From f8d18fd010e824c8b28d5e9dd1e8733f69e62bf0 Mon Sep 17 00:00:00 2001 From: Bruno Willenborg Date: Tue, 22 Aug 2023 13:44:47 +0200 Subject: [PATCH] WIP: custom tls secret name --- charts/sddi-ckan/README.md | 1 + charts/sddi-ckan/charts/ckan/README.md | 1 + charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml | 2 +- charts/sddi-ckan/charts/ckan/values.yaml | 3 +++ charts/sddi-ckan/values.yaml | 3 +++ 5 files changed, 9 insertions(+), 1 deletion(-) diff --git a/charts/sddi-ckan/README.md b/charts/sddi-ckan/README.md index 668d35f..42cabdf 100644 --- a/charts/sddi-ckan/README.md +++ b/charts/sddi-ckan/README.md @@ -67,6 +67,7 @@ Kubernetes: `>= 1.23.0` | global.ingress.certManager.issuerType | string | `"namespace"` | Type of [cert-manager](https://cert-manager.io/docs/) Issuer: Use either "namespace" or "cluster". | | global.ingress.className | string | `"nginx"` | Name of the [IngressClass](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use in Ingress routes. | | global.ingress.domains | list | `["localhost"]` | List of [FQDNs](https://de.wikipedia.org/wiki/Fully-Qualified_Host_Name) for this Ingress. Note: All FQDNs will be used for Ingress hosts and TLS certificate. The global setting overwrites this setting in subcharts. | +| global.ingress.tls.secretName | string | `nil` | Specify a custom tls secret name. This my be overwritten by `ingress.tls.secretName` of subcharts. | | ingress-nginx.enabled | bool | `false` | Enable/disable Nginx ingress controller. | | nameOverride | string | `""` | Override name | | postgis.enabled | bool | `true` | Enable/disable database instance. Disable, if an external database is used. | diff --git a/charts/sddi-ckan/charts/ckan/README.md b/charts/sddi-ckan/charts/ckan/README.md index 6976b62..5a4e679 100644 --- a/charts/sddi-ckan/charts/ckan/README.md +++ b/charts/sddi-ckan/charts/ckan/README.md @@ -94,6 +94,7 @@ A Helm chart for SDDI enabled CKAN. | ingress.stickySessions.sessionCookie.name | string | `"route"` | [Nginx Ingress Controller Sticky sessions](https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/) | | ingress.stickySessions.sessionCookie.path | string | `"/"` | [Nginx Ingress Controller Sticky sessions](https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/) | | ingress.stickySessions.sessionCookie.secure | string | `"false"` | [Nginx Ingress Controller Sticky sessions](https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/) | +| ingress.tls.secretName | string | `nil` | Specify a custom tls secret name. This overwrites `global.ingress.tls.secretName`. | | licensesGroupUrl | string | `"https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json"` | [CKAN licences group url](https://docs.ckan.org/en/latest/maintaining/configuration.html#licenses-group-url): A URL pointing to a JSON file containing a list of license objects. | | liveness.failureThreshold | int | `6` | Failure threshold for the liveness probe | | liveness.initialDelaySeconds | int | `20` | Initial delay for the liveness probe | diff --git a/charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml b/charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml index b1a5403..acc577b 100644 --- a/charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml +++ b/charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml @@ -50,7 +50,7 @@ spec: {{- range $domains }} - {{ . }} {{- end }} - secretName: tls + secretName: {{ (coalesce .Values.ingress.tls.secretName .Values.global.ingress.tls.secretName (printf "%s-%s" (first $domains) "tls" )) | quote }} rules: {{- range $domains }} - host: {{ . }} diff --git a/charts/sddi-ckan/charts/ckan/values.yaml b/charts/sddi-ckan/charts/ckan/values.yaml index 12932fc..7311174 100644 --- a/charts/sddi-ckan/charts/ckan/values.yaml +++ b/charts/sddi-ckan/charts/ckan/values.yaml @@ -117,6 +117,9 @@ ingress: # See [ingress-nginx cors settings](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#enable-cors) # for details on CORS configuration and default settings. Use `ingress.annotations` to overwrite the default configuration annotations. enabled: true + tls: + # -- Specify a custom tls secret name. This overwrites `global.ingress.tls.secretName`. + secretName: # General settings # -- CKAN site url. This should match a domain name of CKAN specified in `ingress.domains`/`global.ingress.domains` diff --git a/charts/sddi-ckan/values.yaml b/charts/sddi-ckan/values.yaml index 5c83051..f1edb3e 100644 --- a/charts/sddi-ckan/values.yaml +++ b/charts/sddi-ckan/values.yaml @@ -21,6 +21,9 @@ global: # -- Name of the Issuer to use. For certManager.type = namespace # `letsencrypt-staging`, `letsencrypt-production` and `self-signed` are available. issuerName: letsencrypt-staging + tls: + # -- Specify a custom tls secret name. This my be overwritten by `ingress.tls.secretName` of subcharts. + secretName: db: # -- Database host of the CKAN database.