github/capsule
1
0
Fork 0
mirror of https://github.com/projectcapsule/capsule.git synced 2026-05-14 05:16:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
08fbd26ec879ae6520b734c2e6d31ef6d01368ce
capsule/docs/operator/use-cases/ingress-classes.md
Don High 4f34483dee Documentation Spelling Mistakes #197 (#203) 
* Update README.md

Proof Read the README.md

* Update index.md

Proof Read index.md

* Update overview.md

Proof Read overview.md

* Update onboarding.md

Proof Read onboarding.md

* Update create-namespaces.md

Proof Read create-namespaces.md

* Update permissions.md

Proof Read permissons.md

* Update resources-quota-limits.md

Proof Read resources-quota-limits.md

* Update nodes-pool.md

Proof Read nodes-pool.md

* Update ingress-classes.md

Proof Read ingress-classes.md

* Update ingress-hostnames.md

Proof Read ingress-hostnames.md

* Update storage-classes.md

Proof Read storage-classes.md

* Update images-registries.md

Proof Read images-registries.md

* Update custom-resources.md

Proof Read custom-resources.md

* Update multiple-tenants.md

Proof Read multiple-tenants.md

* Update README.md

Updated the Suggested text

* Update README.md

Made the correction

* Update docs/operator/use-cases/images-registries.md

Co-authored-by: Don High <donghigh@yahoo.com>

Co-authored-by: Dario Tranchitella <dario@tranchitella.eu>
2021-02-19 11:40:20 +01:00

2.1 KiB
Raw Blame History

Assign Ingress Classes

An Ingress Controller is used in Kubernetes to publish services and applications outside of the cluster. An Ingress Controller can be provisioned to accept only Ingresses with a given Ingress Class.

Bill can assign a set of dedicated Ingress Classes to the oil tenant to force the applications in the oil tenant to be published only by the assigned Ingress Controller:

apiVersion: capsule.clastix.io/v1alpha1
kind: Tenant
metadata:
  name: oil
spec:
  owner:
    name: alice
    kind: User
  ingressClasses:
     allowed:
     - oil
  ...

It is also possible to use regular expression for assigning Ingress Classes:

apiVersion: capsule.clastix.io/v1alpha1
kind: Tenant
metadata:
  name: oil
spec:
  owner:
    name: alice
    kind: User
  ingressClasses:
     allowedRegex: "^oil-.*$"
  ...

The Capsule controller assures that all Ingresses created in the tenant can use only one of the valid Ingress Classes. Alice, as tenant owner, gets the list of valid Ingress Classes by checking any of her namespaces:

alice@caas# kubectl describe ns oil-production
Name:         oil-production
Labels:       capsule.clastix.io/tenant=oil
Annotations:  capsule.clastix.io/ingress-classes: oil
              capsule.clastix.io/ingress-classes-regexp: ^oil-.*$
...

Alice creates an Ingress using a valid Ingress Class in the annotation:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx
  namespace: oil-production
  annotations:
    kubernetes.io/ingress.class: oil
spec:
  rules:
  - host: web.oil-inc.com
    http:
      paths:
      - backend:
          serviceName: nginx
          servicePort: 80
        path: /

Any attempt of Alice to use a non valid Ingress Class, e.g. default, will fail.

The effect of this policy is that the services created in the tenant will be published only on the Ingress Controller designated by Bill to accept one of the allowed Ingress Classes.

Whats next

See how Bill, the cluster admin, can assign a set of dedicated ingress hostnames to Alice's tenant. Assign Ingress Hostnames.

Reference in New Issue View Git Blame Copy Permalink