82 lines
3.9 KiB
YAML
82 lines
3.9 KiB
YAML
{{- if .Values.ingress.enabled -}}
|
|
apiVersion: {{ template "common.capabilities.ingress.apiVersion" . }}
|
|
kind: Ingress
|
|
metadata:
|
|
name: {{ template "common.names.fullname" . }}
|
|
labels: {{- include "common.labels.standard" . | nindent 4 }}
|
|
{{- if .Values.commonLabels }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
{{- if or .Values.ingress.annotations .Values.ingress.certManager .Values.commonAnnotations }}
|
|
annotations:
|
|
{{- if .Values.commonAnnotations }}
|
|
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
|
{{- end }}
|
|
{{- if .Values.ingress.annotations }}
|
|
{{- toYaml .Values.ingress.annotations | nindent 4 }}
|
|
{{- end }}
|
|
{{- if .Values.ingress.certManager }}
|
|
kubernetes.io/tls-acme: "true"
|
|
{{- end }}
|
|
{{- end }}
|
|
nginx.ingress.kubernetes.io/rewrite-target: /$1
|
|
spec:
|
|
{{- if or .Values.ingress.tls .Values.ingress.extraTls }}
|
|
tls:
|
|
{{- if .Values.ingress.tls }}
|
|
- hosts:
|
|
- {{ .Values.ingress.hostname }}
|
|
secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
|
|
{{- end }}
|
|
{{- if .Values.ingress.extraTls }}
|
|
{{- toYaml .Values.ingress.extraTls | nindent 4 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
rules:
|
|
{{- if .Values.ingress.hostname }}
|
|
- host: {{ .Values.ingress.hostname }}
|
|
http:
|
|
paths:
|
|
- path: {{ .Values.ingress.path }}(.*)
|
|
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
|
|
pathType: {{ .Values.ingress.pathType }}
|
|
{{- end }}
|
|
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dashboard.serviceName" .) "servicePort" "dashboard-http" "context" $) | nindent 14 }}
|
|
# Forward API calls to the back-end container
|
|
- path: {{ .Values.ingress.path }}(api/v1.*)
|
|
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
|
|
pathType: {{ .Values.ingress.pathType }}
|
|
{{- end }}
|
|
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "backend.serviceName" .) "servicePort" "backend-http" "context" $) | nindent 14 }}
|
|
- path: {{ .Values.ingress.path }}(web.*)
|
|
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
|
|
pathType: {{ .Values.ingress.pathType }}
|
|
{{- end }}
|
|
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "backend.serviceName" .) "servicePort" "backend-http" "context" $) | nindent 14 }}
|
|
- path: {{ .Values.ingress.path }}kratos/(.*)
|
|
pathType: {{ .Values.ingress.pathType }}
|
|
backend:
|
|
service:
|
|
name: single-sign-on-kratos-public
|
|
port:
|
|
number: 80
|
|
{{- end }}
|
|
{{- range .Values.ingress.extraHosts }}
|
|
# In the event of "extraHosts", kratos is not proxied. Due the redirects,
|
|
# and single domain support of kratos/hydra. it is not feasable to support
|
|
# multiple hostnames. Same is true for the /web/ login frontend
|
|
- host: {{ .name }}
|
|
http:
|
|
paths:
|
|
- path: {{ default "/" .path }}(.*)
|
|
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
|
|
pathType: {{ default "ImplementationSpecific" .pathType }}
|
|
{{- end }}
|
|
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dashboard.serviceName" $) "servicePort" "dashboard-http" "context" $) | nindent 14 }}
|
|
- path: {{ default "/" .path }}(api/v1.*)
|
|
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
|
|
pathType: {{ default "ImplementationSpecific" .pathType }}
|
|
{{- end }}
|
|
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "backend.serviceName" .) "servicePort" "backend-http" "context" $) | nindent 14 }}
|
|
{{- end }}
|
|
{{- end }}
|