从ConfigMap填充AWS Alb入口注释 [英] Populating AWS Alb Ingress Annotations from ConfigMap

问题描述

我正在创建一个"alb.ingress"资源，作为我的Helm图表的一部分.

I am creating a 'alb.ingress' resource as part of my Helm chart.

apiVersion: extenstions/v1beta1
kind: Ingress
metadate:
  annotation:
    alb.ingress.kubernetes.io/certification-arn: $cert_arn
    alb.ingress.kubernetes.io/security-group: $sg
    ...

"alb.ingress"资源注释部分中所需的值在我的 ConfigMap 中可用.

The values required in the 'alb.ingress' resource annotation sections, are available in my ConfigMap.

 env:
   - name: cert_arn
     valueFrom: 
       configMapKeyRef: 
         name: environmental-variables
         key: certification_arn
   - name: sg
     valueFrom: 
       configMapKeyRef: 
         name: environmental-variables
         key: security-groups
    ...

是否可以使用config-map填充注释?

Is there a way to populate the annotations using the config-map?

推荐答案

我解决此难题的方法是使用Helm和创建资源之前使用的变量(例如应用程序名称，名称空间)创建入口资源等

The way I solved this challenge was to create the ingress resource using Helm and the variables I had prior to creating the resource, such as name of the application, namespaces etc.

apiVersion: extenstions/v1beta1
kind: Ingress
metadata:
name: "{{ .Values.application.name }}-ingress"
namespace: "{{ .Values.env.name }}"
labels:
  app: "{{ .Values.application.name  }}"
specs:
  rules:
    - host: "{{ .Values.environment.name }}.{{ .Values.application.name }}.{{ .Values.domain.name }}"
      https: 
       ....

我使用了一个pod(作业也是一个选项)来使用configmap中的环境值来注释新创建的入口资源.

I used a pod (a job is also an option) to annotate the newly created ingress resource using the environmental values from the configmap.

apiVersion: extenstions/v1beta1
kind: Ingress
metadate:
  name: annotate-ingress-alb
spec:
  serviceAccountName: internal-kubectl
containers:
   - name: modify-alb-ingress-controller
     image: "{{ .Values.images.varion }}"
  command: ["sh", "-c"]
  args:
    - '...
       kubectl annotate ingress -n {{ .Values.env.name }} {{ .Values.application.name }}-ingress alb.ingress.kubernetes.io/certificate-arn=$CERT_ARN;
 env:
  - name: cert_arn
    valueFrom: 
    configMapKeyRef: 
     name: environmental-variables
     key: certification_arn

请注意，吊舱应该具有正确的服务帐户，并具有正确的权限角色.例如，在这种情况下，要使Pod能够注释ALB，它必须在权限列表中具有 extensions apiGroup和入口资源(我还没有限制词条)./p>

Note that the pod should have the right service account with the right permission roles are attached to it. For instance, in this case for the pod to be able to annotate the ALB, it had to have extensions apiGroup and the ingress resources in the list of permissions (I have not restricted the verbiage yet).

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: service-account-role
rules:
  - apiGroups:
  - ""
  - extensions
resources:
  - ingresses
verbs: ["*"]

希望这对以后的人有帮助.

Hope this helps someone in the future.

这篇关于从ConfigMap填充AWS Alb入口注释的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！