# ============================================================
# Система: Единая библиотека, Центр ИИ НИУ ВШЭ
# Модуль: Управления базовыми объектами Kubernetes
# Авторы: Полежаев В.А., Хританков А.С.
# Дата создания: 2024 г.
# ============================================================
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: {{ name }}
  namespace: {{ namespace }}
  annotations:
    {% if basic %}
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: {{ basic.secret_name }}
    {% endif %}
    nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - {{ auth_realm }}"
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
    {% if rewrite_target %}
    nginx.ingress.kubernetes.io/rewrite-target: {{ rewrite_target }}
    {% endif %}
    nginx.ingress.kubernetes.io/configuration-snippet: |
      {% if identity_pass_through %}
      proxy_set_header  Authorization $http_authorization;
      proxy_pass_header Authorization;
      {% endif %}
      proxy_pass_header Content-Type;
    {% if oidc %}
    nginx.ingress.kubernetes.io/auth-response-headers:
      x-auth-request-user, x-auth-request-groups, x-auth-request-email, x-auth-request-preferred-username, authorization
    nginx.ingress.kubernetes.io/auth-url: {{ oidc.auth_url }} # "https://$host/multi-auth/proxy/oauth2/auth"
    nginx.ingress.kubernetes.io/auth-signin: {{ oidc.auth_signin }} # "https://$host/multi-auth/proxy/oauth2/start?rd=$escaped_request_uri"
    nginx.ingress.kubernetes.io/satisfy: "any"
    {% endif %}
    {% if cors %}
    nginx.ingress.kubernetes.io/enable-cors: "true"
    {% if cors.allow_methods %}
    nginx.ingress.kubernetes.io/cors-allow-methods: {{ cors.allow_methods }}
    {% endif %}
    {% if cors.allow_headers %}
    nginx.ingress.kubernetes.io/cors-allow-headers: {{ cors.allow_headers }}
    {% endif %}
    {% if cors.expose_headers %}
    nginx.ingress.kubernetes.io/cors-expose-headers: {{ cors.expose_headers }}
    {% endif %}
    {% if cors.allow_origin %}
    nginx.ingress.kubernetes.io/cors-allow-origin: {{ cors.allow_origin }}
    {% endif %}
    {% if cors.max_age %}
    nginx.ingress.kubernetes.io/cors-max-age: "{{ cors.max_age }}"
    {% endif %}
    {% endif %}
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - {{ domain }}
  rules:
  - host: {{ domain }}
    http:
      paths:
      {% for path in paths %}
      - path: {{ path }}
        pathType: ImplementationSpecific
        backend:
          service:
            name: {{ service_name }}
            port:
              number: {{ service_port }}
      {% endfor %}