74 lines
2.9 KiB
YAML
74 lines
2.9 KiB
YAML
|
# ============================================================
|
|||
|
|
# Система: Единая библиотека, Центр ИИ НИУ ВШЭ
|
|||
|
|
# Модуль: Управления базовыми объектами Kubernetes
|
|||
|
|
# Авторы: Полежаев В.А., Хританков А.С.
|
|||
|
|
# Дата создания: 2024 г.
|
|||
|
|
# ============================================================
|
|||
|
|
apiVersion: networking.k8s.io/v1
|
|||
|
|
kind: Ingress
|
|||
|
|
metadata:
|
|||
|
|
name: {{ name }}
|
|||
|
|
namespace: {{ namespace }}
|
|||
|
|
annotations:
|
|||
|
|
{% if basic %}
|
|||
|
|
nginx.ingress.kubernetes.io/auth-type: basic
|
|||
|
|
nginx.ingress.kubernetes.io/auth-secret: {{ basic.secret_name }}
|
|||
|
|
{% endif %}
|
|||
|
|
nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - {{ auth_realm }}"
|
|||
|
|
nginx.ingress.kubernetes.io/use-regex: "true"
|
|||
|
|
nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
|
|||
|
|
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
|
|||
|
|
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
|
|||
|
|
{% if rewrite_target %}
|
|||
|
|
nginx.ingress.kubernetes.io/rewrite-target: {{ rewrite_target }}
|
|||
|
|
{% endif %}
|
|||
|
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
|||
|
|
{% if identity_pass_through %}
|
|||
|
|
proxy_set_header Authorization $http_authorization;
|
|||
|
|
proxy_pass_header Authorization;
|
|||
|
|
{% endif %}
|
|||
|
|
proxy_pass_header Content-Type;
|
|||
|
|
{% if oidc %}
|
|||
|
|
nginx.ingress.kubernetes.io/auth-response-headers:
|
|||
|
|
x-auth-request-user, x-auth-request-groups, x-auth-request-email, x-auth-request-preferred-username, authorization
|
|||
|
|
nginx.ingress.kubernetes.io/auth-url: {{ oidc.auth_url }} # "https://$host/multi-auth/proxy/oauth2/auth"
|
|||
|
|
nginx.ingress.kubernetes.io/auth-signin: {{ oidc.auth_signin }} # "https://$host/multi-auth/proxy/oauth2/start?rd=$escaped_request_uri"
|
|||
|
|
nginx.ingress.kubernetes.io/satisfy: "any"
|
|||
|
|
{% endif %}
|
|||
|
|
{% if cors %}
|
|||
|
|
nginx.ingress.kubernetes.io/enable-cors: "true"
|
|||
|
|
{% if cors.allow_methods %}
|
|||
|
|
nginx.ingress.kubernetes.io/cors-allow-methods: {{ cors.allow_methods }}
|
|||
|
|
{% endif %}
|
|||
|
|
{% if cors.allow_headers %}
|
|||
|
|
nginx.ingress.kubernetes.io/cors-allow-headers: {{ cors.allow_headers }}
|
|||
|
|
{% endif %}
|
|||
|
|
{% if cors.expose_headers %}
|
|||
|
|
nginx.ingress.kubernetes.io/cors-expose-headers: {{ cors.expose_headers }}
|
|||
|
|
{% endif %}
|
|||
|
|
{% if cors.allow_origin %}
|
|||
|
|
nginx.ingress.kubernetes.io/cors-allow-origin: {{ cors.allow_origin }}
|
|||
|
|
{% endif %}
|
|||
|
|
{% if cors.max_age %}
|
|||
|
|
nginx.ingress.kubernetes.io/cors-max-age: "{{ cors.max_age }}"
|
|||
|
|
{% endif %}
|
|||
|
|
{% endif %}
|
|||
|
|
spec:
|
|||
|
|
ingressClassName: nginx
|
|||
|
|
tls:
|
|||
|
|
- hosts:
|
|||
|
|
- {{ domain }}
|
|||
|
|
rules:
|
|||
|
|
- host: {{ domain }}
|
|||
|
|
http:
|
|||
|
|
paths:
|
|||
|
|
{% for path in paths %}
|
|||
|
|
- path: {{ path }}
|
|||
|
|
pathType: ImplementationSpecific
|
|||
|
|
backend:
|
|||
|
|
service:
|
|||
|
|
name: {{ service_name }}
|
|||
|
|
port:
|
|||
|
|
number: {{ service_port }}
|
|||
|
|
{% endfor %}
|