From a6aad76f10526d21fdcac77e1510e0362612c5c6 Mon Sep 17 00:00:00 2001 From: Ziming Zhang Date: Wed, 3 Nov 2021 17:29:48 +0800 Subject: [PATCH] fix minio annotation Signed-off-by: Ziming Zhang --- pkg/cluster/controllers/storage/ingress.go | 54 ++++++++++++++++------ 1 file changed, 39 insertions(+), 15 deletions(-) diff --git a/pkg/cluster/controllers/storage/ingress.go b/pkg/cluster/controllers/storage/ingress.go index 2e1c8b114..bda6dbc62 100644 --- a/pkg/cluster/controllers/storage/ingress.go +++ b/pkg/cluster/controllers/storage/ingress.go @@ -4,7 +4,7 @@ import ( "context" goharborv1 "github.com/goharbor/harbor-operator/apis/goharbor.io/v1beta1" - "github.com/goharbor/harbor-operator/apis/meta/v1alpha1" + harbormetav1 "github.com/goharbor/harbor-operator/apis/meta/v1alpha1" "github.com/goharbor/harbor-operator/pkg/cluster/controllers/common" miniov2 "github.com/goharbor/harbor-operator/pkg/cluster/controllers/storage/minio/apis/minio.min.io/v2" "github.com/goharbor/harbor-operator/pkg/cluster/lcm" @@ -105,31 +105,55 @@ func (m *MinIOController) cleanupIngress(ctx context.Context, harborcluster *goh return minioUnknownStatus(), nil } -func (m *MinIOController) generateIngress(ctx context.Context, harborcluster *goharborv1.HarborCluster) *netv1.Ingress { // nolint:funlen - var tls []netv1.IngressTLS +func (m *MinIOController) getMinioIngressAnnotations(harborcluster *goharborv1.HarborCluster) map[string]string { + isEnableExpose := false + if harborcluster.Spec.Storage.Spec.MinIO.Redirect.Expose != nil { + isEnableExpose = true + } - if harborcluster.Spec.Storage.Spec.MinIO.Redirect.Expose != nil && - harborcluster.Spec.Storage.Spec.MinIO.Redirect.Expose.TLS.Enabled() { - tls = []netv1.IngressTLS{{ - SecretName: harborcluster.Spec.Storage.Spec.MinIO.Redirect.Expose.TLS.CertificateRef, - Hosts: []string{harborcluster.Spec.Storage.Spec.MinIO.Redirect.Expose.Ingress.Host}, - }} + istls := false + if isEnableExpose && harborcluster.Spec.Storage.Spec.MinIO.Redirect.Expose.TLS.Enabled() { + istls = true } - annotations := make(map[string]string) - annotations["nginx.ingress.kubernetes.io/proxy-body-size"] = "0" + annotations := map[string]string{ + // resolve 413(Too Large Entity) error when push large image. It only works for NGINX ingress. + "nginx.ingress.kubernetes.io/proxy-body-size": "0", + } - if harborcluster.Spec.Expose.Core.Ingress != nil && harborcluster.Spec.Expose.Core.Ingress.Controller == v1alpha1.IngressControllerNCP { + if isEnableExpose && harborcluster.Spec.Storage.Spec.MinIO.Redirect.Expose.Ingress.Controller == harbormetav1.IngressControllerNCP { annotations["ncp/use-regex"] = NCPIngressValueTrue - if tls != nil { + if istls { annotations["ncp/http-redirect"] = NCPIngressValueTrue } - } else if harborcluster.Spec.Expose.Core.Ingress != nil && harborcluster.Spec.Expose.Core.Ingress.Controller == v1alpha1.IngressControllerContour { - if tls != nil { + } else if harborcluster.Spec.Storage.Spec.MinIO.Redirect.Expose.Ingress.Controller == harbormetav1.IngressControllerContour { + if istls { annotations["ingress.kubernetes.io/force-ssl-redirect"] = ContourIngressValueTrue } } + if isEnableExpose { + for key, value := range harborcluster.Spec.Storage.Spec.MinIO.Redirect.Expose.Ingress.Annotations { + annotations[key] = value + } + } + + return annotations +} + +func (m *MinIOController) generateIngress(ctx context.Context, harborcluster *goharborv1.HarborCluster) *netv1.Ingress { + var tls []netv1.IngressTLS + + if harborcluster.Spec.Storage.Spec.MinIO.Redirect.Expose != nil && + harborcluster.Spec.Storage.Spec.MinIO.Redirect.Expose.TLS.Enabled() { + tls = []netv1.IngressTLS{{ + SecretName: harborcluster.Spec.Storage.Spec.MinIO.Redirect.Expose.TLS.CertificateRef, + Hosts: []string{harborcluster.Spec.Storage.Spec.MinIO.Redirect.Expose.Ingress.Host}, + }} + } + + annotations := m.getMinioIngressAnnotations(harborcluster) + pathTypePrefix := netv1.PathTypePrefix ingress := &netv1.Ingress{