Add Tornjak ingress example (#30)

Co-authored-by: Marco Franssen <marco.franssen@gmail.com> Co-authored-by: Mariusz Sabath <mrsabath@gmail.com> Co-authored-by: kfox1111 <Kevin.Fox@pnnl.gov>
spiffe · Nov 10, 2023 · 821ca12 · 821ca12
1 parent 6cd2282
commit 821ca12
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 2 deletions.
diff --git a/examples/openshift/openshift-values.yaml b/examples/openshift/openshift-values.yaml
@@ -10,7 +10,6 @@ spire-server:
       registry: ghcr.io
       repository: spiffe/tornjak-backend
       tag: ubi-v1.4.1
-
   nodeAttestor:
     k8sPsat:
       serviceAccountAllowList: ["spire-system:spire-agent"]

diff --git a/examples/tornjak/README.md b/examples/tornjak/README.md
@@ -22,7 +22,7 @@ helm upgrade --install --namespace spire-server \
 helm test spire -n spire-server
 ```
 
-## Access tornjak
+## Access Tornjak
 
 To access Tornjak you will have to use port-forwarding for the time being *(until we add authentication and ingress)*.
 
@@ -41,3 +41,36 @@ kubectl -n spire-server port-forward service/spire-tornjak-frontend 3000:3000
 You can now access Tornjak at [localhost:3000](http://localhost:3000).
 
 See [values.yaml](./values.yaml) for more details on the chart configurations to achieve this setup.
+
+## Tornjak and Ingress with ingress-nginx
+
+Update examples/production/example-your-values.yaml with your information, most importantly, trustDomain.
+
+```shell
+helm upgrade --install --namespace spire-server spire charts/spire \
+--values examples/production/values.yaml \
+--values examples/tornjak/values.yaml \
+--values examples/tornjak/values-ingress.yaml \
+--set global.spire.ingressControllerType=ingress-nginx \
+--values examples/production/example-your-values.yaml \
+--render-subchart-notes --debug
+```
+
+## Tornjak and Ingress on Openshift
+
+When deploying on Openshift, follow the deployment setup as described in
+[Openshift README](../openshift/README.md)
+
+Then just add Openshift specific configuration to the above command:
+
+```shell
+--values examples/openshift/openshift-values.yaml
+```
+
+When running on Openshift in some environments like IBM Cloud,
+you might need to add the following configurations:
+
+```shell
+--set spiffe-csi-driver.kubeletPath=/var/data/kubelet \
+--set spiffe-csi-driver.restrictedScc.enabled=true \
+```
diff --git a/examples/tornjak/values-ingress.yaml b/examples/tornjak/values-ingress.yaml
@@ -0,0 +1,8 @@
+spire-server:
+  tornjak:
+    ingress:
+      enabled: true
+
+tornjak-frontend:
+  ingress:
+    enabled: true