f076e7d9e3
Fixes #890 This PR introduces new streaming superuser-only API endpoints to export and import database information for an organization. New Adminstrator deployment documentation on how to manage the process and copy files between S3 buckets as needed is also included. --------- Co-authored-by: Henry Wilkinson <henry@wilkinson.graphics> Co-authored-by: Ilya Kreymer <ikreymer@gmail.com>
110 lines
2.8 KiB
YAML
110 lines
2.8 KiB
YAML
{{- if .Values.ingress.host }}
|
|
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: ingress-main
|
|
namespace: {{ .Release.Namespace }}
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
|
nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
|
|
# for larger uploads to not timeout
|
|
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
|
|
nginx.ingress.kubernetes.io/proxy-buffering: "off"
|
|
{{- if .Values.ingress.tls }}
|
|
cert-manager.io/cluster-issuer: {{ .Values.ingress.custom_cluster_issuer | default "cert-main" }}
|
|
{{- end }}
|
|
nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.ingress.host }}"
|
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
proxy_set_header X-Forwarded-Proto {{ .Values.ingress.tls | ternary "https" "http" }};
|
|
|
|
spec:
|
|
ingressClassName: {{ .Values.ingress_class | default "nginx" }}
|
|
{{- if .Values.ingress.tls }}
|
|
tls:
|
|
- hosts:
|
|
- {{ .Values.ingress.host }}
|
|
secretName: cert-main
|
|
{{- end }}
|
|
|
|
rules:
|
|
- host: {{ .Values.ingress.host }}
|
|
http:
|
|
paths:
|
|
- path: /api/
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: browsertrix-cloud-backend
|
|
port:
|
|
number: 8000
|
|
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: browsertrix-cloud-frontend
|
|
port:
|
|
number: 80
|
|
|
|
{{ if .Values.signer.enabled }}
|
|
{{ if .Values.signer.host }}
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: ingress-authsign
|
|
namespace: {{ .Release.Namespace }}
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "false"
|
|
nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.signer.host }}"
|
|
|
|
spec:
|
|
ingressClassName: {{ .Values.ingress_class | default "nginx" }}
|
|
rules:
|
|
- host: {{ .Values.signer.host }}
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: auth-signer
|
|
port:
|
|
number: 80
|
|
|
|
{{ end }}
|
|
{{ end }}
|
|
|
|
|
|
{{ if .Values.ingress.tls }}
|
|
{{ if not .Values.ingress.custom_cluster_issuer }}
|
|
---
|
|
|
|
apiVersion: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: cert-main
|
|
namespace: cert-manager
|
|
spec:
|
|
acme:
|
|
# The ACME server URL
|
|
server: https://acme-v02.api.letsencrypt.org/directory
|
|
# Email address used for ACME registration
|
|
email: {{ .Values.ingress.cert_email }}
|
|
# Name of a secret used to store the ACME account private key
|
|
privateKeySecretRef:
|
|
name: cert-main
|
|
# Enable the HTTP-01 challenge provider
|
|
solvers:
|
|
- http01:
|
|
ingress:
|
|
ingressClassName: {{ .Values.ingress_class | default "nginx" }}
|
|
class: {{ .Values.ingress_class | default "nginx" }}
|
|
|
|
{{ end }}
|
|
{{ end }}
|
|
{{ end }}
|