appmanager: behind auth-proxy (#119)
closes #117
diff --git a/core/installer/tasks/infra.go b/core/installer/tasks/infra.go
index 6fbd55d..0216f84 100644
--- a/core/installer/tasks/infra.go
+++ b/core/installer/tasks/infra.go
@@ -348,6 +348,7 @@
if err := st.appManager.Install(app, st.nsGen, st.emptySuffixGen, map[string]any{
"repoAddr": st.ssClient.GetRepoAddress("config"),
"sshPrivateKey": string(keys.RawPrivateKey()),
+ "authGroups": strings.Join(initGroups, ","),
}); err != nil {
return err
}
diff --git a/core/installer/values-tmpl/appmanager.cue b/core/installer/values-tmpl/appmanager.cue
index fc405a6..ba2ad56 100644
--- a/core/installer/values-tmpl/appmanager.cue
+++ b/core/installer/values-tmpl/appmanager.cue
@@ -5,12 +5,29 @@
input: {
repoAddr: string
sshPrivateKey: string
+ authGroups: string
}
name: "app-manager"
namespace: "appmanager"
-images: {
+_subdomain: "apps"
+_httpPortName: "http"
+
+_ingressWithAuthProxy: _IngressWithAuthProxy & {
+ inp: {
+ auth: {
+ enabled: true
+ groups: input.authGroups
+ }
+ network: networks.private
+ subdomain: _subdomain
+ serviceName: "appmanager"
+ port: name: _httpPortName
+ }
+}
+
+images: _ingressWithAuthProxy.out.images & {
appmanager: {
repository: "giolekva"
name: "pcloud-installer"
@@ -19,7 +36,7 @@
}
}
-charts: {
+charts: _ingressWithAuthProxy.out.charts & {
appmanager: {
chart: "charts/appmanager"
sourceRef: {
@@ -30,18 +47,19 @@
}
}
-helm: {
+helm: _ingressWithAuthProxy.out.helm & {
appmanager: {
chart: charts.appmanager
values: {
repoAddr: input.repoAddr
sshPrivateKey: base64.Encode(null, input.sshPrivateKey)
ingress: {
- className: _ingressPrivate
- domain: "apps.\(global.privateDomain)"
+ className: networks.private.ingressClass
+ domain: "\(_subdomain).\(networks.private.domain)"
certificateIssuer: ""
}
clusterRoleName: "\(global.id)-appmanager"
+ portName: _httpPortName
image: {
repository: images.appmanager.fullName
tag: images.appmanager.tag