feat(deploy): single unified Ingress with per-host routing

Replace multiple conflicting Ingress resources with one that routes: - gitdata.ai → frontend (port 80) - api.gitdata.ai → app (port 8080) - git.gitdata.ai → gitserver-http (port 8022) - static.gitdata.ai → static (port 8081) Disable service-level ingress configs in values.yaml (they would conflict on the same host/path). Single TLS secret covers all hosts.
2026-04-15 14:17:03 +08:00 · 2026-04-15 14:17:03 +08:00 · 6c3f5b49f8
commit 6c3f5b49f8
parent b9a9acbc75
2 changed files with 60 additions and 84 deletions
--- a/deploy/templates/ingress.yaml
+++ b/deploy/templates/ingress.yaml
@ -1,61 +1,70 @@
-{{- if .Values.app.ingress.enabled -}}
-{{- $svcName := printf "%s-app" (include "gitdata.fullname" .) -}}
+{{- /* Single unified Ingress for all services */ -}}
+{{- $fullName := include "gitdata.fullname" . -}}
 {{- $ns := include "gitdata.namespace" . -}}
-{{- $ing := .Values.app.ingress -}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ include "gitdata.fullname" . }}-ingress
+  name: {{ $fullName }}-ingress
  namespace: {{ $ns }}
  labels:
-    app.kubernetes.io/name: {{ include "gitdata.fullname" . }}-app
+    app.kubernetes.io/name: {{ $fullName }}
    app.kubernetes.io/instance: {{ .Release.Name }}
  annotations:
-    cert-manager.io/cluster-issuer: {{ $ing.clusterIssuer | default "cloudflare-acme-cluster-issuer" }}
-{{- if $ing.annotations }}
-{{ toYaml $ing.annotations | indent 4 }}
-{{- end }}
-{{- if not (hasKey ($ing.annotations | default dict) "nginx.ingress.kubernetes.io/proxy-body-size") }}
-{{- if or (not $ing.className) (eq $ing.className "nginx") (contains "nginx" $ing.className) }}
+    cert-manager.io/cluster-issuer: cloudflare-acme-cluster-issuer
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
-{{- end }}
-{{- end }}
 spec:
-{{- if $ing.className }}
-  ingressClassName: {{ $ing.className }}
-{{- end }}
-{{- if $ing.tls }}
+  ingressClassName: nginx
  tls:
-{{- range $ing.tls }}
    - hosts:
-{{- range .hosts }}
-    - {{ . | quote }}
-{{- end }}
-    secretName: {{ .secretName }}
-{{- end }}
-{{- else }}
-  tls:
-{{- range $ing.hosts }}
-  - hosts:
-    - {{ .host | quote }}
-    secretName: {{ include "gitdata.fullname" $ }}-app-tls
-{{- end }}
-{{- end }}
+        - gitdata.ai
+        - api.gitdata.ai
+        - git.gitdata.ai
+        - static.gitdata.ai
+      secretName: {{ $fullName }}-tls
  rules:
-{{- range $ing.hosts }}
-  - host: {{ .host | quote }}
+    # Frontend
+    - host: gitdata.ai
      http:
        paths:
-{{- range .paths }}
-      - path: {{ .path }}
-        pathType: {{ .pathType | default "Prefix" }}
+          - path: /
+            pathType: Prefix
            backend:
              service:
-            name: {{ $svcName }}
+                name: {{ $fullName }}-frontend
                port:
-              number: {{ $.Values.app.service.port }}
-{{- end }}
-{{- end }}
-{{- end }}
+                  number: 80
+    # API
+    - host: api.gitdata.ai
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ $fullName }}-app
+                port:
+                  number: {{ .Values.app.service.port }}
+    # Gitserver HTTP
+    - host: git.gitdata.ai
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ $fullName }}-gitserver-http
+                port:
+                  number: {{ .Values.gitserver.service.http.port }}
+    # Static files
+    - host: static.gitdata.ai
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ $fullName }}-static
+                port:
+                  number: {{ .Values.static.service.port }}
--- a/deploy/values.yaml
+++ b/deploy/values.yaml
@ -137,15 +137,7 @@ frontend:
    type: ClusterIP

  ingress:
-    enabled: true
-    className: nginx
-    annotations: {}
-    hosts:
-      - host: gitdata.ai
-        paths:
-          - path: /
-            pathType: Prefix
-    tls: []
+    enabled: false

  resources:
    requests:
@ -185,17 +177,7 @@ app:
    port: 8080

  ingress:
-    enabled: true
-    className: nginx
-    annotations: {}
-    hosts:
-      - host: gitdata.ai
-        paths:
-          - path: /
-            pathType: Prefix
-          - path: /api
-            pathType: Prefix
-    tls: []
+    enabled: false

  resources:
    requests:
@ -243,14 +225,7 @@ static:
    port: 8081

  ingress:
-    enabled: true
-    className: nginx
-    annotations: {}
-    hosts:
-      - host: static.gitdata.ai
-        paths:
-          - path: /
-            pathType: Prefix
+    enabled: false

  cors: true
  logLevel: info
@ -326,15 +301,7 @@ gitserver:
    accessMode: ReadWriteOnce

  ingress:
-    enabled: true
-    className: nginx
-    annotations: {}
-    hosts:
-      - host: git.gitdata.ai
-        paths:
-          - path: /
-            pathType: Prefix
-    tls: []
+    enabled: false

  env: []