From 18c5cd8493cf97a483012c8d9f0afc5f483b1aab Mon Sep 17 00:00:00 2001
From: Tarashish Mishra <sunu@sunu.in>
Date: Tue, 21 Nov 2023 12:26:21 +0530
Subject: [PATCH] Add support for specifying host and getting certs from cert
 manager

---
 .../templates/services/ingress-nginx.yaml     | 51 +++++++++++++++++++
 helm-chart/eoapi/values.yaml                  |  7 +++
 2 files changed, 58 insertions(+)

diff --git a/helm-chart/eoapi/templates/services/ingress-nginx.yaml b/helm-chart/eoapi/templates/services/ingress-nginx.yaml
index be2e02bd..c8078b0f 100644
--- a/helm-chart/eoapi/templates/services/ingress-nginx.yaml
+++ b/helm-chart/eoapi/templates/services/ingress-nginx.yaml
@@ -15,6 +15,9 @@ metadata:
     nginx.ingress.kubernetes.io/use-regex: "true"
     nginx.ingress.kubernetes.io/rewrite-target: /$2
     nginx.ingress.kubernetes.io/enable-cors: "true"
+    {{- if (and (.Values.ingress.tls.enabled) (.Values.ingress.tls.certManager)) }}
+    cert-manager.io/issuer: {{ .Values.ingress.tls.certManagerIssuer }}
+    {{- end }}
 spec:
   {{- if (and (.Values.ingress.className) (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion)) }}
   ingressClassName: {{ .Values.ingress.className }}
@@ -52,6 +55,54 @@ spec:
                 port:
                   number: 80
           {{- end }}
+      {{- if (and (not .Values.testing) (.Values.ingress.host)) }}
+      host: {{ .Values.ingress.host }}
+      {{- end }}
+  {{- if (and (not .Values.testing) (.Values.ingress.host) (.Values.ingress.tls.enabled)) }}
+  tls:
+    - hosts:
+        - {{ .Values.ingress.host }}
+      secretName: {{ .Values.ingress.tls.secretName }}
+  {{- end }}
+---
+{{- if (and (.Values.ingress.tls.enabled) (.Values.ingress.tls.certManager)) }}
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: {{ .Values.ingress.tls.certManagerEmail }}
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-staging-key
+    # Enable the HTTP-01 challenge provider
+    solvers:
+      - http01:
+          ingress:
+            class: nginx
 ---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: {{ .Values.ingress.tls.certManagerEmail }}
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-prod-key
+    # Enable the HTTP-01 challenge provider
+    solvers:
+      - http01:
+          ingress:
+            class: nginx
+{{- end }}
 {{/* END: if .Values.ingress.className "nginx" */}}
 {{- end }}
\ No newline at end of file
diff --git a/helm-chart/eoapi/values.yaml b/helm-chart/eoapi/values.yaml
index cb6dfcc1..771ca73b 100644
--- a/helm-chart/eoapi/values.yaml
+++ b/helm-chart/eoapi/values.yaml
@@ -83,6 +83,13 @@ ingress:
   # `"nginx"` will create a `kind:Service` with a `spec.port:ClusterIP` and a single NLB and path rewrites for /vector, /stac, /raster
   enabled: true
   className: "nginx"
+  host: ""
+  tls:
+    enabled: false
+    secretName: eoapi-tls
+    certManager: false
+    certManagerIssuer: letsencrypt-prod
+    cerrtManagerEmail: ""
 
 raster:
   enabled: true