refactor: add apex domain for wildcard ingress

Author: shreddedbacon

internal/generator/ingress_test.go

@@ -458,6 +458,7 @@ func Test_generateAndMerge(t *testing.T) {
 						IngressClass:        "nginx",
 						AlternativeNames:    []string{},
 						Wildcard:            helpers.BoolPtr(true),
+						WildcardApex:        helpers.BoolPtr(true),
 						IngressName:         "wildcard-a.example.com",
 						RequestVerification: helpers.BoolPtr(false),
 					},
@@ -804,6 +805,7 @@ func Test_generateActiveStandbyRoutes(t *testing.T) {
 						IngressClass:        "nginx",
 						AlternativeNames:    []string{},
 						Wildcard:            helpers.BoolPtr(true),
+						WildcardApex:        helpers.BoolPtr(true),
 						IngressName:         "wildcard-active.example.com",
 						RequestVerification: helpers.BoolPtr(false),
 					},

internal/lagoon/routes.go

@@ -37,6 +37,7 @@ type RouteV2 struct {
 	HSTSPreload           *bool             `json:"hstsPreload,omitempty"`
 	Autogenerated         bool              `json:"-"`
 	Wildcard              *bool             `json:"wildcard,omitempty"`
+	WildcardApex          *bool             `json:"wildcardApex,omitempty"`
 	RequestVerification   *bool             `json:"disableRequestVerification,omitempty"`
 	PathRoutes            []PathRoute       `json:"pathRoutes,omitempty"`
 }
@@ -56,6 +57,7 @@ type Ingress struct {
 	HSTSPreload           *bool             `json:"hstsPreload,omitempty"`
 	AlternativeNames      []string          `json:"alternativenames,omitempty"`
 	Wildcard              *bool             `json:"wildcard,omitempty"`
+	WildcardApex          *bool             `json:"wildcardApex,omitempty"`
 	RequestVerification   *bool             `json:"disableRequestVerification,omitempty"`
 	PathRoutes            []PathRoute       `json:"pathRoutes,omitempty"`
 }
@@ -195,6 +197,13 @@ func GenerateRoutesV2(yamlRoutes *RoutesV2, routeMap map[string][]Route, variabl
 						if ingress.AlternativeNames != nil && *newRoute.Wildcard {
 							return fmt.Errorf("Route %s has wildcard: true and alternativenames defined, this is not supported", newRoute.Domain)
 						}
+						newRoute.WildcardApex = helpers.BoolPtr(true)
+						if ingress.WildcardApex != nil {
+							if !*ingress.WildcardApex {
+								// allow false pass through if required
+								newRoute.WildcardApex = ingress.WildcardApex
+							}
+						}
 						newRoute.IngressName = fmt.Sprintf("wildcard-%s", newRoute.Domain)
 						if err := validation.IsDNS1123Subdomain(strings.ToLower(newRoute.IngressName)); err != nil {
 							newRoute.IngressName = fmt.Sprintf("%s-%s", newRoute.IngressName[:len(newRoute.IngressName)-10], helpers.GetMD5HashWithNewLine(newRoute.Domain)[:5])
@@ -370,6 +379,13 @@ func handleAPIRoute(defaultIngressClass string, apiRoute RouteV2) (RouteV2, erro
 		if apiRoute.AlternativeNames != nil && *routeAdd.Wildcard {
 			return routeAdd, fmt.Errorf("Route %s has wildcard=true and alternativenames defined, this is not supported", routeAdd.Domain)
 		}
+		routeAdd.WildcardApex = helpers.BoolPtr(true)
+		if apiRoute.WildcardApex != nil {
+			if !*apiRoute.WildcardApex {
+				// allow false pass through if required
+				routeAdd.WildcardApex = apiRoute.WildcardApex
+			}
+		}
 		apiRoute.IngressName = fmt.Sprintf("wildcard-%s", apiRoute.Domain)
 		if err := validation.IsDNS1123Subdomain(strings.ToLower(apiRoute.IngressName)); err != nil {
 			apiRoute.IngressName = fmt.Sprintf("%s-%s", apiRoute.IngressName[:len(apiRoute.IngressName)-10], helpers.GetMD5HashWithNewLine(apiRoute.Domain)[:5])

internal/lagoon/routes_test.go

@@ -402,6 +402,44 @@ func TestGenerateRouteStructure(t *testing.T) {
 						Annotations:         map[string]string{},
 						AlternativeNames:    []string{},
 						Wildcard:            helpers.BoolPtr(true),
+						WildcardApex:        helpers.BoolPtr(true),
+						IngressName:         "wildcard-www.example.com",
+						RequestVerification: helpers.BoolPtr(false),
+					},
+				},
+			},
+		},
+		{
+			name: "test8 - wildcard with tls-acme false wildcard apex disabled",
+			args: args{
+				yamlRoutes: &RoutesV2{},
+				yamlRouteMap: map[string][]Route{
+					"nginx": {
+						{
+							Ingresses: map[string]Ingress{
+								"www.example.com": {
+									TLSAcme:      helpers.BoolPtr(false),
+									Wildcard:     helpers.BoolPtr(true),
+									WildcardApex: helpers.BoolPtr(false),
+								},
+							},
+						},
+					},
+				},
+				activeStandby: false,
+			},
+			want: &RoutesV2{
+				Routes: []RouteV2{
+					{
+						Domain:              "www.example.com",
+						LagoonService:       "nginx",
+						MonitoringPath:      "/",
+						Insecure:            helpers.StrPtr("Redirect"),
+						TLSAcme:             helpers.BoolPtr(false),
+						Annotations:         map[string]string{},
+						AlternativeNames:    []string{},
+						Wildcard:            helpers.BoolPtr(true),
+						WildcardApex:        helpers.BoolPtr(false),
 						IngressName:         "wildcard-www.example.com",
 						RequestVerification: helpers.BoolPtr(false),
 					},
@@ -633,6 +671,7 @@ func TestMergeRouteStructures(t *testing.T) {
 						Annotations:         map[string]string{},
 						AlternativeNames:    []string{},
 						Wildcard:            helpers.BoolPtr(true),
+						WildcardApex:        helpers.BoolPtr(true),
 						IngressName:         "example.com",
 						RequestVerification: helpers.BoolPtr(false),
 					},
@@ -645,6 +684,7 @@ func TestMergeRouteStructures(t *testing.T) {
 						Annotations:         map[string]string{},
 						AlternativeNames:    []string{},
 						Wildcard:            helpers.BoolPtr(true),
+						WildcardApex:        helpers.BoolPtr(true),
 						IngressName:         "a.example.com",
 						RequestVerification: helpers.BoolPtr(false),
 					},

internal/templating/templates_ingress.go

@@ -52,6 +52,9 @@ func GenerateIngressTemplate(
 			truncatedRouteDomain = fmt.Sprintf("%s-%s", strings.Split(subdomain, "-")[0], helpers.GetMD5HashWithNewLine(route.Domain)[:5])
 		}
 		// set the domain to include the wildcard prefix
+		if route.WildcardApex != nil && *route.WildcardApex {
+			route.AlternativeNames = append(route.AlternativeNames, route.Domain)
+		}
 		route.Domain = fmt.Sprintf("*.%s", route.Domain)
 	}
 

internal/templating/templates_ingress_test.go

@@ -456,6 +456,7 @@ func TestGenerateIngressTemplate(t *testing.T) {
 					},
 					IngressClass: "nginx",
 					Wildcard:     helpers.BoolPtr(true),
+					WildcardApex: helpers.BoolPtr(true),
 					IngressName:  "wildcard-www.example.com",
 				},
 				values: generator.BuildValues{
@@ -502,6 +503,7 @@ func TestGenerateIngressTemplate(t *testing.T) {
 					},
 					IngressClass: "nginx",
 					Wildcard:     helpers.BoolPtr(true),
+					WildcardApex: helpers.BoolPtr(true),
 					IngressName:  "wildcard-this-truncate.extra-long-name.a-really-long-name-that-should-truncate.extra-long-name.a-really-long-name-that-should-truncate.extra-long-name.a-really-long-name-that-should-truncate.extra-long-name.a-really-long-name-that-should-truncate.www.e-f1945",
 				},
 				values: generator.BuildValues{
@@ -700,6 +702,53 @@ func TestGenerateIngressTemplate(t *testing.T) {
 			},
 			want: "test-resources/ingress/result-custom-ingress9.yaml",
 		},
+		{
+			name: "wildcard ingress no apex",
+			args: args{
+				route: lagoon.RouteV2{
+					Domain:         "www.example.com",
+					LagoonService:  "nginx",
+					MonitoringPath: "/",
+					Insecure:       helpers.StrPtr("Redirect"),
+					TLSAcme:        helpers.BoolPtr(false),
+					Migrate:        helpers.BoolPtr(false),
+					Annotations: map[string]string{
+						"custom-annotation": "custom annotation value",
+					},
+					Fastly: lagoon.Fastly{
+						Watch: false,
+					},
+					IngressClass: "nginx",
+					Wildcard:     helpers.BoolPtr(true),
+					WildcardApex: helpers.BoolPtr(false),
+					IngressName:  "wildcard-www.example.com",
+				},
+				values: generator.BuildValues{
+					Project:         "example-project",
+					Environment:     "environment",
+					EnvironmentType: "development",
+					Namespace:       "myexample-project-environment",
+					BuildType:       "branch",
+					LagoonVersion:   "v2.x.x",
+					Kubernetes:      "lagoon.local",
+					Branch:          "environment",
+					Monitoring: generator.MonitoringConfig{
+						AlertContact: "abcdefg",
+						StatusPageID: "12345",
+						Enabled:      true,
+					},
+					Services: []generator.ServiceValues{
+						{
+							Name:         "nginx",
+							OverrideName: "nginx",
+							Type:         "nginx-php",
+						},
+					},
+				},
+				activeStandby: false,
+			},
+			want: "test-resources/ingress/result-wildcard-ingress3.yaml",
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

internal/templating/test-resources/ingress/result-wildcard-ingress1.yaml

@@ -41,9 +41,20 @@ spec:
               name: http
         path: /
         pathType: Prefix
+  - host: www.example.com
+    http:
+      paths:
+      - backend:
+          service:
+            name: nginx
+            port:
+              name: http
+        path: /
+        pathType: Prefix
   tls:
   - hosts:
     - '*.www.example.com'
+    - www.example.com
     secretName: wildcard-www.example.com-tls
 status:
   loadBalancer: {}

internal/templating/test-resources/ingress/result-wildcard-ingress2.yaml

@@ -41,9 +41,20 @@ spec:
               name: http
         path: /
         pathType: Prefix
+  - host: this-truncate.extra-long-name.a-really-long-name-that-should-truncate.extra-long-name.a-really-long-name-that-should-truncate.extra-long-name.a-really-long-name-that-should-truncate.extra-long-name.a-really-long-name-that-should-truncate.www.example.com
+    http:
+      paths:
+      - backend:
+          service:
+            name: nginx
+            port:
+              name: http
+        path: /
+        pathType: Prefix
   tls:
   - hosts:
     - '*.this-truncate.extra-long-name.a-really-long-name-that-should-truncate.extra-long-name.a-really-long-name-that-should-truncate.extra-long-name.a-really-long-name-that-should-truncate.extra-long-name.a-really-long-name-that-should-truncate.www.example.com'
+    - this-truncate.extra-long-name.a-really-long-name-that-should-truncate.extra-long-name.a-really-long-name-that-should-truncate.extra-long-name.a-really-long-name-that-should-truncate.extra-long-name.a-really-long-name-that-should-truncate.www.example.com
     secretName: wildcard-this-truncate-f1945-tls
 status:
   loadBalancer: {}

internal/templating/test-resources/ingress/result-wildcard-ingress3.yaml

@@ -0,0 +1,49 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    acme.cert-manager.io/http01-ingress-class: nginx
+    custom-annotation: custom annotation value
+    fastly.amazee.io/watch: "false"
+    idling.amazee.io/disable-request-verification: "false"
+    ingress.kubernetes.io/ssl-redirect: "true"
+    kubernetes.io/tls-acme: "false"
+    lagoon.sh/branch: environment
+    lagoon.sh/version: v2.x.x
+    nginx.ingress.kubernetes.io/server-snippet: |
+      add_header X-Robots-Tag "noindex, nofollow";
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: wildcard-www.example.com
+    app.kubernetes.io/managed-by: build-deploy-tool
+    app.kubernetes.io/name: custom-ingress
+    lagoon.sh/autogenerated: "false"
+    lagoon.sh/buildType: branch
+    lagoon.sh/environment: environment
+    lagoon.sh/environmentType: development
+    lagoon.sh/project: example-project
+    lagoon.sh/service: wildcard-www.example.com
+    lagoon.sh/service-type: custom-ingress
+    lagoon.sh/template: custom-ingress-0.1.0
+  name: wildcard-www.example.com
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: '*.www.example.com'
+    http:
+      paths:
+      - backend:
+          service:
+            name: nginx
+            port:
+              name: http
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - '*.www.example.com'
+    secretName: wildcard-www.example.com-tls
+status:
+  loadBalancer: {}

internal/testdata/node/ingress-templates/ingress-22/example.com.yaml

@@ -39,9 +39,20 @@ spec:
               name: http
         path: /
         pathType: Prefix
+  - host: example.com
+    http:
+      paths:
+      - backend:
+          service:
+            name: node
+            port:
+              name: http
+        path: /
+        pathType: Prefix
   tls:
   - hosts:
     - '*.example.com'
+    - example.com
     secretName: wildcard-example.com-tls
 status:
   loadBalancer: {}