{{- if .Values.ingress.host }}

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-main
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- if .Values.ingress.useOldClassAnnotation }}
    kubernetes.io/ingress.class: {{ .Values.ingress_class | default "nginx" }}
    {{- end }}
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
    # for larger uploads to not timeout
    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
    nginx.ingress.kubernetes.io/proxy-buffering: "off"
    nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.ingress.host }}"
    {{- if .Values.ingress.tls }}
    cert-manager.io/cluster-issuer: {{ .Values.ingress.custom_cluster_issuer | default "cert-main" }}
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    {{- else }}
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    {{- end }}

spec:
  {{- if not .Values.ingress.useOldClassAnnotation }}
  ingressClassName: {{ .Values.ingress_class | default "nginx" }}
  {{- end }}
  {{- if .Values.ingress.tls }}
  tls:
    - hosts:
      - {{ .Values.ingress.host }}
      secretName: cert-main
  {{- end }}

  rules:
  - host: {{ .Values.ingress.host }}
    http:
      paths:
      - path: /api/
        pathType: Prefix
        backend:
          service:
            name: browsertrix-cloud-backend
            port:
              number: 8000

      - path: /
        pathType: Prefix
        backend:
          service:
            name: browsertrix-cloud-frontend
            port:
              number: 80

{{ if .Values.signer.enabled }}
{{ if .Values.signer.host }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-authsign
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- if .Values.ingress.useOldClassAnnotation }}
    kubernetes.io/ingress.class: {{ .Values.ingress_class | default "nginx" }}
    {{- end }}
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.signer.host }}"

spec:
  {{- if not .Values.ingress.useOldClassAnnotation }}
  ingressClassName: {{ .Values.ingress_class | default "nginx" }}
  {{- end }}
  rules:
  - host: {{ .Values.signer.host }}
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: auth-signer
            port:
              number: 80

{{ end }}
{{ end }}


{{ if .Values.ingress.tls }}
{{ if not .Values.ingress.custom_cluster_issuer }}
---

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: cert-main
  namespace: cert-manager
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: {{ .Values.ingress.cert_email }}
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: cert-main
    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
          {{- if not .Values.ingress.useOldClassAnnotation }}
          ingressClassName: {{ .Values.ingress_class | default "nginx" }}
          {{- else }}
          class: {{ .Values.ingress_class | default "nginx" }}
          {{- end }}

{{ end }}
{{ end }}
{{ end }}