{{- if .Values.ingress.host }}

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-main
  namespace: {{ .Release.Namespace }}
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$1
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-origin: "*"
    {{- if .Values.ingress.tls }}
    cert-manager.io/cluster-issuer: "cert-main"
    {{- end }}
    nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.ingress.host }}"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      proxy_set_header X-Forwarded-Proto {{ .Values.ingress.scheme | default "https" }};

spec:
  {{- if .Values.ingress.tls }}
  tls:
    - hosts:
      - {{ .Values.ingress.host }}
      secretName: cert-main
  {{- end }}

  rules:
  - host: {{ .Values.ingress.host }}
    http:
      paths:
{{- if .Values.minio_local }}
      - path: /data/(.*)
        pathType: Prefix
        backend:
          service:
            name: local-minio
            port:
              number: 9000
{{- end }}

      - path: /(api/.*)
        pathType: Prefix
        backend:
          service:
            name: browsertrix-cloud-backend
            port:
              number: 8000

      - path: /(.*)
        pathType: Prefix
        backend:
          service:
            name: browsertrix-cloud-frontend
            port:
              number: 80

{{ if .Values.signer.host }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-authsign
  namespace: {{ .Release.Namespace }}
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/rewrite-target: /$1
    nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.signer.host }}"

spec:
  rules:
  - host: {{ .Values.signer.host }}
    http:
      paths:
      - path: /(.*)
        pathType: Prefix
        backend:
          service:
            name: auth-signer
            port:
              number: 80

{{ end }}

{{ if .Values.ingress.tls }}
---

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: cert-main
  namespace: cert-manager
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: {{ .Values.ingress.cert_email }}
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: cert-main
    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
          class: nginx

{{ end }}
{{ end }}