platform/manifests
1
0
Fork 0
Code Issues 7 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

major(ingress): Migrate hel1 to ha-proxy controller

Browse Source 
Most ingresses annotations should be work with small changes.
This commit is contained in:
Moritz Jörg
2026-05-06 10:37:24 +02:00
parent 464280cdc4
commit 0b73242b65
19 changed files with 310 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files
values/system/hel1/kyverno/whitelist-internal-ingresses.yaml
+8 -10
View File
@@ -14,9 +14,8 @@ metadata:
whitelist to the already existing ones
spec:
mutateExistingOnPolicyUpdate: false
#precondition: has whitelist annotation or
rules:
- name: ensure-nginx-whitelist-exists
- name: ensure-haproxy-allowlist-exists
skipBackgroundRequests: true
match:
resources:
@@ -28,8 +27,8 @@ spec:
patchStrategicMerge:
metadata:
annotations:
+(nginx.ingress.kubernetes.io/whitelist-source-range): ""
- name: append-existing-whitelist
+(haproxy.org/allow-list): ""
- name: append-existing-haproxy-allowlist
skipBackgroundRequests: true
match:
resources:
@@ -39,7 +38,7 @@ spec:
oceanbox.io/expose: internal
preconditions:
any:
- key: "{{`{{request.object.metadata.annotations.\"nginx.ingress.kubernetes.io/whitelist-source-range\"}}`}}"
- key: "{{`{{request.object.metadata.annotations.\"haproxy.org/allow-list\"}}`}}"
operator: NotEquals
value: ""
mutate:
@@ -47,9 +46,9 @@ spec:
metadata:
annotations:
{{- with .Values.clusterConfig.ingress_whitelist }}
nginx.ingress.kubernetes.io/whitelist-source-range: "{{`{{ @ }}`}},{{ join "," . }}"
haproxy.org/allow-list: "{{`{{ @ }}`}},{{ join "," . }}"
{{- end }}
- name: add-nginx-whitelist
- name: add-haproxy-allowlist
skipBackgroundRequests: true
match:
resources:
@@ -59,7 +58,7 @@ spec:
oceanbox.io/expose: internal
preconditions:
any:
- key: "{{`{{request.object.metadata.annotations.\"nginx.ingress.kubernetes.io/whitelist-source-range\"}}`}}"
- key: "{{`{{request.object.metadata.annotations.\"haproxy.org/allow-list\"}}`}}"
operator: Equals
value: ""
mutate:
@@ -67,7 +66,6 @@ spec:
metadata:
annotations:
{{- with .Values.clusterConfig.ingress_whitelist }}
nginx.ingress.kubernetes.io/whitelist-source-range: "{{ join "," . }}"
haproxy.org/allow-list: "{{ join "," . }}"
{{- end }}
{{- end }}