tutor/tutor/templates/k8s/ingress.yml

---{% set hosts = [LMS_HOST, "preview." + LMS_HOST, CMS_HOST] %}
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: web
  labels:
    app.kubernetes.io/name: web
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/proxy-body-size: 1000m
    {% if ACTIVATE_HTTPS%}kubernetes.io/tls-acme: "true"
    cert-manager.io/issuer: letsencrypt{% endif %}
spec:
  rules:
  {% for host in hosts %}
  - host: {{ host }}
    http:
      paths:
      - backend:
          serviceName: nginx
          servicePort: {% if ACTIVATE_HTTPS %}443{% else %}80{% endif %}{% endfor %}
  {{ patch("k8s-ingress-rules")|indent(2) }}
  {% if ACTIVATE_HTTPS %}
  tls:
  - hosts:
      {% for host in hosts %}
      - {{ host }}{% endfor %}
      {{ patch("k8s-ingress-tls-hosts")|indent(6) }}
    # TODO maybe we should not take care of generating certificates ourselves
    # and here just point to a tls secret
    secretName: letsencrypt
  {%endif%}
{% if ACTIVATE_HTTPS %}
---
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
  name: letsencrypt
  labels:
    app.kubernetes.io/name: letsencrypt
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: {{ CONTACT_EMAIL }}
    privateKeySecretRef:
      name: letsencrypt-privatekey
    solvers:
      - selector: {}
        http01:
          ingress:
            class: nginx
{% endif %}