73 lines
2.9 KiB
YAML
73 lines
2.9 KiB
YAML
# ============================================================
|
||
# Система: Единая библиотека, Центр ИИ НИУ ВШЭ
|
||
# Модуль: Управления базовыми объектами Kubernetes
|
||
# Авторы: Полежаев В.А., Хританков А.С.
|
||
# Дата создания: 2024 г.
|
||
# ============================================================
|
||
apiVersion: networking.k8s.io/v1
|
||
kind: Ingress
|
||
metadata:
|
||
name: {{ name }}
|
||
namespace: {{ namespace }}
|
||
annotations:
|
||
{% if basic %}
|
||
nginx.ingress.kubernetes.io/auth-type: basic
|
||
nginx.ingress.kubernetes.io/auth-secret: {{ basic.secret_name }}
|
||
{% endif %}
|
||
nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - {{ auth_realm }}"
|
||
nginx.ingress.kubernetes.io/use-regex: "true"
|
||
nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
|
||
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
|
||
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
|
||
{% if rewrite_target %}
|
||
nginx.ingress.kubernetes.io/rewrite-target: {{ rewrite_target }}
|
||
{% endif %}
|
||
nginx.ingress.kubernetes.io/configuration-snippet: |
|
||
{% if identity_pass_through %}
|
||
proxy_set_header Authorization $http_authorization;
|
||
proxy_pass_header Authorization;
|
||
{% endif %}
|
||
proxy_pass_header Content-Type;
|
||
{% if oidc %}
|
||
nginx.ingress.kubernetes.io/auth-response-headers:
|
||
x-auth-request-user, x-auth-request-groups, x-auth-request-email, x-auth-request-preferred-username, authorization
|
||
nginx.ingress.kubernetes.io/auth-url: {{ oidc.auth_url }} # "https://$host/multi-auth/proxy/oauth2/auth"
|
||
nginx.ingress.kubernetes.io/auth-signin: {{ oidc.auth_signin }} # "https://$host/multi-auth/proxy/oauth2/start?rd=$escaped_request_uri"
|
||
nginx.ingress.kubernetes.io/satisfy: "any"
|
||
{% endif %}
|
||
{% if cors %}
|
||
nginx.ingress.kubernetes.io/enable-cors: "true"
|
||
{% if cors.allow_methods %}
|
||
nginx.ingress.kubernetes.io/cors-allow-methods: {{ cors.allow_methods }}
|
||
{% endif %}
|
||
{% if cors.allow_headers %}
|
||
nginx.ingress.kubernetes.io/cors-allow-headers: {{ cors.allow_headers }}
|
||
{% endif %}
|
||
{% if cors.expose_headers %}
|
||
nginx.ingress.kubernetes.io/cors-expose-headers: {{ cors.expose_headers }}
|
||
{% endif %}
|
||
{% if cors.allow_origin %}
|
||
nginx.ingress.kubernetes.io/cors-allow-origin: {{ cors.allow_origin }}
|
||
{% endif %}
|
||
{% if cors.max_age %}
|
||
nginx.ingress.kubernetes.io/cors-max-age: "{{ cors.max_age }}"
|
||
{% endif %}
|
||
{% endif %}
|
||
spec:
|
||
ingressClassName: nginx
|
||
tls:
|
||
- hosts:
|
||
- {{ domain }}
|
||
rules:
|
||
- host: {{ domain }}
|
||
http:
|
||
paths:
|
||
{% for path in paths %}
|
||
- path: {{ path }}
|
||
pathType: ImplementationSpecific
|
||
backend:
|
||
service:
|
||
name: {{ service_name }}
|
||
port:
|
||
number: {{ service_port }}
|
||
{% endfor %}
|