feat: TLS support for web (#301)

* Added TLS support for web - Added optional configurations `cert_file` and `key_file` to run web server with https Signed-off-by: Dmytro Bondar <git@bonddim.com> * Helm chart update - Refactored Ingress to use one host only (`config.web.external_url` is required) - Added Certificate resource template (secret is mounted to container into `/app/certs/`) - Added support for service with mixed protocols (exposes UI and Wireguard ports on same IP) - Added helm-docs target to makefile - Changed pod labels to use selectorLabels - Removed default probes (app runs without healthy web) - Removed sections from README Signed-off-by: Dmytro Bondar <git@bonddim.com> * Fix chart workflow path filter * Fix chart lint issue * Skip clean-up tested chart * Try k3d cluster --------- Signed-off-by: Dmytro Bondar <git@bonddim.com>
2025-09-15 07:11:15 +00:00 · 2024-09-22 13:25:08 +02:00
parent e3d05a4678
commit 6ffe1a90ae
17 changed files with 289 additions and 274 deletions
--- a/deploy/helm/templates/_service.tpl
+++ b/deploy/helm/templates/_service.tpl
@@ -0,0 +1,53 @@
+{{/*
+Define the service template
+{{- include "wg-portal.service" (dict "context" $ "scope" .Values.service.<name> "ports" list "name" "<name>") -}}
+*/}}
+{{- define "wg-portal.service.tpl" -}}
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .scope.annotations }}
+  annotations: {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels: {{- include "wg-portal.labels" .context | nindent 4 }}
+  name: {{ include "wg-portal.fullname" .context }}{{ ternary "" (printf "-%s" .name) (empty .name) }}
+spec:
+  {{- with .scope.clusterIP }}
+  clusterIP: {{ . }}
+  {{- end }}
+  {{- with .scope.externalIPs }}
+  externalIPs: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .scope.externalName }}
+  externalName: {{ . }}
+  {{- end }}
+  {{- with .scope.externalTrafficPolicy }}
+  externalTrafficPolicy: {{ . }}
+  {{- end }}
+  {{- with .scope.healthCheckNodePort }}
+  healthCheckNodePort: {{ . }}
+  {{- end }}
+  {{- with .scope.loadBalancerIP }}
+  loadBalancerIP: {{ . }}
+  {{- end }}
+  {{- with .scope.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  ports: {{- toYaml .ports | nindent 4 }}
+  {{- with .scope.publishNotReadyAddresses }}
+  publishNotReadyAddresses: {{ . }}
+  {{- end }}
+  {{- with .scope.sessionAffinity }}
+  sessionAffinity: {{ . }}
+  {{- end }}
+  {{- with .scope.sessionAffinityConfig }}
+  sessionAffinityConfig: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .scope.topologyKeys }}
+  topologyKeys: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .scope.type }}
+  type: {{ . }}
+  {{- end }}
+  selector: {{- include "wg-portal.selectorLabels" .context | nindent 4 }}
+{{- end -}}