config(admin): admin env

admin/deploy/templates/admin-ingress.yaml

@@ -2,6 +2,16 @@
 {{- $fullName := include "admin.fullname" . -}}
 {{- $ns := include "admin.namespace" . -}}
 {{- $hosts := .Values.admin.ingress.hosts | default list -}}
+{{- $tlsSecret := .Values.admin.ingress.tlsSecret | default "" -}}
+{{- $useCertManager := $.Values.certManager.enabled -}}
+{{- $secretName := "" -}}
+{{- if ne $tlsSecret "" -}}
+{{-   $secretName = $tlsSecret -}}
+{{- else if $useCertManager -}}
+{{-   $secretName = printf "%s-admin-tls" $fullName -}}
+{{- end -}}
+{{- $tlsEnabled := or $useCertManager (ne $tlsSecret "") -}}
+{{- $addCertManagerAnnotation := and $useCertManager (eq $tlsSecret "") -}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -14,7 +24,7 @@ metadata:
     {{- if .Values.admin.ingress.annotations }}
     {{- toYaml .Values.admin.ingress.annotations | nindent 4 }}
     {{- end }}
-    {{- if $.Values.certManager.enabled }}
+    {{- if and $addCertManagerAnnotation (not (hasKey (.Values.admin.ingress.annotations | default dict) "cert-manager.io/cluster-issuer")) }}
     cert-manager.io/cluster-issuer: {{ $.Values.certManager.clusterIssuerName }}
     {{- end }}
     nginx.ingress.kubernetes.io/proxy-body-size: "50m"
@@ -24,17 +34,17 @@ metadata:
     nginx.ingress.kubernetes.io/enable-websocket: "true"
 spec:
   ingressClassName: nginx
-  {{- if and $hosts $.Values.certManager.enabled }}
+  {{- if and $hosts $tlsEnabled }}
   tls:
     {{- range $hosts }}
     - hosts:
-        - {{ .host }}
+        - {{ . | toString }}
-      secretName: {{ $fullName }}-admin-tls
+      secretName: {{ $secretName }}
     {{- end }}
   {{- end }}
   rules:
     {{- range $hosts }}
-    - host: {{ .host }}
+    - host: {{ . | toString }}
       http:
         paths:
           - path: /

admin/deploy/values.yaml

@@ -33,9 +33,14 @@ admin:
     port: 3000
 
   ingress:
-    enabled: false
+    enabled: true
-    hosts: [ ]
+    hosts:
-    annotations: { }
+      - admin.gitdata.me
+    # tlsSecret: my-tls-secret   # uncomment to use a pre-existing TLS secret (overrides cert-manager auto-issue)
+    annotations:
+      cert-manager.io/cluster-issuer: cloudflare-acme-cluster-issuer  # auto-set by template when certManager.enabled=true
+      kubernetes.io/ingress.class: nginx
+
 
   resources:
     requests:
@@ -64,15 +69,25 @@ admin:
     redisUrl: APP_REDIS_URL
     nextAuthSecret: APP_NEXTAUTH_SECRET
 
-  env: [ ]
+  env:
+    DATABASE_URL: "postgresql://gitdataai:gitdataai123@cnpg-cluster-rw.cnpg:5432/gitdataai?sslmode=disable"
+    REDIS_CLUSTER_URLS: "redis://:redis123@valkey-cluster.valkey-cluster.svc.cluster.local:6379"
+    REDIS_URL: "redis://:redis123@valkey-cluster.valkey-cluster.svc.cluster.local:6379"
+    ADMIN_SESSION_COOKIE_NAME: admin_session
+    ADMIN_SESSION_TTL: 604800
+    ADMIN_SUPER_USERNAME: admin
+    ADMIN_SUPER_PASSWORD: admin123
+    COOKIE_SECURE: false
+    COOKIE_SAME_SITE: lax
+
 
   nodeSelector: { }
   tolerations: [ ]
   affinity: { }
 
 secrets:
-  enabled: false
+  enabled: true
-  databaseUrl: ""
+  databaseUrl: "postgresql://gitdataai:gitdataai123@cnpg-cluster-rw.cnpg:5432/gitdataai?sslmode=disable"
-  redisUrl: ""
+  redisUrl: "redis://:redis123@valkey-cluster.valkey-cluster.svc.cluster.local:6379"
   nextAuthSecret: ""
   extra: { }