Skip to content

scheduler-rpc-ingress: Define specific endpoint configuration

This creates as much ingresses as there are endpoints declared. We must declare the range whitelist at the ingress level.

This adaptation currently allows us to allow our vpn range addresses to access the scheduler metrics endpoint (in production) without opening the other endpoints.

This also takes the opportunity to make the range ips we declare as a list of ip range instead of csv string. This allows to comment each range to explicit what's what.

make swh-helm-diff [1] & make swh-minikube happy

[1]

$   name: scheduler-rpc-ingress-default
  annotations:
    nginx.ingress.kubernetes.io/whitelist-source-range: 192.168.100.0/24
    nginx.ingress.kubernetes.io/proxy-body-size: 4G
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "90"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "90"

spec:
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: scheduler-rpc
            port:
              number: 5008
    host: myscheduler.minikube.domain
---
...
  name: scheduler-rpc-ingress-read-only
  annotations:
    nginx.ingress.kubernetes.io/whitelist-source-range: 192.168.100.0/24,192.168.101.0/24
    nginx.ingress.kubernetes.io/proxy-body-size: 4G
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "90"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "90"

spec:
  rules:
  - http:
      paths:
      - path: /scheduler_metrics/get
        pathType: Prefix
        backend:
          service:
            name: scheduler-rpc
            port:
              number: 5008

      - path: /visit_stats/get
        pathType: Prefix
        backend:
          service:
            name: scheduler-rpc
            port:
              number: 5008
    host: myscheduler.minikube.domain
Edited by Antoine R. Dumont

Merge request reports