Add support for http2 and static ip in helm chart

mistio · Jul 21, 2019 · 6dfe6de · 6dfe6de
1 parent d77760d
commit 6dfe6de
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 2 deletions.
diff --git a/chart/mist/templates/ingress.yaml b/chart/mist/templates/ingress.yaml
@@ -9,6 +9,15 @@ metadata:
     heritage: {{ .Release.Service }}
   annotations:
     kubernetes.io/ingress.class: nginx
+{{- if .Values.http.tlsSecret }}
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    {{- if .Values.http.http2 }}
+    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+    {{- end }}
+{{- end }}
+{{- if .Values.http.static }}
+    kubernetes.io/ingress.global-static-ip-name: {{ .Values.http.static }}
+{{- end }}
 {{- if .Values.http.tlsAnnotations }}
 {{ toYaml .Values.http.tlsAnnotations | indent 4 }}
 {{- end }}

diff --git a/chart/mist/templates/nginx-configmap.yaml b/chart/mist/templates/nginx-configmap.yaml
@@ -49,6 +49,12 @@ data:
 
         server {
             listen               80;
+{{- if .Values.http.http2 }}
+            listen               443 http2 ssl;
+            server_name {{ .Values.http.host }};
+            ssl_certificate     /etc/nginx/tls/tls.crt;
+            ssl_certificate_key /etc/nginx/tls/tls.key;
+{{- end }}
             underscores_in_headers  on;
 
             #security -mostly- related headers

diff --git a/chart/mist/templates/nginx-deployment.yaml b/chart/mist/templates/nginx-deployment.yaml
@@ -26,10 +26,15 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         ports:
         - containerPort: 80
+        - containerPort: 443
         volumeMounts:
         - name: nginx-config
           mountPath: /etc/nginx/nginx.conf
           subPath: nginx.conf
+{{- if .Values.http.tlsSecret }}
+        - name: tls-cert
+          mountPath: /etc/nginx/tls
+{{- end }}
         resources:
           requests:
             memory: {{ .Values.deployment.nginx.resources.requests.memory | default "30Mi" }}
@@ -47,6 +52,11 @@ spec:
       - name: nginx-config
         configMap:
           name: {{ include "chart.fullname" . }}-nginx
+{{- if .Values.http.tlsSecret }}
+      - name: tls-cert
+        secret:
+          secretName: {{ .Values.http.tlsSecret }}
+{{- end }}
 {{- if .Values.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 8 }}

diff --git a/chart/mist/templates/nginx-service.yaml b/chart/mist/templates/nginx-service.yaml
@@ -7,7 +7,7 @@ metadata:
     chart: {{ include "chart.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
-{{- if .Values.http.tlsSecret }}
+{{- if .Values.http.http2 }}
   annotations:
     cloud.google.com/app-protocols: '{"port443":"HTTP2"}'
 {{- end }}
@@ -17,7 +17,7 @@ spec:
     targetPort: 80
     protocol: TCP
     name: port80
-{{- if .Values.http.tlsSecret }}
+{{- if .Values.http.http2 }}
   - port: 443
     targetPort: 443
     name: port443

diff --git a/chart/mist/values.yaml b/chart/mist/values.yaml
@@ -13,6 +13,8 @@ image:
 # HTTP settings for the deployed application.
 http:
   host: localhost
+  http2: false
+  static: ''
   tlsSecret: ''
   tlsHosts: []
   tlsAnnotations: {}