Add ingress annotations

[chncaesar]

Purpose of the pull request

This PR adds ingress annotations and is related to Issue #9486

Brief change log

• Add ingress metadata annotations in ingress.yaml
• Add default annotations to ingress

Verify this pull request

Manually tested this pr by deploying DolphinScheduler to Azure CN K8S (AKS) with values.yaml.

ingress:
  enabled: true
  path: "/dolphinscheduler"
  annotations:
    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/14

And ip within the whitelist is allowed to access dolpinscheduler.
We're using nginx-ingress.

Here's ingress

(base) [root@master ~]# kubectl describe ingress dolphinscheduler
Name:             dolphinscheduler
Namespace:        flag-qa
Address:          10.240.0.5
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
  Host        Path  Backends
  ----        ----  --------
  *           
              /dolphinscheduler   dolphinscheduler-api:api-port (10.244.0.64:12345)
Annotations:  meta.helm.sh/release-name: dolphinscheduler
              meta.helm.sh/release-namespace: flag-qa
              nginx.ingress.kubernetes.io/whitelist-source-range:
                10.0.0.0/14
Events:       <none>

[codecov-commenter]

Codecov Report

Merging #9492 (ce1a77b) into dev (df791a3) will increase coverage by 0.02%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##                dev    #9492      +/-   ##
============================================
+ Coverage     39.86%   39.89%   +0.02%     
  Complexity     4415     4415              
============================================
  Files           826      826              
  Lines         33255    33258       +3     
  Branches       3683     3683              
============================================
+ Hits          13257    13268      +11     
+ Misses        18766    18759       -7     
+ Partials       1232     1231       -1     

Impacted Files	Coverage Δ
...er/master/dispatch/host/assign/RandomSelector.java	77.77% <0.00%> (-5.56%)	⬇️
...org/apache/dolphinscheduler/remote/utils/Host.java	37.77% <0.00%> (-2.23%)	⬇️
...e/dolphinscheduler/remote/NettyRemotingClient.java	52.11% <0.00%> (-1.41%)	⬇️
...che/dolphinscheduler/alert/AlertSenderService.java	54.33% <0.00%> (-0.07%)	⬇️
...org/apache/dolphinscheduler/alert/AlertServer.java	51.35% <0.00%> (ø)
...java/org/apache/dolphinscheduler/dao/AlertDao.java	31.45% <0.00%> (+5.52%)	⬆️
.../org/apache/dolphinscheduler/dao/entity/Alert.java	71.87% <0.00%> (+17.44%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update df791a3...ce1a77b. Read the comment docs.

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[zhongjiajie]

Do you have time to take a look at this PR @kezhenxu94

[chncaesar]

Here's the test result, sorry it's late.

环境介绍

DolphinScheduler 部署在 AKS，使用 ingress 暴露公网 IP。下面将公网 IP 隐去。

前后对比

添加 IP 白名单前 Ingress yaml 文件

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dolphin
  labels:
    app.kubernetes.io/name: dolphin
    app.kubernetes.io/instance: dolphin
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/version: 1.3.9
spec:
  rules:
  - host: 
    http:
      paths:
        - path: /dolphinscheduler
          backend:
            service:
              name: dolphin-api
              port:
                name: api-port
          pathType: Prefix

curl 访问 DS 登录页，返回 Status 200
curl -i http://<public_ip>/dolphinscheduler/ui/view/login/index.html

HTTP/1.1 200 OK
Content-Length: 1109
Accept-Ranges: bytes
Connection: keep-alive
Content-Type: text/html
Date: Wed, 20 Apr 2022 02:49:53 GMT

values.yaml 增加 IP 白名单

ingress:
  enabled: true
  #host: "dolphinscheduler.org"
  path: "/dolphinscheduler"
  annotations:
    nginx.ingress.kubernetes.io/whitelist-source-range: 192.168.1.0/8

ingress yaml 多了 annotations

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dolphin
  labels:
    app.kubernetes.io/name: dolphin
    app.kubernetes.io/instance: dolphin
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/version: 1.3.9
  annotations:
    nginx.ingress.kubernetes.io/whitelist-source-range: 192.168.1.0/8
spec:
  rules:
  - host: 
    http:
      paths:
        - path: /dolphinscheduler
          backend:
            service:
              name: dolphin-api
              port:
                name: api-port
          pathType: Prefix

再次执行 curl，报 403 错误。

curl -i http://<public_ip>/dolphinscheduler/ui/view/login/index.html
HTTP/1.1 403 Forbidden
Server: nginx/1.19.1
Date: Wed, 20 Apr 2022 03:00:40 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive