feat: TLS support for web (#301)

* Added TLS support for web - Added optional configurations `cert_file` and `key_file` to run web server with https Signed-off-by: Dmytro Bondar <git@bonddim.com> * Helm chart update - Refactored Ingress to use one host only (`config.web.external_url` is required) - Added Certificate resource template (secret is mounted to container into `/app/certs/`) - Added support for service with mixed protocols (exposes UI and Wireguard ports on same IP) - Added helm-docs target to makefile - Changed pod labels to use selectorLabels - Removed default probes (app runs without healthy web) - Removed sections from README Signed-off-by: Dmytro Bondar <git@bonddim.com> * Fix chart workflow path filter * Fix chart lint issue * Skip clean-up tested chart * Try k3d cluster --------- Signed-off-by: Dmytro Bondar <git@bonddim.com>
2025-09-15 07:11:15 +00:00 · 2024-09-22 13:25:08 +02:00
parent e3d05a4678
commit 6ffe1a90ae
17 changed files with 289 additions and 274 deletions
--- a/deploy/helm/templates/ingress.yaml
+++ b/deploy/helm/templates/ingress.yaml
@@ -1,4 +1,5 @@
-{{- if .Values.ingress.enabled -}}
+{{- $hostname := include "wg-portal.hostname" . -}}
+{{- if and .Values.ingress.enabled $hostname -}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -10,38 +11,20 @@ metadata:
 spec:
  ingressClassName: {{ .Values.ingress.className }}
  rules:
-    - host: {{ .Values.ingress.host }}
+    - host: {{ $hostname }}
      http:
        paths:
-          - path: /
+          - path: {{ default "/" (urlParse (tpl .Values.config.web.external_url .)).path }}
            pathType: {{ default "ImplementationSpecific" .pathType }}
            backend:
              service:
-                name: {{ include "wg-portal.fullname" . }}-web
+                name: {{ include "wg-portal.fullname" . }}
                port:
-                  name: http
-    {{- range .Values.ingress.extraHosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ .path }}
-            pathType: {{ default "ImplementationSpecific" .pathType }}
-            backend:
-              service:
-                name: {{ include "wg-portal.fullname" . }}-web
-                port:
-                  name: http
-          {{- end }}
-    {{- end }}
+                  name: web
  {{- if .Values.ingress.tls }}
  tls:
-    {{- range .Values.ingress.tls }}
    - hosts:
-        {{- range .hosts }}
-        - {{ . | quote }}
-        {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
+        - {{ $hostname | quote }}
+      secretName: {{ include "wg-portal.fullname" . }}-tls
  {{- end }}
 {{- end }}