search

Octops / gameserver-ingress-controller

Automatic Ingress configuration for Game Servers managed by Agones
https://octops.io
Apache License 2.0
68 stars 9 forks source link

Support for specific secretName #13

Closed jordo closed 2 years ago

jordo commented 2 years ago

By default, ingress appears to create cert-manager certificate secrets in the form of gameserverName-tls.

We would need to support the ability to ignore cert-manager and specify the secretName specifically to support our wildcard certificate under the "path" based routing mode.

I implemented and tested this feature here: https://github.com/winterpixelgames/gameserver-ingress-controller/tree/main-winterpixel, and I can confirm it is working for us.

We support direct TLS to gameserver port (7000-8000). We termiante TLS on our godot gameservers to eliminate as many hops as possible. However, some clients are behind firewalls which block outbound https traffic to non-standard ports. So to support this case we use this controller in the following fashion:

Screen Shot 2021-11-22 at 4 32 16 PM Screen Shot 2021-11-22 at 4 32 16 PM

Route based on path. Clients try and connect to servers.winterpixel.io/gsName Terminate TLS on ingress (required for layer7 routes). Forward on TLS to gameserver backend via an octops- prefix Manage the dns entry through external-dns via octops- prefix

danieloliveira079 commented 2 years ago

Implemented and part of the release https://github.com/Octops/gameserver-ingress-controller/releases/tag/v0.1.4

The annotation name is octops.io/tls-secret-name and should contain the already existent secret name.