add ssl + ingress for tiler-visor

batpad · batpad · commit 960ea1dbea27 · 2022-04-11T14:32:04.000-07:00
diff --git a/osm-seed/templates/tiler-visor/tiler-visor-ingress.yaml b/osm-seed/templates/tiler-visor/tiler-visor-ingress.yaml
@@ -0,0 +1,26 @@
+{{- if and .Values.tilerVisor.enabled (eq .Values.serviceType "ClusterIP") }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ template "osm-seed.fullname" . }}-ingress-tiler-visor
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-prod-issuer
+spec:
+  tls:
+    - hosts:
+      - tiler-visor.{{ .Values.domain }}
+      secretName: {{ template "osm-seed.fullname" . }}-secret-tiler-visor
+
+  rules:
+  - host: tiler-visor.{{ .Values.domain }}
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: {{ template "osm-seed.fullname" . }}-tiler-visor
+            port:
+              number: 80
+{{- end }}
diff --git a/osm-seed/templates/tiler-visor/tiler-visor-service.yaml b/osm-seed/templates/tiler-visor/tiler-visor-service.yaml
@@ -8,28 +8,31 @@ metadata:
     component: tiler-visor-service
     environment: {{ .Values.environment }}
     release: {{ .Release.Name }}
-  {{- if eq .Values.cloudProvider "aws" }}
   annotations:
-    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300"
-  {{- end }}
+    {{- if and (eq .Values.serviceType "LoadBalancer") .Values.AWS_SSL_ARN }}
+    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Values.AWS_SSL_ARN }}
+    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
+    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https    
+    {{- end }}
+    {{- if eq .Values.serviceType "ClusterIP" }}
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-prod-issuer
+    {{- else }}
+    fake.annotation: fake
+    {{- end }}
 spec:
-  # In case cloudProvider=aws
-  {{- if eq .Values.cloudProvider "aws" }}
-  type: LoadBalancer
-  {{- end }}
-  # In case cloudProvider=gcp
-  {{- if eq .Values.cloudProvider "gcp" }}
-  type: LoadBalancer
-  {{- end }}
-  # In case cloudProvider=minikube
-  {{- if eq .Values.cloudProvider "minikube" }}
-  type: NodePort
-  {{- end }}
+  type: {{ .Values.serviceType }}
   ports:
-    - port: {{ .Values.tilerVisor.env.TILER_VISOR_PORT }}
-      targetPort: 80
+    - port: 80
+      targetPort: http
       protocol: TCP
       name: http
+  {{- if and (eq .Values.serviceType "LoadBalancer") .Values.AWS_SSL_ARN }}
+    - port: 443
+      targetPort: http
+      protocol: TCP
+      name: https
+  {{- end }}
   selector:
     app: {{ template "osm-seed.name" . }}
     release: {{ .Release.Name }}
