ISSUE-181 Adding support for custom ingress annotations for AKS and G…

…KE (#187)

* ISSUE-181 Custom ingress annotation support for AKS and GKE

Co-authored-by: arugm <[email protected]>
Co-authored-by: thomas aciukewicz <[email protected]>

charts/pega/README.md

@@ -243,10 +243,21 @@ Parameter | Description
 `tls.secretName` | Specify the Kubernetes secret you created in which you store your SSL certificate for your deployment. For compatibility, see [provider support for SSL certificate injection](#provider-support-for-ssl-certificate-management).
 `tls.useManagedCertificate` | On GKE, set to `true` to use a managed certificate; otherwise use `false`.
 `tls.ssl_annotation` | On GKE or EKS, set this value to an appropriate SSL annotation for your provider.
-`annotations` | Optionally add custom annotations for advanced configuration. Specifying a custom set of annotations will result in them being used *instead of* the default configurations.
+`annotations` | Optionally add custom annotations for advanced configurations. For Kubernetes and EKS deployments, including custom annotations overrides the default configuration; for GKE and AKS deployments, the deployment appends these custom annotations to the default list of annotations.
 
 Depending on your provider or type of certificate you are using use the appropriate annotation:
-  - For `EKS` - use alb.ingress.kubernetes.io/certificate-arn: \<*certificate-arn*\>
+  - For `EKS` - use `alb.ingress.kubernetes.io/certificate-arn: \<*certificate-arn*\>` to specify required ARN certificate.
+  - For `AKS` - use `appgw.ingress.kubernetes.io/request-timeout: \<*time-out-in-seconds*\>` to configure application gateway timeout settings.
+
+Example:
+
+```yaml
+ingress:
+  domain: "tier.example.com"
+  annotations:
+    annotation-name-1: annotation-value-1
+    annotation-name-2: annotation-value-2
+```
 
 #### Provider support for SSL certificate management
 
@@ -579,4 +590,4 @@ installer:
   upgrade:
     upgradeType: "out-of-place"
     targetRulesSchema: "rules_upgrade"
-```
+```

charts/pega/templates/_pega-aks-ingress.tpl

@@ -10,10 +10,13 @@ metadata:
     kubernetes.io/ingress.class: azure/application-gateway
     # Ingress annotations for aks
     appgw.ingress.kubernetes.io/cookie-based-affinity: "true"
-    {{ if ( include "ingressTlsEnabled" . ) }}
+{{- if .node.ingress.annotations }}
+{{ toYaml .node.ingress.annotations | indent 4 }}
+{{- end }}
+{{ if ( include "ingressTlsEnabled" . ) }}
     # HTTP to HTTPS Redirect
     appgw.ingress.kubernetes.io/ssl-redirect: "true"
-    {{ end }}
+{{ end }}
 spec:
 {{ if ( include "ingressTlsEnabled" . ) }}
 {{- if .node.ingress.tls.secretName }}

charts/pega/templates/_pega-gke-ingress.tpl

@@ -5,20 +5,23 @@ apiVersion: extensions/v1beta1
 metadata:
   name: {{ .name }}
   namespace: {{ .root.Release.Namespace }}
-  {{ if (.node.ingress) }}
-  {{ if (.node.ingress.tls) }}
-  {{ if (eq .node.ingress.tls.enabled true) }}
+{{ if (.node.ingress) }}
+{{ if (.node.ingress.tls) }}
+{{ if (eq .node.ingress.tls.enabled true) }}
   annotations:
     kubernetes.io/ingress.allow-http: "false"
-  {{ if (.node.ingress.tls.useManagedCertificate) }}
+{{ if (.node.ingress.tls.useManagedCertificate) }}
     networking.gke.io/managed-certificates: managed-certificate-{{ .node.name }}
-  {{ end }}
-  {{ if (.node.ingress.tls.ssl_annotation) }}
-    {{ toYaml .node.ingress.tls.ssl_annotation }}
-  {{ end }}
-  {{ end }}
-  {{ end }}
-  {{ end }}
+{{ end }}
+{{ if (.node.ingress.tls.ssl_annotation) }}
+{{ toYaml .node.ingress.tls.ssl_annotation | indent 4 }}
+{{ end }}
+{{- if .node.ingress.annotations }}
+{{ toYaml .node.ingress.annotations | indent 4 }}
+{{- end }}
+{{ end }}
+{{ end }}
+{{ end }}
 spec:
 {{ if (.node.ingress) }}
 {{ if (.node.ingress.tls) }}
@@ -48,4 +51,4 @@ spec:
           serviceName: {{ .name }} 
           servicePort: {{ .node.service.port }}
 ---
-{{- end }}
+{{- end }}