diff --git a/charts/generic-service/README.md b/charts/generic-service/README.md index a714b34..873f38a 100644 --- a/charts/generic-service/README.md +++ b/charts/generic-service/README.md @@ -103,6 +103,7 @@ app: | `ingress.paths` | `[]` | HTTP path prefixes to accept ingress traffic for (leave empty to accept traffic for any path) | | `ingress.tls.enabled` | `false` | Enables TLS termination at the ingress (not applicable if `ingress.istio.enabled`) | | `ingress.tls.secret` | `{{ .Release.Name }}-tls` | The name of the `Secret` holding the TLS private key (not applicable if `ingress.istio.enabled`) | +| `ingress.tls.secretNamespace` | | The Kubernetes namespace containing the `Secret` (only applicable if `ingress.class` is `contour`) | | `ingress.cors.enabled` | `false` | Enables CORS (only applicable if `ingress.class` is `nginx` or `ingress.istio.enabled` is `true`) | | `ingress.cors.allowOrigin` | `[]` | List of origins allowed to access the ingress via CORS; leave empty to allow any | | `ingress.cors.allowMethods` | `[GET]` | List of HTTP methods allowed to access the ingress via CORS | @@ -127,6 +128,7 @@ app: | `ingress.extra.*.paths` | `[]` | HTTP path prefixes to accept ingress traffic for (leave empty to accept traffic for any path) | | `ingress.extra.*.tls.enabled` | `false` | Enables TLS termination at the ingress | | `ingress.extra.*.tls.secret` | Release Name + `*` + `-tls` | The name of the `Secret` holding the TLS private key | +| `ingress.extra.*.tls.secretNamespace` | | The Kubernetes namespace containing the `Secret` (only applicable if `class` is `contour`) | | `ingress.extra.*.annotations` | `{}` | Additional annotations, merged with `ingress.annotations` (use string `nil` to unset existing values) | | `netpol.enabled` | `false` | Apply network policies for the `Pod`s | | `netpol.ingress` | Allow from same namespace | Ingress network policy rules to apply | diff --git a/charts/generic-service/ci/ingress-contour-values.yaml b/charts/generic-service/ci/ingress-contour-values.yaml index b3357ef..8fd6455 100644 --- a/charts/generic-service/ci/ingress-contour-values.yaml +++ b/charts/generic-service/ci/ingress-contour-values.yaml @@ -12,3 +12,9 @@ ingress: timeout: domains: ['timeout.example.com'] timeoutSeconds: -1 # infinte + tls: + domains: ['tls.example.com'] + tls: + enabled: true + secretNamespace: secret-namespace + secret: secret-name diff --git a/charts/generic-service/templates/ingress-extra.yaml b/charts/generic-service/templates/ingress-extra.yaml index d586fb3..1c30893 100644 --- a/charts/generic-service/templates/ingress-extra.yaml +++ b/charts/generic-service/templates/ingress-extra.yaml @@ -31,6 +31,9 @@ metadata: {{- if $timeout }} projectcontour.io/response-timeout: '{{ if eq (int $timeout) -1 }}infinity{{ else }}{{ $timeout }}s{{ end }}' {{- end }} + {{- if and $extra.tls (and $extra.tls.enabled $extra.tls.secretNamespace) }} + projectcontour.io/tls-cert-namespace: {{ $extra.tls.secretNamespace }} + {{- end }} {{- end }} spec: diff --git a/charts/generic-service/templates/ingress.yaml b/charts/generic-service/templates/ingress.yaml index 3312a39..3ba83bf 100644 --- a/charts/generic-service/templates/ingress.yaml +++ b/charts/generic-service/templates/ingress.yaml @@ -30,6 +30,9 @@ metadata: {{- if .Values.ingress.timeoutSeconds }} projectcontour.io/response-timeout: '{{ if eq (int .Values.ingress.timeoutSeconds) -1 }}infinity{{ else }}{{ .Values.ingress.timeoutSeconds }}s{{ end }}' {{- end }} + {{- if and .Values.ingress.tls.enabled .Values.ingress.tls.secretNamespace }} + projectcontour.io/tls-cert-namespace: {{ .Values.ingress.tls.secretNamespace }} + {{- end }} {{- end }} spec: diff --git a/charts/generic-service/values.schema.json b/charts/generic-service/values.schema.json index e7957de..13a69a7 100644 --- a/charts/generic-service/values.schema.json +++ b/charts/generic-service/values.schema.json @@ -535,6 +535,10 @@ "type": "string", "default": "{{ .Release.Name }}-tls", "description": "The name of the Secret holding the TLS private key (not applicable if ingress.istio.enabled)" + }, + "secretNamespace": { + "type": "string", + "description": "The Kubernetes namespace containing the Secret (only applicable if ingress.class is contour)" } }, "additionalProperties": false @@ -675,6 +679,10 @@ "secret": { "type": "string", "description": "The name of the Secret holding the TLS private key" + }, + "secretNamespace": { + "type": "string", + "description": "The Kubernetes namespace containing the Secret (only applicable if class is contour)" } } }, diff --git a/charts/generic-service/values.yaml b/charts/generic-service/values.yaml index 8687c1e..83c1169 100644 --- a/charts/generic-service/values.yaml +++ b/charts/generic-service/values.yaml @@ -111,6 +111,7 @@ ingress: tls: enabled: false secret: '{{ .Release.Name }}-tls' + secretNamespace: '' cors: enabled: false allowOrigin: []