Using ingress overwrite proxy

amphitheatre-app · Jan 25, 2023 · 667f4c6 · 667f4c6
1 parent 411979b
commit 667f4c6
Show file tree

Hide file tree

Showing 3 changed files with 65 additions and 10 deletions.
diff --git a/charts/amphitheatre/Chart.yaml b/charts/amphitheatre/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.5
+version: 0.3.6
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -24,6 +24,10 @@ version: 0.3.5
 appVersion: "0.1.0"
 
 dependencies:
+  - name: cert-manager
+    repository: https://charts.jetstack.io
+    version: 1.11.0
+    condition: cert-manager.enabled
   - name: harbor
     repository: https://charts.bitnami.com/bitnami
     version: 16.1.0
@@ -32,3 +36,7 @@ dependencies:
     repository: https://charts.amphitheatre.app
     version: 0.1.0
     condition: kpack.enabled
+  - name: ingress-nginx
+    repository: https://kubernetes.github.io/ingress-nginx
+    version: 4.4.2
+    condition: ingress-nginx.enabled
diff --git a/charts/amphitheatre/templates/cart-manager/lets-encrypt-cluster-issuer.yaml b/charts/amphitheatre/templates/cart-manager/lets-encrypt-cluster-issuer.yaml
@@ -0,0 +1,24 @@
+{{- if index .Values "cert-manager" "enabled" }}
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: lets-encrypt-cluster-issuer
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-weight": "1"
+spec:
+  acme:
+    # The ACME server URL
+    #server: https://acme-v02.api.letsencrypt.org/directory
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: issuer@amphitheatre.app
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: lets-encrypt-cluster-issuer
+    # Enable the HTTP-01 challenge provider
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
+{{- end }}
diff --git a/charts/amphitheatre/values.yaml b/charts/amphitheatre/values.yaml
@@ -2,19 +2,42 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
-registry: harbor.amp-system.svc.cluster.local
+registry: registry.amphitheatre.local
+
+cert-manager:
+  enabled: false
+  installCRDs: true
+  podDnsPolicy: "None"
+  podDnsConfig:
+    nameservers:
+      - "1.1.1.1"
+      - "8.8.8.8"
 
 harbor:
   enabled: true
   fullnameOverride: harbor
   adminPassword: "Harbor12345"
-  externalURL: harbor.amp-system.svc.cluster.local
-  exposureType: proxy
-  service:
-    type: ClusterIP
-  nginx:
-    tls:
-      enabled: false
-
+  externalURL: http://registry.amphitheatre.local
+  exposureType: ingress
+  ingress:
+    core:
+      hostname: registry.amphitheatre.local
+      annotations:
+        ingress.kubernetes.io/ssl-redirect: 'false'
+        # ingress.kubernetes.io/proxy-body-size: '0'
+        nginx.ingress.kubernetes.io/ssl-redirect: 'false'
+        # nginx.ingress.kubernetes.io/proxy-body-size: '0'
+        kubernetes.io/ingress.class: nginx
+        # cert-manager.io/cluster-issuer: lets-encrypt-cluster-issuer
+        # cert-manager.io/issue-temporary-certificate: "true"
+        # acme.cert-manager.io/http01-edit-in-place: "true"
+      tls: false
 kpack:
   enabled: true
+
+ingress-nginx:
+  enabled: true
+  controller:
+    kind: DaemonSet
+    service:
+      enableHttps: false