{{- if .Values.ingress.enabled -}}
{{- $fullName := include "sapl.fullname" . -}}
{{- $hostName := .Values.sapl.hostname -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "sapl.labels" . | nindent 4 }}
annotations:
{{- if .Values.ingress.tls.enabled }}
# USE TLS
{{- if contains "letsencrypt" .Values.ingress.tls.provider }}
cert-manager.io/cluster-issuer: "letsencrypt-prod"
{{- if contains "alb" .Values.ingress.class }}
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
{{- else }}
# DO NOT USE TLS
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
alb.ingress.kubernetes.io/group.name: sapl
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
kubernetes.io/ingress.class: alb
{{- with .Values.ingress.annotations }}
{{- toYaml . | nindent 4 }}
spec:
tls:
- hosts:
- "{{ $hostName }}"
secretName: {{ $hostName | replace "." "-" }}-tls
rules:
- host: "{{ $hostName }}"
http:
paths:
{{- if contains "nginx" .Values.ingress.class }}
- path: /
- path: /*
backend:
serviceName: {{ $fullName }}
servicePort: http