Pour tout problème contactez-nous par mail : support@froggit.fr | La FAQ :grey_question: | Rejoignez-nous sur le Chat :speech_balloon:

Skip to content
Snippets Groups Projects
Verified Commit 9ddc2bfd authored by Benoît's avatar Benoît
Browse files

2-add-configuration-for-configurable-http-proxy-tls-with-traefik

parent d1d817cc
No related branches found
No related tags found
2 merge requests!32-add-configuration-for-configurable-http-proxy-tls-with-traefik,!2Resolve "Add configuration for configurable-http-proxy TLS with Traefik"
Pipeline #26929 passed
......@@ -39,6 +39,7 @@ spec:
- {{ .Values.tls.subject.countries }}
dnsNames:
- "{{ printf "%s-proxy-api" $serviceName }}"
- "{{ printf "%s-proxy-public" $serviceName }}"
- "{{ printf "%s-proxy-api.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain }}"
- "{{ printf "%s-proxy-public.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain }}"
- "localhost"
......
......@@ -153,6 +153,9 @@ spec:
httpGet:
path: /_chp_healthz
port: http
{{- if .Values.tls.enabled }}
scheme: HTTPS
{{- end }}
{{- end }}
{{- if .Values.proxy.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.proxy.customLivenessProbe "context" $) | nindent 12 }}
......@@ -161,6 +164,9 @@ spec:
httpGet:
path: /_chp_healthz
port: http
{{- if .Values.tls.enabled }}
scheme: HTTPS
{{- end }}
{{- end }}
{{- if .Values.proxy.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.proxy.customReadinessProbe "context" $) | nindent 12 }}
......@@ -169,6 +175,9 @@ spec:
httpGet:
path: /_chp_healthz
port: http
{{- if .Values.tls.enabled }}
scheme: HTTPS
{{- end }}
{{- end }}
{{- end }}
volumeMounts:
......
......@@ -10,7 +10,7 @@ metadata:
app.kubernetes.io/component: proxy
namespace: {{ .Release.Namespace | quote }}
annotations:
{{- if .Values.tls.enabled }}
{{- if and (eq .Values.proxy.ingress.ingressControllerType "nginx") .Values.tls.enabled }}
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
{{- end }}
{{- if .Values.proxy.ingress.annotations }}
......
{{- if and (eq .Values.proxy.ingress.ingressControllerType "traefik") .Values.tls.enabled }}
{{- $releaseNamespace := .Release.Namespace }}
{{- $clusterDomain := .Values.clusterDomain }}
{{- $fullname := include "common.names.fullname" . }}
{{- $serviceName := include "common.names.fullname" . }}
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: {{ include "codehub.proxy.name" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: proxy
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
rootCAsSecrets:
- {{ include "common.names.fullname" . }}-proxy-crt
serverName: {{ printf "%s-proxy-public" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- end }}
\ No newline at end of file
......@@ -15,6 +15,10 @@ metadata:
{{- if .Values.proxy.service.public.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.proxy.service.public.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if and (eq .Values.proxy.ingress.ingressControllerType "traefik") .Values.tls.enabled }}
traefik.ingress.kubernetes.io/service.serversscheme: https
traefik.ingress.kubernetes.io/service.serverstransport: "{{ .Release.Namespace }}-{{ include "codehub.proxy.name" . }}@kubernetescrd"
{{- end }}
spec:
type: {{ .Values.proxy.service.public.type }}
{{- if and .Values.proxy.service.public.clusterIP (eq .Values.proxy.service.public.type "ClusterIP") }}
......
......@@ -1040,6 +1040,8 @@ proxy:
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
##
ingressClassName: ""
## @param proxy.ingress.ingressControllerType ingressControllerType that will be be used to implement the Ingress specific annotations (Ex. nginx or traefik)
ingressControllerType: "nginx"
## @param proxy.ingress.pathType Ingress path type
##
pathType: ImplementationSpecific
......@@ -1643,7 +1645,7 @@ tls:
## @param tls.algorithm Algorithm of the private key. Allowed values are either RSA,Ed25519 or ECDSA.
algorithm: RSA
## @param tls.size Size is the key bit size of the corresponding private key for this certificate. If algorithm is set to RSA, valid values are 2048, 4096 or 8192, and will default to 2048 if not specified. If algorithm is set to ECDSA, valid values are 256, 384 or 521, and will default to 256 if not specified. If algorithm is set to Ed25519, Size is ignored. No other values are allowed.
size: 2048
size: 4096
## @param tls.existingSecret Existing secret containing the certificates for Codehub
##
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment