tea/browsertrix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
aabb0b2a92
browsertrix/chart/templates/ingress.yaml
Ilya Kreymer aabb0b2a92
chart / deployment fixes to run on microk8s: (fixes #385) (#387) 
- ingress: fix proxying /data to minio, use another ingress which proxies correct host to ensure presigned urls work
- presigning: determine if signing endpoint url (minio) or access endpoint (cloud bucket) based on if access endpoint is provided, set bool on storage object
- chart: fix indent on incorrect storageClassName configs
- ingress: make 'ingress_class' configurable (set to 'public' for microk8s, default to 'nginx')
- minio: use older minio image which supports legacy fs based setup (for now)
- nginx service: add 'nginx_service_use_node_port' config setting: if true, will use NodePort for frontend,
other will use default (ClusterIP) and only for the frontend / nginx
- chart: remove changing service type for other services
2022-11-30 09:21:58 -08:00

132 lines
3.2 KiB
YAML
Raw Blame History

{{- if .Values.ingress.host }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-main
namespace: {{ .Release.Namespace }}
annotations:
kubernetes.io/ingress.class: {{ .Values.ingress_class | default "nginx" }}
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
{{- if .Values.ingress.tls }}
cert-manager.io/cluster-issuer: "cert-main"
{{- end }}
nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.ingress.host }}"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header X-Forwarded-Proto {{ .Values.ingress.scheme | default "https" }};
spec:
{{- if .Values.ingress.tls }}
tls:
- hosts:
- {{ .Values.ingress.host }}
secretName: cert-main
{{- end }}
rules:
- host: {{ .Values.ingress.host }}
http:
paths:
- path: /(api/.*)
pathType: Prefix
backend:
service:
name: browsertrix-cloud-backend
port:
number: 8000
- path: /(.*)
pathType: Prefix
backend:
service:
name: browsertrix-cloud-frontend
port:
number: 80
{{ if .Values.signer.host }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-authsign
namespace: {{ .Release.Namespace }}
annotations:
kubernetes.io/ingress.class: {{ .Values.ingress_class | default "nginx" }}
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.signer.host }}"
spec:
rules:
- host: {{ .Values.signer.host }}
http:
paths:
- path: /(.*)
pathType: Prefix
backend:
service:
name: auth-signer
port:
number: 80
{{ end }}
{{- if .Values.minio_local }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-minio
namespace: {{ .Release.Namespace }}
annotations:
kubernetes.io/ingress.class: {{ .Values.ingress_class | default "nginx" }}
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.minio_host }}"
spec:
rules:
- host: {{ .Values.ingress.host }}
http:
paths:
- path: /data/(.*)
pathType: Prefix
backend:
service:
name: local-minio
port:
number: 9000
{{- end }}
{{ if .Values.ingress.tls }}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: cert-main
namespace: cert-manager
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: {{ .Values.ingress.cert_email }}
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: cert-main
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: {{ .Values.ingress_class | default "nginx" }}
{{ end }}
{{ end }}
Reference in New Issue View Git Blame Copy Permalink