{{- if .Values.ingress.enabled -}}
{{- $fullName := include "sapl.fullname" . -}}
{{- $hostName := .Values.sapl.hostname -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
  name: {{ $fullName }}
  labels:
    {{- include "sapl.labels" . | nindent 4 }}
  annotations:
  {{- if .Values.ingress.tls.enabled }}
    # USE TLS
    {{- if contains "letsencrypt" .Values.ingress.tls.provider }}
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    {{- end }}
    {{- if contains "alb" .Values.ingress.class }}
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
    {{- end }}
  {{- else }}
    # DO NOT USE TLS
    {{- if contains "alb" .Values.ingress.class }}
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
    {{- end }}
  {{- end }}
  {{- if contains "alb" .Values.ingress.class }}
    alb.ingress.kubernetes.io/group.name: sapl
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    kubernetes.io/ingress.class: alb
  {{- end }}
  {{- with .Values.ingress.annotations }}
    {{- toYaml . | nindent 4 }}
  {{- end }}
spec:
  {{- if .Values.ingress.tls.enabled }}
  tls:
    - hosts:
        - "{{ $hostName }}"
      secretName: {{ $hostName | replace "." "-" }}-tls
  {{- end }}
  rules:
    - host: "{{ $hostName }}"
      http:
        paths:
          {{- if contains "nginx" .Values.ingress.class }}
          - path: /
          {{- else }}
          - path: /*
          {{- end }}
            backend:
              serviceName: {{ $fullName }}
              servicePort: http
{{- end }}