diff --git a/charts/sapl/v0.2.0/questions.yaml b/charts/sapl/v0.2.0/questions.yaml index 0217571..cc622c0 100644 --- a/charts/sapl/v0.2.0/questions.yaml +++ b/charts/sapl/v0.2.0/questions.yaml @@ -26,6 +26,38 @@ questions: group: Básico required: true +# Ingress +- variable: ingress.tls.enabled + default: true + type: boolean + description: "Habilitar criptografia do protocolo HTTP (HTTPS)?" + label: "Habilitar TLS?" + required: false + group: Ingress + show_subquestion_if: true + subquestions: + - variable: ingress.tls.provider + default: letsencrypt + type: enum + description: "Qual provedor de certificados utilizar?" + label: "Provedor de certificados" + required: false + group: Ingress + options: + - letsencrypt + - aws + +- variable: ingress.class + default: nginx + type: enum + description: "Qual o Ingress Controller?" + label: "Classe Ingress" + required: false + group: Ingress + options: + - nginx + - alb + # Correio - variable: sapl.emailSendUser default: "no-reply@interlegis.leg.br" diff --git a/charts/sapl/v0.2.0/templates/ingress.yaml b/charts/sapl/v0.2.0/templates/ingress.yaml index 84be055..716ba59 100644 --- a/charts/sapl/v0.2.0/templates/ingress.yaml +++ b/charts/sapl/v0.2.0/templates/ingress.yaml @@ -12,20 +12,45 @@ metadata: labels: {{- include "sapl.labels" . | nindent 4 }} annotations: + {{- if .Values.ingress.tls.enabled }} + # USE TLS + {{- if contains "letsencrypt" .Values.ingress.tls.provider }} cert-manager.io/cluster-issuer: "letsencrypt-prod" + {{- end }} + {{- if contains "alb" .Values.ingress.class }} + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]' + {{- end }} + {{- else }} + # DO NOT USE TLS + {{- if contains "alb" .Values.ingress.class }} + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' + {{- end }} + {{- end }} + {{- if contains "alb" .Values.ingress.class }} + alb.ingress.kubernetes.io/group.name: sapl + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/target-type: ip + kubernetes.io/ingress.class: alb + {{- end }} {{- with .Values.ingress.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: + {{- if .Values.ingress.tls.enabled }} tls: - hosts: - "{{ $hostName }}" secretName: {{ $hostName | replace "." "-" }}-tls + {{- end }} rules: - host: "{{ $hostName }}" http: paths: - - path: / + {{- if contains "nginx" .Values.ingress.class }} + - path: /(.*) + {{- else }} + - path: /* + {{- end }} backend: serviceName: {{ $fullName }} servicePort: http diff --git a/charts/sapl/v0.2.0/values.yaml b/charts/sapl/v0.2.0/values.yaml index b6e9c5c..0af2b7f 100644 --- a/charts/sapl/v0.2.0/values.yaml +++ b/charts/sapl/v0.2.0/values.yaml @@ -65,6 +65,12 @@ sapl: ingress: enabled: true + class: nginx + # nginx - for default nginx ingress controller + # alb - for AWS ALB Load Balancer controller + tls: + enabled: true + provider: letsencrypt # extra annotations only annotations: {}