diff --git a/operator/charts/patroni-services/templates/powa-ui/powa-backend-tls-policy.yaml b/operator/charts/patroni-services/templates/powa-ui/powa-backend-tls-policy.yaml new file mode 100644 index 00000000..4648c065 --- /dev/null +++ b/operator/charts/patroni-services/templates/powa-ui/powa-backend-tls-policy.yaml @@ -0,0 +1,18 @@ +{{ if and (.Capabilities.APIVersions.Has "gateway.networking.k8s.io/v1") (eq .Values.PAAS_PLATFORM "KUBERNETES") -}} +{{ if and .Values.powaUI.install .Values.tls.enabled }} +apiVersion: gateway.networking.k8s.io/v1 +kind: BackendTLSPolicy +metadata: + name: powa-ui-backend-tls-policy +spec: + targetRefs: + - group: "" + kind: Service + name: powa-ui + validation: + hostname: {{ .Values.powaUI.ingress.host | quote }} + caCertificateRefs: + - kind: Secret + name: {{ include "postgres.certServicesSecret" . }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/operator/charts/patroni-services/templates/powa-ui/powa-gateway-deployment.yaml b/operator/charts/patroni-services/templates/powa-ui/powa-gateway-deployment.yaml new file mode 100644 index 00000000..aa0ce467 --- /dev/null +++ b/operator/charts/patroni-services/templates/powa-ui/powa-gateway-deployment.yaml @@ -0,0 +1,22 @@ +{{- if and (.Capabilities.APIVersions.Has "gateway.networking.k8s.io/v1") (eq .Values.PAAS_PLATFORM "KUBERNETES") -}} +{{ if .Values.powaUI.install }} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: powa-ui-httproute +spec: + parentRefs: + - name: {{ .Values.powaUI.ingress.gatewayName | default "default-external-gateway" }} + namespace: {{ .Values.powaUI.ingress.envoyNamespace | default "envoy-gateway" }} # Note that this "main" route targets port 443 (HTTPS) specifically + port: 443 + hostnames: [{{ .Values.powaUI.ingress.host | quote }}] + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: powa-ui + port: 8080 +{{- end }} +{{- end }} \ No newline at end of file diff --git a/operator/charts/patroni-services/templates/powa-ui/powa-http-route.yaml b/operator/charts/patroni-services/templates/powa-ui/powa-http-route.yaml new file mode 100644 index 00000000..27ff3ea4 --- /dev/null +++ b/operator/charts/patroni-services/templates/powa-ui/powa-http-route.yaml @@ -0,0 +1,20 @@ +{{- if and (.Capabilities.APIVersions.Has "gateway.networking.k8s.io/v1") (eq .Values.PAAS_PLATFORM "KUBERNETES") -}} +{{ if and .Values.powaUI.install .Values.tls.enabled }} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: powa-ui-frontend-redirect +spec: + parentRefs: + - name: {{ .Values.powaUI.ingress.gatewayName | default "default-external-gateway" }} + namespace: {{ .Values.powaUI.ingress.envoyNamespace | default "envoy-gateway" }} + port: 80 + hostnames: [{{ .Values.powaUI.ingress.host | quote }}] + rules: + - filters: + - type: RequestRedirect + requestRedirect: + scheme: https + statusCode: 301 +{{- end }} +{{- end }} \ No newline at end of file diff --git a/operator/charts/patroni-services/templates/powa-ingress-deployment.yaml b/operator/charts/patroni-services/templates/powa-ui/powa-ingress-deployment.yaml similarity index 94% rename from operator/charts/patroni-services/templates/powa-ingress-deployment.yaml rename to operator/charts/patroni-services/templates/powa-ui/powa-ingress-deployment.yaml index a726a0ff..86a6cfbf 100644 --- a/operator/charts/patroni-services/templates/powa-ingress-deployment.yaml +++ b/operator/charts/patroni-services/templates/powa-ui/powa-ingress-deployment.yaml @@ -13,6 +13,7 @@ metadata: nginx.ingress.kubernetes.io/proxy-ssl-name: '{{ printf "powa-ui.%s" .Release.Namespace }}' nginx.ingress.kubernetes.io/proxy-ssl-secret: '{{ printf "%s/%s" .Release.Namespace (include "postgres.certServicesSecret" .) }}' {{- end }} + gateway-api-converter.netcracker.com/ignore: "true" name: powa-ui-ingress spec: {{- if .Values.tls.enabled }}