tea/browsertrix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1c814cad6b
browsertrix/chart/templates/ingress.yaml
samczsun feafeae1eb
feat: allow specifying custom annotations on ingress (#2725) 
This allows users who don't use the nginx ingress controller to still
configure the built in ingress
2025-07-25 16:06:57 -07:00

128 lines
3.4 KiB
YAML
Raw Blame History

{{- if .Values.ingress.host }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-main
namespace: {{ .Release.Namespace }}
annotations:
{{- if .Values.ingress.useOldClassAnnotation }}
kubernetes.io/ingress.class: {{ .Values.ingress_class | default "nginx" }}
{{- end }}
{{- if eq ( .Values.ingress_class | default "nginx" ) "nginx" }}
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
# for larger uploads to not timeout
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/proxy-buffering: "off"
nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.ingress.host }}"
{{- if .Values.ingress.tls }}
cert-manager.io/cluster-issuer: {{ .Values.ingress.custom_cluster_issuer | default "cert-main" }}
nginx.ingress.kubernetes.io/ssl-redirect: "true"
{{- else }}
nginx.ingress.kubernetes.io/ssl-redirect: "false"
{{- end }}
{{- end }}
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
{{- if not .Values.ingress.useOldClassAnnotation }}
ingressClassName: {{ .Values.ingress_class | default "nginx" }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
- hosts:
- {{ .Values.ingress.host }}
secretName: cert-main
{{- end }}
rules:
- host: {{ .Values.ingress.host }}
http:
paths:
- path: /api/
pathType: Prefix
backend:
service:
name: browsertrix-cloud-backend
port:
number: 8000
- path: /
pathType: Prefix
backend:
service:
name: browsertrix-cloud-frontend
port:
number: 80
{{ if .Values.signer.enabled }}
{{ if .Values.signer.host }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-authsign
namespace: {{ .Release.Namespace }}
annotations:
{{- if .Values.ingress.useOldClassAnnotation }}
kubernetes.io/ingress.class: {{ .Values.ingress_class | default "nginx" }}
{{- end }}
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.signer.host }}"
spec:
{{- if not .Values.ingress.useOldClassAnnotation }}
ingressClassName: {{ .Values.ingress_class | default "nginx" }}
{{- end }}
rules:
- host: {{ .Values.signer.host }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: auth-signer
port:
number: 80
{{ end }}
{{ end }}
{{ if .Values.ingress.tls }}
{{ if not .Values.ingress.custom_cluster_issuer }}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: cert-main
namespace: cert-manager
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: {{ .Values.ingress.cert_email }}
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: cert-main
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
{{- if not .Values.ingress.useOldClassAnnotation }}
ingressClassName: {{ .Values.ingress_class | default "nginx" }}
{{- else }}
class: {{ .Values.ingress_class | default "nginx" }}
{{- end }}
{{ end }}
{{ end }}
{{ end }}
Reference in New Issue View Git Blame Copy Permalink