From 0e4f21ac765ba3f938a9e94ace5f6d9b298146d7 Mon Sep 17 00:00:00 2001 From: Michael Povel Date: Thu, 9 Jan 2025 12:40:52 +0000 Subject: [PATCH] Added ingress first try --- .../templates/_dbildungs-iam-server-envs.tpl | 5 +++ .../templates/backend-ingress.yaml | 40 ++++++++++++++++++- .../templates/secret.yaml | 1 + charts/dbildungs-iam-server/values.yaml | 4 +- 4 files changed, 48 insertions(+), 2 deletions(-) diff --git a/charts/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl b/charts/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl index c6d1f8865..b043d1e8b 100644 --- a/charts/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl +++ b/charts/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl @@ -126,4 +126,9 @@ secretKeyRef: name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} key: vidis-keycloak-role +- name:BASIC_AUTH + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: auth {{- end}} diff --git a/charts/dbildungs-iam-server/templates/backend-ingress.yaml b/charts/dbildungs-iam-server/templates/backend-ingress.yaml index 4a324e728..4957dfb08 100644 --- a/charts/dbildungs-iam-server/templates/backend-ingress.yaml +++ b/charts/dbildungs-iam-server/templates/backend-ingress.yaml @@ -30,4 +30,42 @@ spec: port: number: {{ $.Values.backend.service.ports.http }} {{- end }} -{{ end }} \ No newline at end of file +{{ end }} +--- +{{if .Values.backend.ingress.healthenabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ template "common.names.name" . }}-health-backend + namespace: {{ template "common.names.namespace" . }} + labels: + {{- include "common.labels" . | nindent 4 }} + annotations: + ingress.kubernetes.io/rewrite-target: /health + # authentication type + nginx.ingress.kubernetes.io/auth-type: basic + # name of the secret that contains the user/password definitions + nginx.ingress.kubernetes.io/auth-secret: {{ .Values.auth.secretName }} + # message to display with an appropriate context why the authentication is required + nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - user' + {{- with .Values.backend.ingress.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + tls: + - hosts: + - {{ .Values.backendHostname }} + ingressClassName: {{ .Values.backend.ingress.ingressClassName }} + rules: + - host: {{ .Values.backendHostname }} + http: + paths: + - path: /api/health + pathType: prefix + backend: + service: + name: {{ template "common.names.name" $ }}-backend + port: + number: {{ $.Values.backend.service.ports.http }} + {{- end }} +{{ end }} diff --git a/charts/dbildungs-iam-server/templates/secret.yaml b/charts/dbildungs-iam-server/templates/secret.yaml index a28314969..463f98466 100644 --- a/charts/dbildungs-iam-server/templates/secret.yaml +++ b/charts/dbildungs-iam-server/templates/secret.yaml @@ -33,4 +33,5 @@ data: import-passphrase-secret: {{ .Values.auth.import_passphrase_secret }} import-passphrase-salt: {{ .Values.auth.import_passphrase_salt }} ox-password: {{ .Values.auth.ox_password }} + auth: {{ .Values.auth.basic_auth_password }} {{- end }} diff --git a/charts/dbildungs-iam-server/values.yaml b/charts/dbildungs-iam-server/values.yaml index 6a9b00ee0..4ac5dcebf 100644 --- a/charts/dbildungs-iam-server/values.yaml +++ b/charts/dbildungs-iam-server/values.yaml @@ -68,7 +68,8 @@ auth: import_passphrase_secret: '' import_passphrase_salt: '' ox_password: '' - + basic_auth_password: '' + ox: enabled: false username: 'oxadmin' @@ -121,6 +122,7 @@ backend: # Only enable if 2nd host name is defined enabled2nd: false enabled: true + healthenabled: false ingressClassName: nginx pathType: Prefix portnumber: 80