if (this._certManagerIssuer) {
|
|
770
|
+
try {
|
|
771
|
+
await this._k8sApi.deleteNamespacedSecret(project.safeName, this._namespace)
|
|
772
|
+
} catch (err) {
|
|
773
|
+
this._app.log.error(`[k8s] Project ${project.id} - error deleting tls secret: ${err.toString()}`)
|
|
774
|
+
}
|
|
775
|
+
}
|
|
776
|
+
|
|
756
777
|
// Note that, regardless, the main objective is to delete deployment (runnable)
|
|
757
778
|
// Even if some k8s resources like ingress or service are still not deleted (maybe because of
|
|
758
779
|
// k8s service latency), the most important thing is to get to deployment.
|
|
@@ -851,6 +872,13 @@ module.exports = {
|
|
|
851
872
|
} catch (err) {
|
|
852
873
|
this._app.log.error(`[k8s] Project ${project.id} - error deleting ingress: ${err.toString()}`)
|
|
853
874
|
}
|
|
875
|
+
if (this._certManagerIssuer) {
|
|
876
|
+
try {
|
|
877
|
+
await this._k8sApi.deleteNamespacedSecret(project.safeName, this._namespace)
|
|
878
|
+
} catch (err) {
|
|
879
|
+
this._app.log.error(`[k8s] Project ${project.id} - error deleting tls secret: ${err.toString()}`)
|
|
880
|
+
}
|
|
881
|
+
}
|
|
854
882
|
try {
|
|
855
883
|
if (project.safeName.match(/^[0-9]/)) {
|
|
856
884
|
await this._k8sApi.deleteNamespacedService('srv-' + project.safeName, this._namespace)
|