Add support for multiple ingresses (#241)

* Add b64 prefix

helm/charts/generic_service/README.md

@@ -76,10 +76,13 @@ The following table lists the configurable parameters of the chart and their def
 | `service.externalPort`               | Service external port                                                             | `3000`                         |
 | `service.internalPort`               | Service internal port name                                                        | `80`                           |
 | `ingress.enabled`                    | Enable ingress resource for Management console                                    | `false`                        |
+| `ingress.name`                       | Name of the ingress | `fullname`                                                  |                                |
+| `ingress.annotations`                | Map of annotations. Keys prefixed with `b64/` must be 64enc and the chart b64dec  | `{}`                           |
 | `ingress.hosts[0].host`              | Host                                                                              | `nil`                          |
 | `ingress.hosts[0].paths[0].path`     | Path for the default host                                                         | `/`                            |
 | `ingress.hosts[0].tls[0].secretName` | Name of existing secret contiaining the tls certificate                           | `nil`                          |
 | `ingress.hosts[0].tls[0].hosts[0]`   | Host on which to apply the tls encription                                         | `nil`                          |
+| `ingresses`                          | Optional array of ingresses. If not specified, defaults to the `ingress` object   | `ingress`                      |
 
 Specify each parameter using the `--set key=value[,key=value]` or `--set-file key=value[,key=value]` argument to `helm install`. For example,
 

helm/charts/generic_service/templates/NOTES.txt

@@ -1,8 +1,9 @@
 1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
+{{- $ingress := index (default (list .Values.ingress) .Values.ingresses) 0 }}
+{{- if $ingress }}
+{{- range $host := $ingress.hosts }}
   {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ tpl $host.host $ }}{{ .path }}
+  http{{ if $ingress.tls }}s{{ end }}://{{ tpl $host.host $ }}{{ .path }}
   {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}

helm/charts/generic_service/templates/ingress.yaml

@@ -1,34 +1,44 @@
-{{- if .Values.ingress.enabled -}}
-{{- $fullName := include "helm_chart.fullname" . -}}
-{{- $svcPort := .Values.service.externalPort -}}
-{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
-  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
-  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+{{- range $ingress := default (list .Values.ingress) .Values.ingresses }}
+{{- if $ingress.enabled -}}
+{{- $fullName := include "helm_chart.fullname" $ -}}
+{{- $svcPort := $.Values.service.externalPort -}}
+{{- $gitVersion := $.Capabilities.KubeVersion.GitVersion -}}
+{{- if and $ingress.className (not (semverCompare ">=1.18-0" $gitVersion)) }}
+  {{- if not (hasKey $ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set $ingress.annotations "kubernetes.io/ingress.class" $ingress.className}}
   {{- end }}
 {{- end }}
-{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- range $annKey, $annValue := $ingress.annotations }}
+  {{- if hasPrefix "b64/" $annKey }}
+    {{- $newKey := trimPrefix "b64/" $annKey -}}
+    {{- $decodedValue := tpl $annValue $ }}
+    {{- $_ := set $ingress.annotations (trimPrefix "b64/" $annKey) ($decodedValue | include "validateSecret" | b64dec) }}
+    {{- $_ := unset $ingress.annotations $annKey }}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" $gitVersion -}}
 apiVersion: networking.k8s.io/v1
-{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- else if semverCompare ">=1.14-0" $gitVersion -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
 apiVersion: extensions/v1beta1
 {{- end }}
 kind: Ingress
 metadata:
-  name: {{ $fullName }}
-  {{- with .Values.ingress.annotations }}
+  name: {{ default $fullName $ingress.name }}
+  {{- with $ingress.annotations }}
   annotations:
-    {{- toYaml . | nindent 4 }}
+    {{- tpl (toYaml .) $ | nindent 4 }}
   {{- end }}
   labels:
-    {{- include "helm_chart.labels" . | nindent 4 }}
+    {{- include "helm_chart.labels" $ | nindent 4 }}
 spec:
-  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
-  ingressClassName: {{ .Values.ingress.className }}
+  {{- if and $ingress.className (semverCompare ">=1.18-0" $gitVersion) }}
+  ingressClassName: {{ $ingress.className }}
   {{- end }}
-  {{- if .Values.ingress.tls }}
+  {{- if $ingress.tls }}
   tls:
-    {{- range .Values.ingress.tls }}
+    {{- range $ingress.tls }}
     - hosts:
         {{- range .hosts }}
         - {{ tpl . $ | quote }}
@@ -37,25 +47,27 @@ spec:
     {{- end }}
   {{- end }}
   rules:
-    {{- range .Values.ingress.hosts }}
+    {{- range $ingress.hosts }}
     - host: {{ tpl .host $ | quote }}
       http:
         paths:
           {{- range .paths }}
           - path: {{ .path }}
-            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $gitVersion) }}
             pathType: {{ .pathType }}
             {{- end }}
             backend:
-              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              {{- if semverCompare ">=1.19-0" $gitVersion }}
               service:
                 name: {{ $fullName }}
                 port:
                   number: {{ $svcPort }}
               {{- else -}}
               serviceName: {{ $fullName }}
-              servicePort: {{ $svcPort }}7
+              servicePort: {{ $svcPort }}
               {{- end }}
           {{- end }}
     {{- end }}
+---
   {{- end }}
+{{- end }}

helm/configs/backend/values.yaml

@@ -41,22 +41,34 @@ secrets:
       mail_auth: "{{ .Values.secretsJson.MAIL_AUTH }}"
       express_session: "{{ .Values.secretsJson.EXPRESS_SESSION_SECRET }}"
 
-ingress:
-  enabled: true
-  annotations: 
-    kubernetes.io/ingress.class: nginx
-    cert-manager.io/cluster-issuer: letsencrypt-prod
-    nginx.ingress.kubernetes.io/proxy-body-size: 50m
-    nginx.ingress.kubernetes.io/proxy-read-timeout: "120"
-  hosts:
-    - host: "{{ .Values.host }}"
-      paths: 
-        - path: "/"
-          pathType: Prefix
-  tls:
-    - hosts:
-      - "{{ .Values.host }}"
-      secretName: "scicat-be-certificate"
+ingresses:
+  - enabled: true
+    annotations:
+      kubernetes.io/ingress.class: nginx
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+      nginx.ingress.kubernetes.io/proxy-body-size: 50m
+      nginx.ingress.kubernetes.io/proxy-read-timeout: "120"
+    hosts:
+      - host: "{{ .Values.host }}"
+        paths: 
+          - path: "/"
+            pathType: Prefix
+    tls:
+      - hosts:
+        - "{{ .Values.host }}"
+        secretName: "scicat-be-certificate"
+  - enabled: true
+    name: backend-login
+    annotations:
+      kubernetes.io/ingress.class: nginx
+      b64/nginx.ingress.kubernetes.io/whitelist-source-range: "{{ .Values.secretsJson.WHITELISTED_IPS }}"
+    hosts:
+      - host: "{{ .Values.host }}"
+        paths:
+          - path: /api/v3/Users/login
+            pathType: Exact
+          - path: /api/v3/auth/msad
+            pathType: Exact
 
 configMaps: 
   "{{ .Release.Name }}-cm":