-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding https support on OpenShift #115
base: main
Are you sure you want to change the base?
Changes from all commits
acd4adf
9c36a3f
145ed78
ad922b3
71028bf
d68e565
5045cb5
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
{{- if .Values.openshift.trustSignerCA }} | ||
# This ConfigMap is used to get access to the OpenShift service signer CA | ||
# see https://docs.openshift.com/container-platform/4.8/security/certificates/service-serving-certificate.html#add-service-certificate-configmap_service-serving-certificate | ||
kind: ConfigMap | ||
apiVersion: v1 | ||
metadata: | ||
name: {{ include "krakend.fullname" . }}-additional-trust | ||
annotations: | ||
service.beta.openshift.io/inject-cabundle: 'true' | ||
{{- end }} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
{{- if and .Values.openshift .Values.openshift.route.contextPath }} | ||
kind: Route | ||
apiVersion: route.openshift.io/v1 | ||
metadata: | ||
name: {{ include "krakend.fullname" . }}-route | ||
spec: | ||
{{- if .Values.openshift.route.host }} | ||
host: {{ .Values.openshift.route.host }} | ||
{{- end }} | ||
path: {{ .Values.openshift.route.contextPath }} | ||
to: | ||
kind: Service | ||
name: {{ include "krakend.fullname" . }} | ||
weight: 100 | ||
port: | ||
targetPort: http | ||
tls: | ||
termination: reencrypt | ||
insecureEdgeTerminationPolicy: Redirect | ||
wildcardPolicy: None | ||
{{ end }} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -235,12 +235,14 @@ livenessProbe: | |
httpGet: | ||
path: /__health | ||
port: http | ||
scheme: HTTPS | ||
|
||
# -- (object) The readinessProbe to use for the krakend pod | ||
readinessProbe: | ||
httpGet: | ||
path: /__health | ||
port: http | ||
scheme: HTTPS | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We might need to use a macro for this instead of setting it up directly here. HTTPS won't work in default settings where TLS is not handled by krakend. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Note this is still a blocker for merging this. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Sorry, I thought I created the pull request in DRAFT mode, I wasn't done yet and I'm aware that there are some things that are not yet general enough but just take care of my own issue. I will try and generalize and address your comments |
||
|
||
# -- (object) podDisruptionBudget allows you to define minumum and maximum available pods | ||
podDisruptionBudget: | ||
|
@@ -266,6 +268,9 @@ serviceMonitor: | |
# -- prometheus metrics port exposed by krakend | ||
targetPort: 9091 | ||
|
||
openshift: | ||
trustSignerCA: false | ||
|
||
# -- (object) The networkPolicies configures ingress NetworkPolicies for your application | ||
networkPolicies: | ||
# -- (bool) Set to true to create NetworkPolicies for your application | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was this a slip up?