Skip to content
Snippets Groups Projects
Commit 888a6eb3 authored by Jan Zickermann's avatar Jan Zickermann
Browse files

#2 OZG-7121 helm: Configure haproxy-ingress with ssl-passthrough

parent 5b1809a8
No related branches found
No related tags found
1 merge request!3Resolve "xta-test-server helm-chart mit Deployment und Keystore-Secrets/Certificate-Resources"
Pipeline #1350 passed
...@@ -40,9 +40,4 @@ spec: ...@@ -40,9 +40,4 @@ spec:
- key encipherment - key encipherment
- key agreement - key agreement
dnsNames: dnsNames:
- "*.{{ .Release.Name }}.{{ include "app.namespace" . }}.svc.cluster.local" - "{{ .Release.Name }}-{{ include "app.baseDomain" . }}"
- "{{ .Release.Name }}.{{ include "app.namespace" . }}.svc.cluster.local" \ No newline at end of file
- "{{ .Release.Name }}.{{ include "app.namespace" . }}.svc.cluster"
- "{{ .Release.Name }}.{{ include "app.namespace" . }}.svc"
- "{{ .Release.Name }}.{{ include "app.namespace" . }}"
- "{{ .Release.Name }}"
\ No newline at end of file
...@@ -4,24 +4,11 @@ metadata: ...@@ -4,24 +4,11 @@ metadata:
name: {{ .Release.Name }} name: {{ .Release.Name }}
namespace: {{ include "app.namespace" . }} namespace: {{ include "app.namespace" . }}
annotations: annotations:
{{- if (.Values.ingress).certManagerAnnotations -}} haproxy-ingress.github.io/ssl-passthrough: "true"
{{- range (.Values.ingress).certManagerAnnotations }}
{{ . | indent 4 }}
{{- end }}
{{- else if (.Values.ingress).use_staging_cert }}
cert-manager.io/cluster-issuer: letsencrypt-staging
{{- else }}
cert-manager.io/cluster-issuer: letsencrypt-prod
{{- end }}
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
nginx.ingress.kubernetes.io/auth-tls-secret: {{ include "app.namespace" . }}-ca-cert
nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"
spec: spec:
{{- if (.Values.ingress).className }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
rules: rules:
- http: - host: "{{ .Release.Name }}-{{ include "app.baseDomain" . }}"
http:
paths: paths:
- path: / - path: /
pathType: Prefix pathType: Prefix
...@@ -30,13 +17,3 @@ spec: ...@@ -30,13 +17,3 @@ spec:
name: {{ .Release.Name }} name: {{ .Release.Name }}
port: port:
number: 8443 number: 8443
\ No newline at end of file
host: "{{ .Release.Name }}-{{ include "app.baseDomain" . }}"
tls:
- hosts:
- "{{ .Release.Name }}-{{ include "app.baseDomain" . }}"
{{- if (.Values.ingress).tlsSecretName }}
secretName: {{ (.Values.ingress).tlsSecretName }}
{{- else }}
secretName: {{ .Values.ozgcloud.bezeichner }}-{{ .Release.Name }}-tls
{{- end }}
\ No newline at end of file
...@@ -63,12 +63,7 @@ tests: ...@@ -63,12 +63,7 @@ tests:
- equal: - equal:
path: spec.dnsNames path: spec.dnsNames
value: value:
- "*.xta-test-server-release-name.sh-helm-test.svc.cluster.local" - "xta-test-server-release-name-helm.test.by.ozg-cloud.de"
- "xta-test-server-release-name.sh-helm-test.svc.cluster.local"
- "xta-test-server-release-name.sh-helm-test.svc.cluster"
- "xta-test-server-release-name.sh-helm-test.svc"
- "xta-test-server-release-name.sh-helm-test"
- "xta-test-server-release-name"
- it: should contain default lables and component lables - it: should contain default lables and component lables
asserts: asserts:
- equal: - equal:
......
...@@ -38,63 +38,11 @@ tests: ...@@ -38,63 +38,11 @@ tests:
asserts: asserts:
- isKind: - isKind:
of: Ingress of: Ingress
- it: should set ingress tls - it: should enable ssl passthrough
set:
ingress:
tlsSecretName: client-tls
asserts:
- equal:
path: spec.tls[0].secretName
value: client-tls
- it: should not create ingress tls/ingressClass by default
asserts:
- isNull:
path: spec.ingressClassName
- it: should set ingress tls/ingressClass
set:
ingress:
className: ingress
asserts:
- equal:
path: spec.ingressClassName
value: ingress
- it: should use default letsencrypt-prod cluster-issuer
asserts:
- equal:
path: metadata.annotations["cert-manager.io/cluster-issuer"]
value: letsencrypt-prod
- it: should use letsencrypt-staging cluster-issuer
set:
ingress.use_staging_cert: true
asserts: asserts:
- equal: - equal:
path: metadata.annotations["cert-manager.io/cluster-issuer"] path: metadata.annotations["haproxy-ingress.github.io/ssl-passthrough"]
value: letsencrypt-staging
- it: should enable client verification
asserts:
- equal:
path: metadata.annotations["nginx.ingress.kubernetes.io/auth-tls-verify-client"]
value: "on"
- it: should use CA of namespace to verify certificates
asserts:
- equal:
path: metadata.annotations["nginx.ingress.kubernetes.io/auth-tls-secret"]
value: sh-helm-test-ca-cert
- it: should pass certificate to upstream server
asserts:
- equal:
path: metadata.annotations["nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream"]
value: "true" value: "true"
- it: should create tls hosts name correctly
asserts:
- equal:
path: spec.tls[0].hosts[0]
value: matabase-helm.test.by.ozg-cloud.de
- it: should create rules correctly - it: should create rules correctly
asserts: asserts:
- equal: - equal:
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment