add conditional serviceType settings for web service

batpad · batpad · commit 533d621c8326 · 2022-03-30T09:14:00.000-07:00
diff --git a/osm-seed/templates/web/web-service.yaml b/osm-seed/templates/web/web-service.yaml
@@ -9,21 +9,29 @@ metadata:
     environment: {{ .Values.environment }}
     release: {{ .Release.Name }}
   annotations:
+    {{- if and (eq .Values.serviceType "LoadBalancer") .Values.AWS_SSL_ARN }}
+    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Values.AWS_SSL_ARN }}
+    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
+    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https    
+    {{- end }}
+    {{- if eq .Values.serviceType "ClusterIP" -}}
     kubernetes.io/ingress.class: nginx
-    # nginx.ingress.kubernetes.io/proxy-body-size: "300m"
     cert-manager.io/cluster-issuer: letsencrypt-prod-issuer
+    {{- end }}
+
 spec:
-  {{- if eq .Values.cloudProvider "minikube" }}
-  type: NodePort
-  {{- else }}
-  type: ClusterIP
-  {{- end }}
+  type: {{ .Values.serviceType }}
   ports:
     - port: 80
       targetPort: http
-      nodePort: null
       protocol: TCP
       name: http
+  {{- if and (eq .Values.serviceType "LoadBalancer") .Values.AWS_SSL_ARN }}
+    - port: 443
+      targetPort: http
+      protocol: TCP
+      name: https
+  {{- end }}
   selector:
     app: {{ template "osm-seed.name" . }}
     release: {{ .Release.Name }}
diff --git a/osm-seed/values.yaml b/osm-seed/values.yaml
@@ -32,28 +32,21 @@ AZURE_STORAGE_CONNECTION_STRING: xyz..
 
 AWS_SSL_ARN: false
 
-# ====================================================================================================
-# Ingress variables
-# ====================================================================================================
-# ingress:
-#   enabled: false
-#   annotations: {}
-#     # kubernetes.io/ingress.class: nginx
-#     # kubernetes.io/tls-acme: "true"
-#   path: /
-#   hosts:
-#     - chart-example.local
-#   tls: []
+# Specify serviceType.
+#
+# serviceType can be one of three values: 'NodePort', 'ClusterIP' or 'LoadBalancer'
+# Use `NodePort` for local testing on minikube.
+#
+# The recommended setting is `ClusterIP`, and then following the instructions to
+# point a DNS record to the cluster IP address. This will setup the ingress rules
+# for all services as subdomains and configure SSL using Lets Encrypt.
+#
+# If you specify `LoadBalancer` as the service type, if you also specify
+# an `AWS_SSL_ARN` that is a wildcart certificate, that will be configured
+# as the SSL certificate for your services. Else, you will need to configure
+# SSL separately. 
+serviceType: NodePort
 
-# # ====================================================================================================
-# # Domain app configuration
-# # ====================================================================================================
-# domain:
-#   #enabled, If you set  enabled=true, you should uncomment the following configurations
-#   enabled: false
-#   # domainName, Add here your domain or the fixed IP  where the server is running
-#   domainName: example.com
-#   protocolo: http
 
 # Domain that is pointed to the clusterIP
 # You will need to create an A record like *.osmseed.example.com pointed to the ClusterIP
