scheduler-rpc-ingress: Define specific endpoint configuration
This creates as much ingresses as there are endpoints declared. We must declare the range whitelist at the ingress level.
This adaptation currently allows us to allow our vpn range addresses to access the scheduler metrics endpoint (in production) without opening the other endpoints.
This also takes the opportunity to make the range ips we declare as a list of ip range instead of csv string. This allows to comment each range to explicit what's what.
make swh-helm-diff [1] & make swh-minikube happy
[1]
$ name: scheduler-rpc-ingress-default
annotations:
nginx.ingress.kubernetes.io/whitelist-source-range: 192.168.100.0/24
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-connect-timeout: "90"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
nginx.ingress.kubernetes.io/proxy-send-timeout: "90"
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: scheduler-rpc
port:
number: 5008
host: myscheduler.minikube.domain
---
...
name: scheduler-rpc-ingress-read-only
annotations:
nginx.ingress.kubernetes.io/whitelist-source-range: 192.168.100.0/24,192.168.101.0/24
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-connect-timeout: "90"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
nginx.ingress.kubernetes.io/proxy-send-timeout: "90"
spec:
rules:
- http:
paths:
- path: /scheduler_metrics/get
pathType: Prefix
backend:
service:
name: scheduler-rpc
port:
number: 5008
- path: /visit_stats/get
pathType: Prefix
backend:
service:
name: scheduler-rpc
port:
number: 5008
host: myscheduler.minikube.domain
Edited by Antoine R. Dumont