add ingress + ssl for tiler server

batpad · batpad · commit 52d99e9e5c10 · 2022-04-11T14:25:50.000-07:00
diff --git a/osm-seed/templates/tiler-server/tiler-server-ingress.yaml b/osm-seed/templates/tiler-server/tiler-server-ingress.yaml
@@ -0,0 +1,26 @@
+{{- if and .Values.tilerServer.enabled (eq .Values.serviceType "ClusterIP") }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ template "osm-seed.fullname" . }}-ingress-tiler-server
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-prod-issuer
+spec:
+  tls:
+    - hosts:
+      - tiler-server.{{ .Values.domain }}
+      secretName: {{ template "osm-seed.fullname" . }}-secret-tiler-server
+
+  rules:
+  - host: tiler-server.{{ .Values.domain }}
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: {{ template "osm-seed.fullname" . }}-tiler-server
+            port:
+              number: 80
+{{- end }}
diff --git a/osm-seed/templates/tiler-server/tiler-server-service.yaml b/osm-seed/templates/tiler-server/tiler-server-service.yaml
@@ -8,37 +8,30 @@ metadata:
     component: tiler-server-service
     environment: {{ .Values.environment }}
     release: {{ .Release.Name }}
-  {{- if eq .Values.cloudProvider "aws" }}
   annotations:
-    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300"
-    {{- if .Values.AWS_SSL_ARN }}
+    {{- if and (eq .Values.serviceType "LoadBalancer") .Values.AWS_SSL_ARN }}
     service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Values.AWS_SSL_ARN }}
     service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
+    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https    
+    {{- end }}
+    {{- if eq .Values.serviceType "ClusterIP" }}
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-prod-issuer
+    {{- else }}
+    fake.annotation: fake
     {{- end }}
-  {{- end }}
 spec:
-  # In case cloudProvider=aws
-  {{- if eq .Values.cloudProvider "aws" }}
-  type: LoadBalancer
-  {{- end }}
-  # In case cloudProvider=gcp
-  {{- if eq .Values.cloudProvider "gcp" }}
-  type: LoadBalancer
-  {{- end }}
-  # In case cloudProvider=minikube
-  {{- if eq .Values.cloudProvider "minikube" }}
-  type: NodePort
-  {{- end }}
+  type: {{ .Values.serviceType }}
   ports:
-    - port: {{ .Values.tilerServer.env.TILER_SERVER_PORT }}
-      targetPort: {{ .Values.tilerServer.env.TILER_SERVER_PORT }}
+    - port: 80
+      targetPort: http
       protocol: TCP
       name: http
-  {{- if .Values.AWS_SSL_ARN }} #FIXME: make generic
+  {{- if and (eq .Values.serviceType "LoadBalancer") .Values.AWS_SSL_ARN }}
     - port: 443
       targetPort: http
       protocol: TCP
-      name: https      
+      name: https
   {{- end }}
   
   selector:
