67668438c0
otherwise, http path should be accessible. Can be used when TLS termination handled outside of ingress.
125 lines
3.4 KiB
YAML
125 lines
3.4 KiB
YAML
{{- if .Values.ingress.host }}
|
|
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: ingress-main
|
|
namespace: {{ .Release.Namespace }}
|
|
annotations:
|
|
{{- if .Values.ingress.useOldClassAnnotation }}
|
|
kubernetes.io/ingress.class: {{ .Values.ingress_class | default "nginx" }}
|
|
{{- end }}
|
|
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
|
nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
|
|
# for larger uploads to not timeout
|
|
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
|
|
nginx.ingress.kubernetes.io/proxy-buffering: "off"
|
|
nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.ingress.host }}"
|
|
{{- if .Values.ingress.tls }}
|
|
cert-manager.io/cluster-issuer: {{ .Values.ingress.custom_cluster_issuer | default "cert-main" }}
|
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
proxy_set_header X-Forwarded-Proto {{ .Values.ingress.tls | ternary "https" "http" }};
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
{{- else }}
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "false"
|
|
{{- end }}
|
|
|
|
spec:
|
|
{{- if not .Values.ingress.useOldClassAnnotation }}
|
|
ingressClassName: {{ .Values.ingress_class | default "nginx" }}
|
|
{{- end }}
|
|
{{- if .Values.ingress.tls }}
|
|
tls:
|
|
- hosts:
|
|
- {{ .Values.ingress.host }}
|
|
secretName: cert-main
|
|
{{- end }}
|
|
|
|
rules:
|
|
- host: {{ .Values.ingress.host }}
|
|
http:
|
|
paths:
|
|
- path: /api/
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: browsertrix-cloud-backend
|
|
port:
|
|
number: 8000
|
|
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: browsertrix-cloud-frontend
|
|
port:
|
|
number: 80
|
|
|
|
{{ if .Values.signer.enabled }}
|
|
{{ if .Values.signer.host }}
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: ingress-authsign
|
|
namespace: {{ .Release.Namespace }}
|
|
annotations:
|
|
{{- if .Values.ingress.useOldClassAnnotation }}
|
|
kubernetes.io/ingress.class: {{ .Values.ingress_class | default "nginx" }}
|
|
{{- end }}
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "false"
|
|
nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.signer.host }}"
|
|
|
|
spec:
|
|
{{- if not .Values.ingress.useOldClassAnnotation }}
|
|
ingressClassName: {{ .Values.ingress_class | default "nginx" }}
|
|
{{- end }}
|
|
rules:
|
|
- host: {{ .Values.signer.host }}
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: auth-signer
|
|
port:
|
|
number: 80
|
|
|
|
{{ end }}
|
|
{{ end }}
|
|
|
|
|
|
{{ if .Values.ingress.tls }}
|
|
{{ if not .Values.ingress.custom_cluster_issuer }}
|
|
---
|
|
|
|
apiVersion: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: cert-main
|
|
namespace: cert-manager
|
|
spec:
|
|
acme:
|
|
# The ACME server URL
|
|
server: https://acme-v02.api.letsencrypt.org/directory
|
|
# Email address used for ACME registration
|
|
email: {{ .Values.ingress.cert_email }}
|
|
# Name of a secret used to store the ACME account private key
|
|
privateKeySecretRef:
|
|
name: cert-main
|
|
# Enable the HTTP-01 challenge provider
|
|
solvers:
|
|
- http01:
|
|
ingress:
|
|
{{- if not .Values.ingress.useOldClassAnnotation }}
|
|
ingressClassName: {{ .Values.ingress_class | default "nginx" }}
|
|
{{- else }}
|
|
class: {{ .Values.ingress_class | default "nginx" }}
|
|
{{- end }}
|
|
|
|
{{ end }}
|
|
{{ end }}
|
|
{{ end }}
|