Added ingress first try

dBildungsplattform · Jan 9, 2025 · 0e4f21a · 0e4f21a
1 parent 3705934
commit 0e4f21a
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 2 deletions.
diff --git a/charts/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl b/charts/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl
@@ -126,4 +126,9 @@
     secretKeyRef:
         name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
         key: vidis-keycloak-role
+- name:BASIC_AUTH
+  valueFrom:
+    secretKeyRef:
+        name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+        key: auth
 {{- end}}
diff --git a/charts/dbildungs-iam-server/templates/backend-ingress.yaml b/charts/dbildungs-iam-server/templates/backend-ingress.yaml
@@ -30,4 +30,42 @@ spec:
                 port:
                   number: {{ $.Values.backend.service.ports.http }}
           {{- end }}
-{{ end }}
+{{ end }}
+---
+{{if .Values.backend.ingress.healthenabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ template "common.names.name" . }}-health-backend
+  namespace: {{ template "common.names.namespace" . }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  annotations:
+    ingress.kubernetes.io/rewrite-target: /health
+    # authentication type
+    nginx.ingress.kubernetes.io/auth-type: basic
+    # name of the secret that contains the user/password definitions
+    nginx.ingress.kubernetes.io/auth-secret: {{ .Values.auth.secretName }}
+    # message to display with an appropriate context why the authentication is required
+    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - user'    
+    {{- with .Values.backend.ingress.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  tls:
+  - hosts:
+      - {{ .Values.backendHostname  }}
+  ingressClassName: {{ .Values.backend.ingress.ingressClassName }}
+  rules:
+    - host: {{ .Values.backendHostname }}
+      http:
+        paths:
+          - path: /api/health
+            pathType: prefix
+            backend:
+              service:
+                name: {{ template "common.names.name" $ }}-backend
+                port:
+                  number: {{ $.Values.backend.service.ports.http }}
+          {{- end }}
+{{ end }}
diff --git a/charts/dbildungs-iam-server/templates/secret.yaml b/charts/dbildungs-iam-server/templates/secret.yaml
@@ -33,4 +33,5 @@ data:
   import-passphrase-secret: {{ .Values.auth.import_passphrase_secret }}
   import-passphrase-salt: {{ .Values.auth.import_passphrase_salt }}
   ox-password: {{ .Values.auth.ox_password }}
+  auth: {{ .Values.auth.basic_auth_password }}
 {{- end }}
diff --git a/charts/dbildungs-iam-server/values.yaml b/charts/dbildungs-iam-server/values.yaml
@@ -68,7 +68,8 @@ auth:
   import_passphrase_secret: ''
   import_passphrase_salt: ''
   ox_password: ''
-
+  basic_auth_password: ''
+
 ox:
   enabled: false
   username: 'oxadmin'
@@ -121,6 +122,7 @@ backend:
     # Only enable if 2nd host name is defined
     enabled2nd: false
     enabled: true
+    healthenabled: false
     ingressClassName: nginx
     pathType: Prefix
     portnumber: 80