{{- if .Values.ingress.enabled -}} apiVersion: {{ template "common.capabilities.ingress.apiVersion" . }} kind: Ingress metadata: name: {{ template "common.names.fullname" . }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if or .Values.ingress.annotations .Values.ingress.certManager .Values.commonAnnotations }} annotations: {{- if .Values.commonAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} {{- if .Values.ingress.annotations }} {{- toYaml .Values.ingress.annotations | nindent 4 }} {{- end }} {{- if .Values.ingress.certManager }} kubernetes.io/tls-acme: "true" {{- end }} {{- end }} nginx.ingress.kubernetes.io/rewrite-target: /$1 spec: {{- if or .Values.ingress.tls .Values.ingress.extraTls }} tls: {{- if .Values.ingress.tls }} - hosts: - {{ .Values.ingress.hostname }} secretName: {{ printf "%s-tls" .Values.ingress.hostname }} {{- end }} {{- if .Values.ingress.extraTls }} {{- toYaml .Values.ingress.extraTls | nindent 4 }} {{- end }} {{- end }} rules: {{- if .Values.ingress.hostname }} - host: {{ .Values.ingress.hostname }} http: paths: - path: {{ .Values.ingress.path }}(.*) {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dashboard.serviceName" .) "servicePort" "dashboard-http" "context" $) | nindent 14 }} # Forward API calls to the back-end container - path: {{ .Values.ingress.path }}(api/v1.*) {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} backend: {{- include "common.ingress.backend" (dict "serviceName" (include "backend.serviceName" .) "servicePort" "backend-http" "context" $) | nindent 14 }} - path: {{ .Values.ingress.path }}(web.*) {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} backend: {{- include "common.ingress.backend" (dict "serviceName" (include "backend.serviceName" .) "servicePort" "backend-http" "context" $) | nindent 14 }} - path: {{ .Values.ingress.path }}kratos/(.*) pathType: {{ .Values.ingress.pathType }} backend: service: name: single-sign-on-kratos-public port: number: 80 {{- end }} {{- range .Values.ingress.extraHosts }} # In the event of "extraHosts", kratos is not proxied. Due the redirects, # and single domain support of kratos/hydra. it is not feasable to support # multiple hostnames. Same is true for the /web/ login frontend - host: {{ .name }} http: paths: - path: {{ default "/" .path }}(.*) {{- if eq "true" (include "common.ingress.supportsPathType" $) }} pathType: {{ default "ImplementationSpecific" .pathType }} {{- end }} backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dashboard.serviceName" $) "servicePort" "dashboard-http" "context" $) | nindent 14 }} - path: {{ default "/" .path }}(api/v1.*) {{- if eq "true" (include "common.ingress.supportsPathType" $) }} pathType: {{ default "ImplementationSpecific" .pathType }} {{- end }} backend: {{- include "common.ingress.backend" (dict "serviceName" (include "backend.serviceName" .) "servicePort" "backend-http" "context" $) | nindent 14 }} {{- end }} {{- end }}