appmanager: behind auth-proxy (#119)
closes #117
diff --git a/charts/appmanager/templates/install.yaml b/charts/appmanager/templates/install.yaml
index e8231d5..c8d6b04 100644
--- a/charts/appmanager/templates/install.yaml
+++ b/charts/appmanager/templates/install.yaml
@@ -41,41 +41,11 @@
selector:
app: appmanager
ports:
- - name: http
+ - name: {{ .Values.portName }}
port: 80
targetPort: http
protocol: TCP
---
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: ingress
- namespace: {{ .Release.Namespace }}
- {{- if .Values.ingress.certificateIssuer }}
- annotations:
- acme.cert-manager.io/http01-edit-in-place: "true"
- cert-manager.io/cluster-issuer: {{ .Values.ingress.certificateIssuer}}
- {{- end }}
-spec:
- ingressClassName: {{ .Values.ingress.className }}
- {{- if .Values.ingress.certificateIssuer }}
- tls:
- - hosts:
- - {{ .Values.ingress.domain }}
- secretName: cert-appmanager
- {{- end }}
- rules:
- - host: {{ .Values.ingress.domain }}
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: appmanager
- port:
- name: http
----
apiVersion: apps/v1
kind: Deployment
metadata:
diff --git a/charts/appmanager/values.yaml b/charts/appmanager/values.yaml
index 8f3ee5a..b1a2a5d 100644
--- a/charts/appmanager/values.yaml
+++ b/charts/appmanager/values.yaml
@@ -10,3 +10,4 @@
certificateIssuer: example-private
clusterRoleName: example-welcome
appRepoAddr: ""
+portName: http
diff --git a/core/installer/tasks/infra.go b/core/installer/tasks/infra.go
index 6fbd55d..0216f84 100644
--- a/core/installer/tasks/infra.go
+++ b/core/installer/tasks/infra.go
@@ -348,6 +348,7 @@
if err := st.appManager.Install(app, st.nsGen, st.emptySuffixGen, map[string]any{
"repoAddr": st.ssClient.GetRepoAddress("config"),
"sshPrivateKey": string(keys.RawPrivateKey()),
+ "authGroups": strings.Join(initGroups, ","),
}); err != nil {
return err
}
diff --git a/core/installer/values-tmpl/appmanager.cue b/core/installer/values-tmpl/appmanager.cue
index fc405a6..ba2ad56 100644
--- a/core/installer/values-tmpl/appmanager.cue
+++ b/core/installer/values-tmpl/appmanager.cue
@@ -5,12 +5,29 @@
input: {
repoAddr: string
sshPrivateKey: string
+ authGroups: string
}
name: "app-manager"
namespace: "appmanager"
-images: {
+_subdomain: "apps"
+_httpPortName: "http"
+
+_ingressWithAuthProxy: _IngressWithAuthProxy & {
+ inp: {
+ auth: {
+ enabled: true
+ groups: input.authGroups
+ }
+ network: networks.private
+ subdomain: _subdomain
+ serviceName: "appmanager"
+ port: name: _httpPortName
+ }
+}
+
+images: _ingressWithAuthProxy.out.images & {
appmanager: {
repository: "giolekva"
name: "pcloud-installer"
@@ -19,7 +36,7 @@
}
}
-charts: {
+charts: _ingressWithAuthProxy.out.charts & {
appmanager: {
chart: "charts/appmanager"
sourceRef: {
@@ -30,18 +47,19 @@
}
}
-helm: {
+helm: _ingressWithAuthProxy.out.helm & {
appmanager: {
chart: charts.appmanager
values: {
repoAddr: input.repoAddr
sshPrivateKey: base64.Encode(null, input.sshPrivateKey)
ingress: {
- className: _ingressPrivate
- domain: "apps.\(global.privateDomain)"
+ className: networks.private.ingressClass
+ domain: "\(_subdomain).\(networks.private.domain)"
certificateIssuer: ""
}
clusterRoleName: "\(global.id)-appmanager"
+ portName: _httpPortName
image: {
repository: images.appmanager.fullName
tag: images.appmanager.tag