158 lines
4.5 KiB
YAML
158 lines
4.5 KiB
YAML
{{- if .Values.ingress.enabled }}
|
|
---
|
|
# S3 Ingress
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: '{{ .Release.Name }}'
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{ include "s3gw.labels" . | indent 4 }}
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
traefik.ingress.kubernetes.io/router.middlewares:
|
|
'{{ .Release.Namespace }}-{{ include "s3gw.CORSMiddlewareName" . }}@kubernetescrd'
|
|
cert-manager.io/cluster-issuer: {{ default .Values.tlsIssuer .Values.customTlsIssuer | quote }}
|
|
spec:
|
|
tls:
|
|
- hosts:
|
|
- '{{ include "s3gw.serviceName" . }}.{{ .Values.publicDomain }}'
|
|
- '*.{{ include "s3gw.serviceName" . }}.{{ .Values.publicDomain }}'
|
|
secretName: s3gw-ingress-tls
|
|
rules:
|
|
- host: '{{ include "s3gw.serviceName" . }}.{{ .Values.publicDomain }}'
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: '{{ include "s3gw.serviceName" . }}'
|
|
port:
|
|
number: 80
|
|
- host: '*.{{ include "s3gw.serviceName" . }}.{{ .Values.publicDomain }}'
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: '{{ include "s3gw.serviceName" . }}'
|
|
port:
|
|
number: 80
|
|
---
|
|
# S3 No TLS Ingress
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: '{{ .Release.Name }}-no-tls'
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{ include "s3gw.labels" . | indent 4 }}
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.middlewares:
|
|
'{{ .Release.Namespace }}-{{ include "s3gw.CORSMiddlewareName" . }}@kubernetescrd'
|
|
spec:
|
|
rules:
|
|
- host: '{{ include "s3gw.serviceName" . }}.{{ .Values.publicDomain }}'
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: '{{ include "s3gw.serviceName" . }}'
|
|
port:
|
|
number: 80
|
|
- host: '*.{{ include "s3gw.serviceName" . }}.{{ .Values.publicDomain }}'
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: '{{ include "s3gw.serviceName" . }}'
|
|
port:
|
|
number: 80
|
|
{{- if .Values.ui.enabled }}
|
|
---
|
|
# UI Ingress
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: '{{ .Release.Name }}-ui'
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{ include "s3gw.labels" . | indent 4 }}
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
traefik.ingress.kubernetes.io/router.middlewares:
|
|
'{{ .Release.Namespace }}-{{ include "s3gw.CORSMiddlewareName" . }}@kubernetescrd'
|
|
cert-manager.io/cluster-issuer: {{ default .Values.tlsIssuer .Values.customTlsIssuer | quote }}
|
|
spec:
|
|
tls:
|
|
- hosts:
|
|
- '{{ include "s3gw.uiServiceName" . }}.{{ .Values.ui.publicDomain }}'
|
|
secretName: s3gw-ui-ingress-tls
|
|
rules:
|
|
- host: '{{ include "s3gw.uiServiceName" . }}.{{ .Values.ui.publicDomain }}'
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: '{{ include "s3gw.uiServiceName" . }}'
|
|
port:
|
|
number: 80
|
|
---
|
|
# UI No TLS Ingress
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: '{{ .Release.Name }}-ui-no-tls'
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{ include "s3gw.labels" . | indent 4 }}
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.middlewares:
|
|
'{{ .Release.Namespace }}-{{ include "s3gw.CORSMiddlewareName" . }}@kubernetescrd'
|
|
spec:
|
|
rules:
|
|
- host: '{{ include "s3gw.uiServiceName" . }}.{{ .Values.ui.publicDomain }}'
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: '{{ include "s3gw.uiServiceName" . }}'
|
|
port:
|
|
number: 80
|
|
{{- end }}
|
|
---
|
|
# Middleware for Traefik
|
|
apiVersion: traefik.containo.us/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: {{ include "s3gw.CORSMiddlewareName" . }}
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{ include "s3gw.labels" . | indent 4 }}
|
|
spec:
|
|
headers:
|
|
accessControlAllowMethods:
|
|
- "DELETE"
|
|
- "GET"
|
|
- "HEAD"
|
|
- "POST"
|
|
- "PUT"
|
|
- "OPTIONS"
|
|
accessControlAllowOriginList:
|
|
- "*"
|
|
accessControlAllowHeaders:
|
|
- "*"
|
|
accessControlExposeHeaders:
|
|
- "*"
|
|
{{- end }}
|