Open guidola opened 3 years ago
rbickel
commented
3 years ago Hi, I agree with this request. We have several AKS clusters behind the same AppGw, using domain based routing. Having an allowed tag would help avoiding to have to update every AGIC configuration if we want to add a new cluster to the solution.
guidola
commented
3 years ago There seems to be a pull request for it #1103 but it feels stalled at this point. Is there any plans for getting the PR through @akshaysngupta ?
rbickel
commented
3 years ago Any update on this one ?
Is your feature request related to a problem? Please describe.
When using the AGIC to control configuration For a Shared AppGW between different clusters one is only able to prohibit domains, not allow them.
In a scenario where that sharing is set to scale out. Ie. new environments require a completely new cluster where a different AGIC instance is going to control configuration, and new environments are going to appear over time, having to update all clusters to prohibit the new domains breaks the separation of concerns where each cluster needs to know about the changes in the rest so to keep things from breaking. This feels like it would be a costly and fragile setup to maintain.
Describe the solution you'd like
Create an AllowedTarget CRD which allows to define the allowed domains for an agic to control to support this scenario.
No Allowed Target means all are allowed. If one domain is allowed and Prohibited deny takes precedence for safety.
This would allow to keep using Prohibited targets to support scenarios where the cluster agic controls most domains and only few are external.
The new CRD would allow scenarios where the external domains are, or can potentially be way more than the ones that instance of the AGIC is going to manage.
Also extend helm chart to allow configuring both allowed and prohibited targets at chart deploy time.