diff --git a/charts/hub/Chart.yaml b/charts/hub/Chart.yaml index c8a77c9..a402d26 100644 --- a/charts/hub/Chart.yaml +++ b/charts/hub/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.70.0 +version: 0.71.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/hub/templates/kerberos-hub/hub-api.yaml b/charts/hub/templates/kerberos-hub/hub-api.yaml index 4834faa..befe706 100644 --- a/charts/hub/templates/kerberos-hub/hub-api.yaml +++ b/charts/hub/templates/kerberos-hub/hub-api.yaml @@ -27,10 +27,6 @@ metadata: name: hub-api-ingress annotations: kubernetes.io/ingress.class: {{ .Values.ingress }} - {{- if eq .Values.kerberoshub.oauth2Proxy.enabled true }} - nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth" - nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri" - {{- end }} {{- if eq .Values.ingress "nginx" }} kubernetes.io/tls-acme: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true" @@ -96,39 +92,6 @@ spec: servicePort: 8081 {{- end }} {{ end }} -{{- if eq .Values.kerberoshub.oauth2Proxy.enabled true }} ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: oauth2-proxy-api - namespace: kube-system - annotations: - kubernetes.io/ingress.class: {{ .Values.ingress }} - {{- if eq .Values.ingress "nginx" }} - cert-manager.io/cluster-issuer: letsencrypt-prod - kubernetes.io/tls-acme: "true" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/enable-cors: "true" - {{- end }} -spec: - ingressClassName: nginx - rules: - - host: "{{ .Values.kerberoshub.api.url }}" - http: - paths: - - path: /oauth2 - pathType: Prefix - backend: - service: - name: oauth2-proxy - port: - number: 4180 - tls: - - hosts: - - "{{ .Values.kerberoshub.api.url }}" - secretName: -{{- end }} --- apiVersion: apps/v1 kind: Deployment diff --git a/charts/hub/templates/kerberos-hub/hub-frontend.yaml b/charts/hub/templates/kerberos-hub/hub-frontend.yaml index b5fb575..721fae7 100644 --- a/charts/hub/templates/kerberos-hub/hub-frontend.yaml +++ b/charts/hub/templates/kerberos-hub/hub-frontend.yaml @@ -23,6 +23,10 @@ metadata: name: hub-frontend-ingress annotations: kubernetes.io/ingress.class: {{ .Values.ingress }} + {{- if eq .Values.kerberoshub.oauth2Proxy.enabled true }} + nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth" + nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri" + {{- end }} {{- if eq .Values.ingress "nginx" }} kubernetes.io/tls-acme: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true" @@ -99,6 +103,39 @@ spec: servicePort: 80 {{- end }} {{- end }} +{{- if eq .Values.kerberoshub.oauth2Proxy.enabled true }} +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: oauth2-proxy-frontend + namespace: kube-system + annotations: + kubernetes.io/ingress.class: {{ .Values.ingress }} + {{- if eq .Values.ingress "nginx" }} + cert-manager.io/cluster-issuer: letsencrypt-prod + kubernetes.io/tls-acme: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + {{- end }} +spec: + ingressClassName: nginx + rules: + - host: "{{ .Values.kerberoshub.frontend.url }}" + http: + paths: + - path: /oauth2 + pathType: Prefix + backend: + service: + name: oauth2-proxy + port: + number: 4180 + tls: + - hosts: + - "{{ .Values.kerberoshub.frontend.url }}" + secretName: +{{- end }} --- apiVersion: apps/v1 kind: Deployment