Skip to content

Commit

Permalink
Add dashboard option
Browse files Browse the repository at this point in the history
Signed-off-by: Andrei Kvapil <[email protected]>
  • Loading branch information
kvaps committed Jul 22, 2024
1 parent ceefae0 commit e12bf9a
Show file tree
Hide file tree
Showing 5 changed files with 51 additions and 0 deletions.
12 changes: 12 additions & 0 deletions packages/apps/tenant/templates/networkpolicy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,18 @@ spec:
---
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-to-dashboard
namespace: {{ include "tenant.name" . }}
spec:
endpointSelector: {}
egress:
- toEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: cozy-dashboard
---
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-to-ingress
namespace: {{ include "tenant.name" . }}
Expand Down
2 changes: 2 additions & 0 deletions packages/extra/ingress/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,5 @@
| `externalIPs` | List of externalIPs for service. | `[]` |
| `whitelist` | List of client networks | `[]` |
| `clouflareProxy` | Restoring original visitor IPs when Cloudflare proxied is enabled | `false` |
| `dashboard` | Should ingress serve Cozystack service dashboard | `false` |

29 changes: 29 additions & 0 deletions packages/extra/ingress/templates/dashboard.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
{{- if .Values.dashboard }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
acme.cert-manager.io/http01-ingress-class: tenant-root
name: dashboard-{{ .Release.Namespace }}
namespace: cozy-dashboard
spec:
ingressClassName: {{ .Release.Namespace }}
rules:
- host: dashboard.{{ $host }}
http:
paths:
- backend:
service:
name: dashboard
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- dashboard.{{ $host }}
secretName: dashboard-{{ .Release.Namespace }}-tls
{{- end }}
5 changes: 5 additions & 0 deletions packages/extra/ingress/values.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,11 @@
"type": "boolean",
"description": "Restoring original visitor IPs when Cloudflare proxied is enabled",
"default": false
},
"dashboard": {
"type": "boolean",
"description": "Should ingress serve Cozystack service dashboard",
"default": false
}
}
}
3 changes: 3 additions & 0 deletions packages/extra/ingress/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,6 @@ whitelist: []

## @param clouflareProxy Restoring original visitor IPs when Cloudflare proxied is enabled
clouflareProxy: false

## @param dashboard Should ingress serve Cozystack service dashboard
dashboard: false

0 comments on commit e12bf9a

Please sign in to comment.