* k8s local deployment work: - make it easier to deploy w/o ingress by setting 'local_service_port' (suggested port 30870) - if using local minio, ensure file endpoints set to /data/ and /data/ proxies correctly to local bucket - if not using minio, ensure file endpoints point to correct access / endpoint url. - setup should work with docker desktop, minikube, microk8s and k3s! - nginx chart: bump nginx memory limit to 20Mi - nginx image: 00-default-override-resolver-config -> 00-browsertrix-nginx-init for clarity - nginx image: use default nginx.conf, pin to nginx 1.23.2 - mongo: readd readiness probe, bump connect wait timeout (needed for ci) - config: set superadmin username to 'admin' - config schema: set 'name' as required - add sample chart values overrides: - chart values: local-config.yaml for running locally with 'local_service_port' - chart values: add microk8s-hosted.yaml for configuring a hosted microk8s setup - chart values: add microk8s-ci.yaml for ci tests - ci: remove docker swarm tests - ci: add microk8s integration tests: launching cluster, logging in, running a crawl of example.com, downloading/checking WACZ - bump to 1.1.0-beta.2
		
			
				
	
	
		
			104 lines
		
	
	
		
			2.6 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			104 lines
		
	
	
		
			2.6 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| {{- if .Values.ingress.host }}
 | |
| 
 | |
| ---
 | |
| apiVersion: networking.k8s.io/v1
 | |
| kind: Ingress
 | |
| metadata:
 | |
|   name: ingress-main
 | |
|   namespace: {{ .Release.Namespace }}
 | |
|   annotations:
 | |
|     kubernetes.io/ingress.class: {{ .Values.ingress_class | default "nginx" }}
 | |
|     nginx.ingress.kubernetes.io/ssl-redirect: "true"
 | |
|     nginx.ingress.kubernetes.io/rewrite-target: /$1
 | |
|     nginx.ingress.kubernetes.io/enable-cors: "true"
 | |
|     nginx.ingress.kubernetes.io/cors-allow-origin: "*"
 | |
|     {{- if .Values.ingress.tls }}
 | |
|     cert-manager.io/cluster-issuer: "cert-main"
 | |
|     {{- end }}
 | |
|     nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.ingress.host }}"
 | |
|     nginx.ingress.kubernetes.io/configuration-snippet: |
 | |
|       proxy_set_header X-Forwarded-Proto {{ .Values.ingress.scheme | default "https" }};      
 | |
| 
 | |
| spec:
 | |
|   {{- if .Values.ingress.tls }}
 | |
|   tls:
 | |
|     - hosts:
 | |
|       - {{ .Values.ingress.host }}
 | |
|       secretName: cert-main
 | |
|   {{- end }}
 | |
| 
 | |
|   rules:
 | |
|   - host: {{ .Values.ingress.host }}
 | |
|     http:
 | |
|       paths:
 | |
|       - path: /(api/.*)
 | |
|         pathType: Prefix
 | |
|         backend:
 | |
|           service:
 | |
|             name: browsertrix-cloud-backend
 | |
|             port:
 | |
|               number: 8000
 | |
| 
 | |
|       - path: /(.*)
 | |
|         pathType: Prefix
 | |
|         backend:
 | |
|           service:
 | |
|             name: browsertrix-cloud-frontend
 | |
|             port:
 | |
|               number: 80
 | |
| 
 | |
| {{ if .Values.signer.host }}
 | |
| ---
 | |
| apiVersion: networking.k8s.io/v1
 | |
| kind: Ingress
 | |
| metadata:
 | |
|   name: ingress-authsign
 | |
|   namespace: {{ .Release.Namespace }}
 | |
|   annotations:
 | |
|     kubernetes.io/ingress.class: {{ .Values.ingress_class | default "nginx" }}
 | |
|     nginx.ingress.kubernetes.io/ssl-redirect: "false"
 | |
|     nginx.ingress.kubernetes.io/rewrite-target: /$1
 | |
|     nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.signer.host }}"
 | |
| 
 | |
| spec:
 | |
|   rules:
 | |
|   - host: {{ .Values.signer.host }}
 | |
|     http:
 | |
|       paths:
 | |
|       - path: /(.*)
 | |
|         pathType: Prefix
 | |
|         backend:
 | |
|           service:
 | |
|             name: auth-signer
 | |
|             port:
 | |
|               number: 80
 | |
| 
 | |
| {{ end }}
 | |
| 
 | |
| 
 | |
| {{ if .Values.ingress.tls }}
 | |
| ---
 | |
| 
 | |
| apiVersion: cert-manager.io/v1
 | |
| kind: ClusterIssuer
 | |
| metadata:
 | |
|   name: cert-main
 | |
|   namespace: cert-manager
 | |
| spec:
 | |
|   acme:
 | |
|     # The ACME server URL
 | |
|     server: https://acme-v02.api.letsencrypt.org/directory
 | |
|     # Email address used for ACME registration
 | |
|     email: {{ .Values.ingress.cert_email }}
 | |
|     # Name of a secret used to store the ACME account private key
 | |
|     privateKeySecretRef:
 | |
|       name: cert-main
 | |
|     # Enable the HTTP-01 challenge provider
 | |
|     solvers:
 | |
|     - http01:
 | |
|         ingress:
 | |
|           class: {{ .Values.ingress_class | default "nginx" }}
 | |
| 
 | |
| {{ end }}
 | |
| {{ end }}
 |