diff --git a/src/main/helm/templates/certificate.yaml b/src/main/helm/templates/certificate.yaml
index 0a4d782213060150efc12dfbbb9fb6ea53232e83..7ac0e72801f769045b063a333c1c706f12655bae 100644
--- a/src/main/helm/templates/certificate.yaml
+++ b/src/main/helm/templates/certificate.yaml
@@ -40,9 +40,4 @@ spec:
- key encipherment
- key agreement
dnsNames:
- - "*.{{ .Release.Name }}.{{ include "app.namespace" . }}.svc.cluster.local"
- - "{{ .Release.Name }}.{{ include "app.namespace" . }}.svc.cluster.local"
- - "{{ .Release.Name }}.{{ include "app.namespace" . }}.svc.cluster"
- - "{{ .Release.Name }}.{{ include "app.namespace" . }}.svc"
- - "{{ .Release.Name }}.{{ include "app.namespace" . }}"
- - "{{ .Release.Name }}"
\ No newline at end of file
+ - "{{ .Release.Name }}-{{ include "app.baseDomain" . }}"
\ No newline at end of file
diff --git a/src/main/helm/templates/ingress.yaml b/src/main/helm/templates/ingress.yaml
index da01f4269f27046174a24ff03a223f42cbef4229..228582256bc4ab1ae54e1ac4c3971434df41e4be 100644
--- a/src/main/helm/templates/ingress.yaml
+++ b/src/main/helm/templates/ingress.yaml
@@ -4,39 +4,16 @@ metadata:
name: {{ .Release.Name }}
namespace: {{ include "app.namespace" . }}
annotations:
- {{- if (.Values.ingress).certManagerAnnotations -}}
- {{- range (.Values.ingress).certManagerAnnotations }}
-{{ . | indent 4 }}
- {{- end }}
- {{- else if (.Values.ingress).use_staging_cert }}
- cert-manager.io/cluster-issuer: letsencrypt-staging
- {{- else }}
- cert-manager.io/cluster-issuer: letsencrypt-prod
- {{- end }}
- nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
- nginx.ingress.kubernetes.io/auth-tls-secret: {{ include "app.namespace" . }}-ca-cert
- nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"
+ haproxy-ingress.github.io/ssl-passthrough: "true"
spec:
- {{- if (.Values.ingress).className }}
- ingressClassName: {{ .Values.ingress.className }}
- {{- end }}
rules:
- - http:
+ - host: "{{ .Release.Name }}-{{ include "app.baseDomain" . }}"
+ http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ .Release.Name }}
- port:
- number: 8443
-
- host: "{{ .Release.Name }}-{{ include "app.baseDomain" . }}"
- tls:
- - hosts:
- - "{{ .Release.Name }}-{{ include "app.baseDomain" . }}"
- {{- if (.Values.ingress).tlsSecretName }}
- secretName: {{ (.Values.ingress).tlsSecretName }}
- {{- else }}
- secretName: {{ .Values.ozgcloud.bezeichner }}-{{ .Release.Name }}-tls
- {{- end }}
\ No newline at end of file
+ port:
+ number: 8443
\ No newline at end of file
diff --git a/src/test/helm/certificate_test.yaml b/src/test/helm/certificate_test.yaml
index b91e5d2c9bdd01542b0f44ca938308e46db76d7c..cf78c770624db55707227add0f4efaec651a6469 100644
--- a/src/test/helm/certificate_test.yaml
+++ b/src/test/helm/certificate_test.yaml
@@ -63,12 +63,7 @@ tests:
- equal:
path: spec.dnsNames
value:
- - "*.xta-test-server-release-name.sh-helm-test.svc.cluster.local"
- - "xta-test-server-release-name.sh-helm-test.svc.cluster.local"
- - "xta-test-server-release-name.sh-helm-test.svc.cluster"
- - "xta-test-server-release-name.sh-helm-test.svc"
- - "xta-test-server-release-name.sh-helm-test"
- - "xta-test-server-release-name"
+ - "xta-test-server-release-name-helm.test.by.ozg-cloud.de"
- it: should contain default lables and component lables
asserts:
- equal:
diff --git a/src/test/helm/ingress_test.yaml b/src/test/helm/ingress_test.yaml
index 27c7f37fb6ce75047792326d3028d209c1936ac7..06b8b2327b88c54912252331477a3c4439afa6e3 100644
--- a/src/test/helm/ingress_test.yaml
+++ b/src/test/helm/ingress_test.yaml
@@ -38,63 +38,11 @@ tests:
asserts:
- isKind:
of: Ingress
- - it: should set ingress tls
- set:
- ingress:
- tlsSecretName: client-tls
+ - it: should enable ssl passthrough
asserts:
- equal:
- path: spec.tls[0].secretName
- value: client-tls
-
- - it: should not create ingress tls/ingressClass by default
- asserts:
- - isNull:
- path: spec.ingressClassName
- - it: should set ingress tls/ingressClass
- set:
- ingress:
- className: ingress
- asserts:
- - equal:
- path: spec.ingressClassName
- value: ingress
- - it: should use default letsencrypt-prod cluster-issuer
- asserts:
- - equal:
- path: metadata.annotations["cert-manager.io/cluster-issuer"]
- value: letsencrypt-prod
-
- - it: should use letsencrypt-staging cluster-issuer
- set:
- ingress.use_staging_cert: true
- asserts:
- - equal:
- path: metadata.annotations["cert-manager.io/cluster-issuer"]
- value: letsencrypt-staging
-
- - it: should enable client verification
- asserts:
- - equal:
- path: metadata.annotations["nginx.ingress.kubernetes.io/auth-tls-verify-client"]
- value: "on"
- - it: should use CA of namespace to verify certificates
- asserts:
- - equal:
- path: metadata.annotations["nginx.ingress.kubernetes.io/auth-tls-secret"]
- value: sh-helm-test-ca-cert
-
- - it: should pass certificate to upstream server
- asserts:
- - equal:
- path: metadata.annotations["nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream"]
+ path: metadata.annotations["haproxy-ingress.github.io/ssl-passthrough"]
value: "true"
- - it: should create tls hosts name correctly
- asserts:
- - equal:
- path: spec.tls[0].hosts[0]
- value: matabase-helm.test.by.ozg-cloud.de
-
- it: should create rules correctly
asserts:
- equal: