{{- if .Values.ingress.enabled -}} {{- $fullName := include "sapl.fullname" . -}} {{- $hostName := .Values.sapl.hostname -}} {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1 {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1beta1 {{- else -}} apiVersion: extensions/v1beta1 {{- end }} kind: Ingress metadata: name: {{ $fullName }} labels: {{- include "sapl.labels" . | nindent 4 }} annotations: {{- if .Values.ingress.tls.enabled }} # USE TLS {{- if contains "letsencrypt" .Values.ingress.tls.provider }} cert-manager.io/cluster-issuer: "letsencrypt-prod" {{- end }} {{- if contains "alb" .Values.ingress.class }} alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]' {{- end }} {{- else }} # DO NOT USE TLS {{- if contains "alb" .Values.ingress.class }} alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' {{- end }} {{- end }} {{- if contains "alb" .Values.ingress.class }} alb.ingress.kubernetes.io/group.name: sapl alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/target-type: ip kubernetes.io/ingress.class: alb {{- end }} {{- with .Values.ingress.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: {{- if .Values.ingress.tls.enabled }} tls: - hosts: - "{{ $hostName }}" secretName: {{ $hostName | replace "." "-" }}-tls {{- end }} rules: - host: "{{ $hostName }}" http: paths: {{- if contains "nginx" .Values.ingress.class }} - path: / {{- else }} - path: /* {{- end }} {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} pathType: ImplementationSpecific {{- end }} backend: {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} service: name: {{ $fullName }} port: number: 80 {{- else }} serviceName: {{ $fullName }} servicePort: http {{- end }} {{- end }}