ZhenYi/gitdataai
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat(admin): add TLS support to ingress with cert-manager and manual secret options

Browse Source
This commit is contained in:
ZhenYi 2026-04-19 22:35:31 +08:00
parent e612043e5f
commit 3034c7f391
2 changed files with 25 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
admin/deploy/templates/admin-ingress.yaml
View File

@ -2,6 +2,16 @@
{{- $fullName := include "admin.fullname" . -}} {{- $fullName := include "admin.fullname" . -}}
{{- $ns := include "admin.namespace" . -}} {{- $ns := include "admin.namespace" . -}}
{{- $hosts := .Values.admin.ingress.hosts | default list -}} {{- $hosts := .Values.admin.ingress.hosts | default list -}}
{{- $tlsSecret := .Values.admin.ingress.tlsSecret | default "" -}}
{{- $useCertManager := $.Values.certManager.enabled -}}
{{- $secretName := "" -}}
{{- if ne $tlsSecret "" -}}
{{- $secretName = $tlsSecret -}}
{{- else if $useCertManager -}}
{{- $secretName = printf "%s-admin-tls" $fullName -}}
{{- end -}}
{{- $tlsEnabled := or $useCertManager (ne $tlsSecret "") -}}
{{- $addCertManagerAnnotation := and $useCertManager (eq $tlsSecret "") -}}
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
@ -14,7 +24,7 @@ metadata:
{{- if .Values.admin.ingress.annotations }} {{- if .Values.admin.ingress.annotations }}
{{- toYaml .Values.admin.ingress.annotations | nindent 4 }} {{- toYaml .Values.admin.ingress.annotations | nindent 4 }}
{{- end }} {{- end }}
{{- if $.Values.certManager.enabled }} {{- if and $addCertManagerAnnotation (not (hasKey (.Values.admin.ingress.annotations | default dict) "cert-manager.io/cluster-issuer")) }}
cert-manager.io/cluster-issuer: {{ $.Values.certManager.clusterIssuerName }} cert-manager.io/cluster-issuer: {{ $.Values.certManager.clusterIssuerName }}
{{- end }} {{- end }}
nginx.ingress.kubernetes.io/proxy-body-size: "50m" nginx.ingress.kubernetes.io/proxy-body-size: "50m"
@ -24,17 +34,17 @@ metadata:
nginx.ingress.kubernetes.io/enable-websocket: "true" nginx.ingress.kubernetes.io/enable-websocket: "true"
spec: spec:
ingressClassName: nginx ingressClassName: nginx
{{- if and $hosts $.Values.certManager.enabled }} {{- if and $hosts $tlsEnabled }}
tls: tls:
{{- range $hosts }} {{- range $hosts }}
- hosts: - hosts:
- {{ .host }} - {{ . | toString }}
secretName: {{ $fullName }}-admin-tls secretName: {{ $secretName }}
{{- end }} {{- end }}
{{- end }} {{- end }}
rules: rules:
{{- range $hosts }} {{- range $hosts }}
- host: {{ .host }} - host: {{ . | toString }}
http: http:
paths: paths:
- path: / - path: /

16
admin/deploy/values.yaml
View File

@ -33,9 +33,13 @@ admin:
port: 3000 port: 3000
ingress: ingress:
enabled: false enabled: true
hosts: [ ] hosts:
annotations: { } - admin.gitdata.me
# tlsSecret: my-tls-secret # uncomment to use a pre-existing TLS secret (overrides cert-manager auto-issue)
annotations:
# cert-manager.io/cluster-issuer: cloudflare-acme-cluster-issuer # auto-set by template when certManager.enabled=true
kubernetes.io/ingress.class: nginx
resources: resources:
requests: requests:
@ -71,8 +75,8 @@ admin:
affinity: { } affinity: { }
secrets: secrets:
enabled: false enabled: true
databaseUrl: "" databaseUrl: "postgresql://gitdataai:gitdataai123@cnpg-cluster-rw.cnpg:5432/gitdataai?sslmode=disable"
redisUrl: "" redisUrl: "redis://:redis123@valkey-cluster.valkey-cluster.svc.cluster.local:6379"
nextAuthSecret: "" nextAuthSecret: ""
extra: { } extra: { }