diff --git a/charts/identity-gatekeeper/Chart.yaml b/charts/identity-gatekeeper/Chart.yaml index 0fea23f..80d6b1d 100644 --- a/charts/identity-gatekeeper/Chart.yaml +++ b/charts/identity-gatekeeper/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.7 +version: 1.0.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/identity-gatekeeper/templates/_helpers.tpl b/charts/identity-gatekeeper/templates/_helpers.tpl index 6c8778d..d4f2366 100644 --- a/charts/identity-gatekeeper/templates/_helpers.tpl +++ b/charts/identity-gatekeeper/templates/_helpers.tpl @@ -81,6 +81,13 @@ Return the target Kubernetes version {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} {{- end -}} +{{/* +Internal URL for the target service +*/}} +{{- define "identity-gatekeeper.targetUrl" -}} +http://{{ .Values.targetService.name }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.targetService.port.number }} +{{- end }} + {{/* Internal base URL for the services (minus port number) */}} @@ -101,3 +108,12 @@ Internal URL for the admin service {{- define "identity-gatekeeper.adminServiceUrl" -}} {{ include "identity-gatekeeper.baseServiceUrl" . }}:{{ .Values.service.admin.port }} {{- end }} + +{{/* +Ingress server-snippets - merged from constituent parts +*/}} +{{- define "identity-gatekeeper.ingressServerSnippet" -}} +{{ .Values.ingress.serverSnippets.custom }} +{{ .Values.ingress.serverSnippets.gatekeeper }} +{{ .Values.ingress.serverSnippets.auth }} +{{- end }} diff --git a/charts/identity-gatekeeper/templates/ingress.yaml b/charts/identity-gatekeeper/templates/ingress.yaml index 6627e05..3225c99 100644 --- a/charts/identity-gatekeeper/templates/ingress.yaml +++ b/charts/identity-gatekeeper/templates/ingress.yaml @@ -7,10 +7,10 @@ metadata: name: {{ $name }} labels: {{- include "identity-gatekeeper.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} annotations: - {{- tpl (toYaml .) $ | nindent 4 }} - {{- end }} + {{- range $k, $v := .Values.ingress.annotations }} + {{- dict $k (tpl (tpl $v $) $) | toYaml | nindent 4 }} + {{- end }} namespace: {{ .Release.Namespace }} spec: {{- if and .Values.ingress.className (semverCompare ">=1.18-0" (include "identity-gatekeeper.kubeVersion" $)) }} diff --git a/charts/identity-gatekeeper/values.yaml b/charts/identity-gatekeeper/values.yaml index 9b3a87b..39d1ae9 100644 --- a/charts/identity-gatekeeper/values.yaml +++ b/charts/identity-gatekeeper/values.yaml @@ -91,7 +91,7 @@ ingress: className: "" annotations: cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/configuration-snippet: | + nginx.ingress.kubernetes.io/configuration-snippet: |- auth_request /auth; if ($request_method = OPTIONS) { return 200; @@ -99,7 +99,19 @@ ingress: add_header Access-Control-Allow-Origin $http_origin always; add_header Access-Control-Allow-Methods "*"; add_header Access-Control-Allow-Headers "Authorization, Origin, Content-Type"; - nginx.ingress.kubernetes.io/server-snippet: | + nginx.ingress.kubernetes.io/server-snippet: |- + {{ include "identity-gatekeeper.ingressServerSnippet" . }} + serverSnippets: + # Server snippets separated into different values, to allow them to be more easily overridden, + # and to more easily introduce addition custom locations. + custom: |- + #---------- + # Custom server snippets + #---------- + gatekeeper: |- + #---------- + # Gatekeeper-specific server snippets + #---------- # Open endpoints provided by gatekeeper itself # - which should passthru to gatekeeper, rather than the 'target' protected service, # without need for any auth. @@ -109,6 +121,10 @@ ingress: location ~ /oauth/(health|metrics) { proxy_pass {{ include "identity-gatekeeper.adminServiceUrl" . }}$request_uri; } + auth: |- + #---------- + # Auth Request server snippets + #---------- # Endpoint for the nginx 'auth_request' - which directs to gatekeeper location ^~ /auth { internal; @@ -134,7 +150,8 @@ ingress: port: number: "{{ .Values.targetService.port.number }}" tls: - - secretName: "{{ include \"identity-gatekeeper.fullname\" . }}-tls" + - secretName: |- + {{ include "identity-gatekeeper.fullname" . }}-tls hosts: - "{{ .Values.targetService.host }}" autoscaling: