rancher-partner-charts/charts/aquarist-labs/s3gw/templates/ingress-traefik.yaml

158 lines
4.5 KiB
YAML

{{- if .Values.ingress.enabled }}
---
# S3 Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: '{{ .Release.Name }}'
namespace: {{ .Release.Namespace }}
labels:
{{ include "s3gw.labels" . | indent 4 }}
annotations:
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.middlewares:
'{{ .Release.Namespace }}-{{ include "s3gw.CORSMiddlewareName" . }}@kubernetescrd'
cert-manager.io/cluster-issuer: {{ default .Values.tlsIssuer .Values.customTlsIssuer | quote }}
spec:
tls:
- hosts:
- '{{ include "s3gw.serviceName" . }}.{{ .Values.publicDomain }}'
- '*.{{ include "s3gw.serviceName" . }}.{{ .Values.publicDomain }}'
secretName: s3gw-ingress-tls
rules:
- host: '{{ include "s3gw.serviceName" . }}.{{ .Values.publicDomain }}'
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: '{{ include "s3gw.serviceName" . }}'
port:
number: 80
- host: '*.{{ include "s3gw.serviceName" . }}.{{ .Values.publicDomain }}'
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: '{{ include "s3gw.serviceName" . }}'
port:
number: 80
---
# S3 No TLS Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: '{{ .Release.Name }}-no-tls'
namespace: {{ .Release.Namespace }}
labels:
{{ include "s3gw.labels" . | indent 4 }}
annotations:
traefik.ingress.kubernetes.io/router.middlewares:
'{{ .Release.Namespace }}-{{ include "s3gw.CORSMiddlewareName" . }}@kubernetescrd'
spec:
rules:
- host: '{{ include "s3gw.serviceName" . }}.{{ .Values.publicDomain }}'
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: '{{ include "s3gw.serviceName" . }}'
port:
number: 80
- host: '*.{{ include "s3gw.serviceName" . }}.{{ .Values.publicDomain }}'
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: '{{ include "s3gw.serviceName" . }}'
port:
number: 80
{{- if .Values.ui.enabled }}
---
# UI Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: '{{ .Release.Name }}-ui'
namespace: {{ .Release.Namespace }}
labels:
{{ include "s3gw.labels" . | indent 4 }}
annotations:
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.middlewares:
'{{ .Release.Namespace }}-{{ include "s3gw.CORSMiddlewareName" . }}@kubernetescrd'
cert-manager.io/cluster-issuer: {{ default .Values.tlsIssuer .Values.customTlsIssuer | quote }}
spec:
tls:
- hosts:
- '{{ include "s3gw.uiServiceName" . }}.{{ .Values.ui.publicDomain }}'
secretName: s3gw-ui-ingress-tls
rules:
- host: '{{ include "s3gw.uiServiceName" . }}.{{ .Values.ui.publicDomain }}'
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: '{{ include "s3gw.uiServiceName" . }}'
port:
number: 80
---
# UI No TLS Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: '{{ .Release.Name }}-ui-no-tls'
namespace: {{ .Release.Namespace }}
labels:
{{ include "s3gw.labels" . | indent 4 }}
annotations:
traefik.ingress.kubernetes.io/router.middlewares:
'{{ .Release.Namespace }}-{{ include "s3gw.CORSMiddlewareName" . }}@kubernetescrd'
spec:
rules:
- host: '{{ include "s3gw.uiServiceName" . }}.{{ .Values.ui.publicDomain }}'
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: '{{ include "s3gw.uiServiceName" . }}'
port:
number: 80
{{- end }}
---
# Middleware for Traefik
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ include "s3gw.CORSMiddlewareName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "s3gw.labels" . | indent 4 }}
spec:
headers:
accessControlAllowMethods:
- "DELETE"
- "GET"
- "HEAD"
- "POST"
- "PUT"
- "OPTIONS"
accessControlAllowOriginList:
- "*"
accessControlAllowHeaders:
- "*"
accessControlExposeHeaders:
- "*"
{{- end }}