[PR] [FLINK-33454] [Operator] Add IngressTlsSpec to support TLS within the managed Ingress, also add Label Passthrough [flink-kubernetes-operator]

Fri, 08 Dec 2023 08:25:35 -0800 


ryanvanhuuksloot opened a new pull request, #727:
URL: https://github.com/apache/flink-kubernetes-operator/pull/727

   ## What is the purpose of the change
   The managed ingress `IngressSpec` doesn't support TLS. It means that the 
ingress can't be used with secrets to secure the hosts. We can extend the 
`IngressSpec` to have `tls: List<IngressTlsSpec>`. In theory we shouldn't need 
a List spec here since the template only supports one host but I thought it was 
better to follow the Kubernetes spec since the change is pretty simple.
   
   The managed ingress also doesn't have the ability to pass labels through to 
the Ingress. It would be nice to support this. It could be in a separate PR if 
we'd like but is very trivial.
   
   Open to `IngressTLSSpec` if folks think that is better. I didn't like the 
double capital S beside each other.
   
   ## Brief change log
   Added an `IngressTlsSpec` to support tls entries in the `IngressSpec`
   Added a labels entry to the `IngressSpec` to support label passthrough to 
the Ingress similar to annotations.
   
   ## Verifying this change
   This change is a trivial rework / code cleanup without any test coverage.
   - I did not add tests for the labels as we don't have explicit tests for the 
annotations. I wasn't sure if this was intentional. I'd be happy to add tests 
for the labels.
   
   This change added tests and can be verified as follows:
   - Added tests for IngressTls from the IngressUtils including
   1. Empty tls
   2. empty hosts with single secretName, single tls entry
   3. empty secretName with single hosts, single tls entry
   4. single hosts and single secretName, single tls entry
   5. multiple hosts and single secretName, single tls entry
   6. multiple tls entries
   
   I still need to manually validate the ingress spec with a job.
   
   ## Does this pull request potentially affect one of the following parts:
   
     - Dependencies (does it add or upgrade a dependency): no
     - The public API, i.e., is any changes to the `CustomResourceDescriptors`: 
yes 
     - Core observer or reconciler logic that is regularly executed: no
   
   ## Documentation
   
     - Does this pull request introduce a new feature? yes
     - If yes, how is the feature documented? docs
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@flink.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to