From 0ec284b6f4b25a7f4da06e4f21c5fc04bde9fafe Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Tue, 27 Feb 2024 16:29:11 +0100
Subject: [PATCH] improve ingress annotations and remove cluster_env

---
 src/main/helm/templates/ingress.yaml       | 26 +++++++++-------------
 src/main/helm/values.yaml                  |  9 --------
 src/test/helm/ingress-nginx-tests.yaml     | 15 ++++++++-----
 src/test/helm/ingress_nginx_cors_test.yaml |  8 +++++++
 4 files changed, 28 insertions(+), 30 deletions(-)

diff --git a/src/main/helm/templates/ingress.yaml b/src/main/helm/templates/ingress.yaml
index c9e606ed..1a1a9357 100644
--- a/src/main/helm/templates/ingress.yaml
+++ b/src/main/helm/templates/ingress.yaml
@@ -26,29 +26,21 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   annotations:
-  {{- if .Values.ingress.configuration_snippet }}
-  {{- with .Values.ingress.configuration_snippet }}
-      {{- toYaml . | nindent 4 }}
-  {{- end }}
-      more_set_headers "Access-Control-Allow-Origin: {{ (include "app.alfaAddress" .) }}";
-  {{- end }}
-    {{- with .Values.ingress.annotations }}
+    {{- with (.Values.ingress).annotations }}
       {{- toYaml . | nindent 4 }}
     {{- end }}
-    {{- if (.Values.ingress).certManagerAnnotations -}}
-    {{- range (.Values.ingress).certManagerAnnotations }}
-{{ . | indent 4 }}
-    {{- end }}
-    {{- else if (.Values.ingress).use_staging_cert }}
+    {{- if not (.Values.ingress).disableDefaultCertManager }}
+    {{- if (.Values.ingress).use_staging_cert }}
     cert-manager.io/cluster-issuer: letsencrypt-staging
     {{- else }}
     cert-manager.io/cluster-issuer: letsencrypt-prod
-    {{- end }} 
+    {{- end }}
+    {{- end }}
   name: {{ include "app.name" . }}
   namespace: {{ include "app.namespace" . }}
 spec:
-  {{- if and (.Values.ingress).className (ne (.Values).cluster_env "dataport") }}
-  ingressClassName: {{ .Values.ingress.className }}
+  {{- if (.Values.ingress).className }}
+  ingressClassName: {{ (.Values.ingress).className }}
   {{- end }}
   rules:
     - http:
@@ -64,8 +56,10 @@ spec:
   tls:
     - hosts:
       - {{ ( include "app.baseDomain" . ) }}
+      {{- if not (.Values.ingress).skipTlsSecret -}}
       {{- if (.Values.ingress).tlsSecretName }}
       secretName: {{ (.Values.ingress).tlsSecretName }}
-      {{- else if ne (.Values).cluster_env "dataport" }}
+      {{- else }}
       secretName: {{ .Values.ozgcloud.bezeichner }}-{{ include "app.name" . }}-tls
+      {{- end }}
       {{- end }}
\ No newline at end of file
diff --git a/src/main/helm/values.yaml b/src/main/helm/values.yaml
index daa6f7ce..76db8b5e 100644
--- a/src/main/helm/values.yaml
+++ b/src/main/helm/values.yaml
@@ -22,8 +22,6 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #
 
-cluster_env: ""
-
 replicaCount: 2
 
 image:
@@ -38,10 +36,3 @@ ozgcloud:
   keycloak:
     api:
       user: userManagerApiUser
-
-ingress:
-  configuration_snippet:
-    nginx.ingress.kubernetes.io/configuration-snippet: |
-      more_set_headers "Access-Control-Allow-Methods: GET,PATCH,OPTIONS";
-      more_set_headers "Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-XSRF-TOKEN";
-      more_set_headers "Access-Control-Expose-Headers: Content-Length,Content-Range";
diff --git a/src/test/helm/ingress-nginx-tests.yaml b/src/test/helm/ingress-nginx-tests.yaml
index bd52d6a0..f64e9b17 100644
--- a/src/test/helm/ingress-nginx-tests.yaml
+++ b/src/test/helm/ingress-nginx-tests.yaml
@@ -49,13 +49,11 @@ tests:
       - equal:
           path: spec.ingressClassName
           value: nginx
-  - it: should not create ingress tls/ingressClassName
+  - it: should not create ingress tls secret name
     set:
-      cluster_env: dataport
+      ingress.skipTlsSecret: true
     asserts:
-      - isNull:
-          path: spec.ingressClassName
-      - isNull:
+      - notExists:
           path: spec.tls[0].secretName
   - it: should use default letsencrypt-prod cluster-issuer
     asserts:
@@ -77,6 +75,13 @@ tests:
           path: metadata.annotations["cert-manager.io/cluster-issuer"]
           value: letsencrypt-prod
 
+  - it: should disable default cert-manager
+    set:
+      ingress.disableDefaultCertManager: true
+    asserts:
+      - notExists:
+          path: metadata.annotations["cert-manager.io/cluster-issuer"]
+
   - it: should create hostname correctly
     asserts:
       - equal:
diff --git a/src/test/helm/ingress_nginx_cors_test.yaml b/src/test/helm/ingress_nginx_cors_test.yaml
index 831fe9f0..3b85133a 100644
--- a/src/test/helm/ingress_nginx_cors_test.yaml
+++ b/src/test/helm/ingress_nginx_cors_test.yaml
@@ -34,6 +34,14 @@ set:
     bezeichner: helm
 tests:
   - it: check ingress annotations if nginx test environment
+    set:
+      ingress:
+        annotations:
+          nginx.ingress.kubernetes.io/configuration-snippet: |
+            more_set_headers "Access-Control-Allow-Methods: GET,PATCH,OPTIONS";
+            more_set_headers "Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-XSRF-TOKEN";
+            more_set_headers "Access-Control-Expose-Headers: Content-Length,Content-Range";
+            more_set_headers "Access-Control-Allow-Origin: https://helm.test.sh.ozg-cloud.de";
     asserts:
       - isKind:
           of: Ingress
-- 
GitLab