diff --git a/helm/charts/generic_service/README.md b/helm/charts/generic_service/README.md index 1a2f32ee..8e8b7bfc 100644 --- a/helm/charts/generic_service/README.md +++ b/helm/charts/generic_service/README.md @@ -76,10 +76,13 @@ The following table lists the configurable parameters of the chart and their def | `service.externalPort` | Service external port | `3000` | | `service.internalPort` | Service internal port name | `80` | | `ingress.enabled` | Enable ingress resource for Management console | `false` | +| `ingress.name` | Name of the ingress | `fullname` | | +| `ingress.annotations` | Map of annotations. Keys prefixed with `b64/` must be 64enc and the chart b64dec | `{}` | | `ingress.hosts[0].host` | Host | `nil` | | `ingress.hosts[0].paths[0].path` | Path for the default host | `/` | | `ingress.hosts[0].tls[0].secretName` | Name of existing secret contiaining the tls certificate | `nil` | | `ingress.hosts[0].tls[0].hosts[0]` | Host on which to apply the tls encription | `nil` | +| `ingresses` | Optional array of ingresses. If not specified, defaults to the `ingress` object | `ingress` | Specify each parameter using the `--set key=value[,key=value]` or `--set-file key=value[,key=value]` argument to `helm install`. For example, diff --git a/helm/charts/generic_service/templates/NOTES.txt b/helm/charts/generic_service/templates/NOTES.txt index 940c48fa..9391ac43 100644 --- a/helm/charts/generic_service/templates/NOTES.txt +++ b/helm/charts/generic_service/templates/NOTES.txt @@ -1,8 +1,9 @@ 1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} +{{- $ingress := index (default (list .Values.ingress) .Values.ingresses) 0 }} +{{- if $ingress }} +{{- range $host := $ingress.hosts }} {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ tpl $host.host $ }}{{ .path }} + http{{ if $ingress.tls }}s{{ end }}://{{ tpl $host.host $ }}{{ .path }} {{- end }} {{- end }} {{- else if contains "NodePort" .Values.service.type }} diff --git a/helm/charts/generic_service/templates/ingress.yaml b/helm/charts/generic_service/templates/ingress.yaml index 3aa8882c..dc1e6fb8 100644 --- a/helm/charts/generic_service/templates/ingress.yaml +++ b/helm/charts/generic_service/templates/ingress.yaml @@ -1,34 +1,44 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "helm_chart.fullname" . -}} -{{- $svcPort := .Values.service.externalPort -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} +{{- range $ingress := default (list .Values.ingress) .Values.ingresses }} +{{- if $ingress.enabled -}} +{{- $fullName := include "helm_chart.fullname" $ -}} +{{- $svcPort := $.Values.service.externalPort -}} +{{- $gitVersion := $.Capabilities.KubeVersion.GitVersion -}} +{{- if and $ingress.className (not (semverCompare ">=1.18-0" $gitVersion)) }} + {{- if not (hasKey $ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set $ingress.annotations "kubernetes.io/ingress.class" $ingress.className}} {{- end }} {{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +{{- range $annKey, $annValue := $ingress.annotations }} + {{- if hasPrefix "b64/" $annKey }} + {{- $newKey := trimPrefix "b64/" $annKey -}} + {{- $decodedValue := tpl $annValue $ }} + {{- $_ := set $ingress.annotations (trimPrefix "b64/" $annKey) ($decodedValue | include "validateSecret" | b64dec) }} + {{- $_ := unset $ingress.annotations $annKey }} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" $gitVersion -}} apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- else if semverCompare ">=1.14-0" $gitVersion -}} apiVersion: networking.k8s.io/v1beta1 {{- else -}} apiVersion: extensions/v1beta1 {{- end }} kind: Ingress metadata: - name: {{ $fullName }} - {{- with .Values.ingress.annotations }} + name: {{ default $fullName $ingress.name }} + {{- with $ingress.annotations }} annotations: - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} labels: - {{- include "helm_chart.labels" . | nindent 4 }} + {{- include "helm_chart.labels" $ | nindent 4 }} spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} + {{- if and $ingress.className (semverCompare ">=1.18-0" $gitVersion) }} + ingressClassName: {{ $ingress.className }} {{- end }} - {{- if .Values.ingress.tls }} + {{- if $ingress.tls }} tls: - {{- range .Values.ingress.tls }} + {{- range $ingress.tls }} - hosts: {{- range .hosts }} - {{ tpl . $ | quote }} @@ -37,25 +47,27 @@ spec: {{- end }} {{- end }} rules: - {{- range .Values.ingress.hosts }} + {{- range $ingress.hosts }} - host: {{ tpl .host $ | quote }} http: paths: {{- range .paths }} - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + {{- if and .pathType (semverCompare ">=1.18-0" $gitVersion) }} pathType: {{ .pathType }} {{- end }} backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + {{- if semverCompare ">=1.19-0" $gitVersion }} service: name: {{ $fullName }} port: number: {{ $svcPort }} {{- else -}} serviceName: {{ $fullName }} - servicePort: {{ $svcPort }}7 + servicePort: {{ $svcPort }} {{- end }} {{- end }} {{- end }} +--- {{- end }} +{{- end }} diff --git a/helm/configs/backend/values.yaml b/helm/configs/backend/values.yaml index 5a45c0b1..045f2c2d 100644 --- a/helm/configs/backend/values.yaml +++ b/helm/configs/backend/values.yaml @@ -41,22 +41,34 @@ secrets: mail_auth: "{{ .Values.secretsJson.MAIL_AUTH }}" express_session: "{{ .Values.secretsJson.EXPRESS_SESSION_SECRET }}" -ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: nginx - cert-manager.io/cluster-issuer: letsencrypt-prod - nginx.ingress.kubernetes.io/proxy-body-size: 50m - nginx.ingress.kubernetes.io/proxy-read-timeout: "120" - hosts: - - host: "{{ .Values.host }}" - paths: - - path: "/" - pathType: Prefix - tls: - - hosts: - - "{{ .Values.host }}" - secretName: "scicat-be-certificate" +ingresses: + - enabled: true + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/proxy-body-size: 50m + nginx.ingress.kubernetes.io/proxy-read-timeout: "120" + hosts: + - host: "{{ .Values.host }}" + paths: + - path: "/" + pathType: Prefix + tls: + - hosts: + - "{{ .Values.host }}" + secretName: "scicat-be-certificate" + - enabled: true + name: backend-login + annotations: + kubernetes.io/ingress.class: nginx + b64/nginx.ingress.kubernetes.io/whitelist-source-range: "{{ .Values.secretsJson.WHITELISTED_IPS }}" + hosts: + - host: "{{ .Values.host }}" + paths: + - path: /api/v3/Users/login + pathType: Exact + - path: /api/v3/auth/msad + pathType: Exact configMaps: "{{ .Release.Name }}-cm":