From 5fabb0cad3bd50599d00052d23b9db4688759704 Mon Sep 17 00:00:00 2001 From: Ben Hardill Date: Fri, 14 Jul 2023 14:08:39 +0100 Subject: [PATCH 1/2] Add tls block to ingress Also set annonations and ingressClass on the broker --- helm/flowforge/README.md | 1 + helm/flowforge/templates/broker.yaml | 14 ++++++++++++++ helm/flowforge/templates/service-ingress.yaml | 8 ++++++++ helm/flowforge/values.schema.json | 3 +++ 4 files changed, 26 insertions(+) diff --git a/helm/flowforge/README.md b/helm/flowforge/README.md index c9a561a9..dcd70f0c 100644 --- a/helm/flowforge/README.md +++ b/helm/flowforge/README.md @@ -25,6 +25,7 @@ If using an external PostgreSQL Database you will need to create the database an - `forge.domain` the domain instances will be hosted on - `forge.entryPoint` if the admin app is hosted on a different domain - `forge.https` is the Forge App accessed via HTTPS (default `true`) + - `forge.tlsSecretName` is the name of the kubernetes secret that holds the HTTPS certificate, it should be a wildcard cert for the `forge.domain` value - `forge.registry` the container registry to find Project templates (default Docker Hub) - `forge.dbUsername` (default `forge`) - `forge.dbPassword` (default `Zai1Wied`) diff --git a/helm/flowforge/templates/broker.yaml b/helm/flowforge/templates/broker.yaml index a4b1a606..7fde1d8d 100644 --- a/helm/flowforge/templates/broker.yaml +++ b/helm/flowforge/templates/broker.yaml @@ -131,7 +131,13 @@ metadata: labels: app: flowforge-broker annotations: + {{- if .Values.ingress.annotations }} + {{- toYaml .Values.ingress.annotations | nindent 4 }} + {{- end }} spec: + {{- if and $.Values.ingress.className (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ $.Values.ingress.className }} + {{- end }} rules: - host: mqtt.{{ .Values.forge.domain }} http: @@ -143,6 +149,14 @@ spec: name: flowforge-broker port: number: 1884 + {{- if .Values.forge.https }} + tls: + - hosts: + - mqtt.{{ .Values.forge.domain }} + {{- if .Values.forge.tlsSecretName }} + secretName: {{ .Values.forge.tlsSecretName}} + {{- end }} + {{- end }} # --- # apiVersion: v1 # kind: Service diff --git a/helm/flowforge/templates/service-ingress.yaml b/helm/flowforge/templates/service-ingress.yaml index 10038fed..08f84c7f 100644 --- a/helm/flowforge/templates/service-ingress.yaml +++ b/helm/flowforge/templates/service-ingress.yaml @@ -37,3 +37,11 @@ spec: name: forge port: number: 80 + {{- if .Values.forge.https }} + tls: + - hosts: + - {{ .Values.forge.entryPoint }} + {{- if .Values.forge.tlsSecretName }} + secretName: {{ .Values.forge.tlsSecretName }} + {{- end }} + {{- end }} \ No newline at end of file diff --git a/helm/flowforge/values.schema.json b/helm/flowforge/values.schema.json index ae749c8f..62f28fda 100644 --- a/helm/flowforge/values.schema.json +++ b/helm/flowforge/values.schema.json @@ -275,6 +275,9 @@ }, "branding": { "type": "object" + }, + "tlsSecretName": { + "type": "string" } }, "required": [ From c0660ec902c00095b4b195d5c0762c00a2c6a404 Mon Sep 17 00:00:00 2001 From: Ben Hardill Date: Fri, 14 Jul 2023 14:21:13 +0100 Subject: [PATCH 2/2] Add missing new line --- helm/flowforge/templates/service-ingress.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/helm/flowforge/templates/service-ingress.yaml b/helm/flowforge/templates/service-ingress.yaml index 08f84c7f..154ca410 100644 --- a/helm/flowforge/templates/service-ingress.yaml +++ b/helm/flowforge/templates/service-ingress.yaml @@ -44,4 +44,5 @@ spec: {{- if .Values.forge.tlsSecretName }} secretName: {{ .Values.forge.tlsSecretName }} {{- end }} - {{- end }} \ No newline at end of file + {{- end }} + \ No newline at end of file