diff --git a/ansible/group_vars/all/shd-client.yml b/ansible/group_vars/all/shd-client.yml index f8d349c..9dd752b 100644 --- a/ansible/group_vars/all/shd-client.yml +++ b/ansible/group_vars/all/shd-client.yml @@ -1,2 +1,4 @@ --- +PORT: 4100 SHD_CLIENT_IMAGE: quay.io/schulcloudverbund/shd-client +SHD_CLIENT_PREFIX: dashboard2. diff --git a/ansible/group_vars/develop/shd-client.yml b/ansible/group_vars/develop/shd-client.yml index f1e7574..a3f9a28 100644 --- a/ansible/group_vars/develop/shd-client.yml +++ b/ansible/group_vars/develop/shd-client.yml @@ -1,2 +1,4 @@ --- +PORT: 4100 SHD_CLIENT_IMAGE: ghcr.io/hpi-schul-cloud/shd-client +SHD_CLIENT_PREFIX: shd2- \ No newline at end of file diff --git a/ansible/roles/shd-client-core/tasks/main.yml b/ansible/roles/shd-client-core/tasks/main.yml index 3c28690..b37580d 100644 --- a/ansible/roles/shd-client-core/tasks/main.yml +++ b/ansible/roles/shd-client-core/tasks/main.yml @@ -16,3 +16,9 @@ kubeconfig: ~/.kube/config namespace: "{{ NAMESPACE }}" template: deployment.yml.j2 + +- name: Ingress + kubernetes.core.k8s: + kubeconfig: ~/.kube/config + namespace: "{{ NAMESPACE }}" + template: ingress.yml.j2 diff --git a/ansible/roles/shd-client-core/templates/configmap.yml.j2 b/ansible/roles/shd-client-core/templates/configmap.yml.j2 index 0a6af83..8a8dba4 100644 --- a/ansible/roles/shd-client-core/templates/configmap.yml.j2 +++ b/ansible/roles/shd-client-core/templates/configmap.yml.j2 @@ -10,4 +10,4 @@ data: # general NODE_ENV: "production" TZ: "Europe/Berlin" - API_URL: {{ API_URL }} + API_URL: "https://{{ DOMAIN }}/api" diff --git a/ansible/roles/shd-client-core/templates/ingress.yml.j2 b/ansible/roles/shd-client-core/templates/ingress.yml.j2 new file mode 100644 index 0000000..4af2346 --- /dev/null +++ b/ansible/roles/shd-client-core/templates/ingress.yml.j2 @@ -0,0 +1,40 @@ +#jinja2: trim_blocks: "True", lstrip_blocks: "True" +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ NAMESPACE }}-shd-client-ingress + namespace: {{ NAMESPACE }} + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABLED|default("false") }}" + # type of authentication + nginx.ingress.kubernetes.io/auth-type: basic + # name of the secret that contains the user/password definitions + nginx.ingress.kubernetes.io/auth-secret: shd-basic-auth-secret + # message to display with an appropriate context why the authentication is required + nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required' +{% if CLUSTER_ISSUER is defined %} + cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }} +{% endif %} + +spec: + ingressClassName: {{ INGRESS_CLASS }} +{% if CLUSTER_ISSUER is defined or (TLS_ENABLED is defined and TLS_ENABLED|bool) %} + tls: + - hosts: + - {{ SHD_CLIENT_PREFIX }}{{ DOMAIN }} +{% if CLUSTER_ISSUER is defined %} + secretName: {{ SHD_CLIENT_PREFIX }}{{ DOMAIN }}-tls +{% endif %} +{% endif %} + rules: + - host: {{ SHD_CLIENT_PREFIX }}{{ DOMAIN }} + http: + paths: + ### SHD + - path: / + pathType: Prefix + backend: + service: + name: shd-client-svc + port: + number: {{ PORT }} diff --git a/ansible/roles/shd-client-core/templates/svc.yml.j2 b/ansible/roles/shd-client-core/templates/svc.yml.j2 index 59c3f5e..6ab25a6 100644 --- a/ansible/roles/shd-client-core/templates/svc.yml.j2 +++ b/ansible/roles/shd-client-core/templates/svc.yml.j2 @@ -8,7 +8,7 @@ metadata: spec: type: ClusterIP ports: - - port: 4100 + - port: {{ PORT }} targetPort: 4100 protocol: TCP name: shd-client