From 5ca9c62754f7558b827e25de7555d1df54088838 Mon Sep 17 00:00:00 2001 From: Nicholas Santiago Date: Sun, 18 Feb 2024 06:24:31 -0500 Subject: [PATCH] feat: allow multiple ingress hostnames (#74) * allow multiple ingress hostnames * fix: make default for ingress.additionalHostnames blank array * fix: update default values to shrink diff on PR to upstream * fix: increment chart version to expose feature add * docs: provide example of ingress.additionalHostnames in README --- charts/vaultwarden/Chart.yaml | 2 +- charts/vaultwarden/README.md | 16 ++++++++++++- charts/vaultwarden/templates/ingress.yaml | 28 ++++++++++++++++++++++- charts/vaultwarden/values.yaml | 3 +++ generate-readme.sh | 2 +- 5 files changed, 47 insertions(+), 4 deletions(-) diff --git a/charts/vaultwarden/Chart.yaml b/charts/vaultwarden/Chart.yaml index 91b189b..68b1d1b 100644 --- a/charts/vaultwarden/Chart.yaml +++ b/charts/vaultwarden/Chart.yaml @@ -13,5 +13,5 @@ maintainers: - name: guerzon email: guerzon@proton.me url: https://github.com/guerzon -version: 0.22.0 +version: 0.22.1 kubeVersion: ">=1.12.0-0" diff --git a/charts/vaultwarden/README.md b/charts/vaultwarden/README.md index 6ccda90..cdd369f 100644 --- a/charts/vaultwarden/README.md +++ b/charts/vaultwarden/README.md @@ -118,6 +118,19 @@ ingress: allowList: "10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16" ``` +If you intend on making your ingress available via multiple hostnames, you can invoke the `ingress.additionalHostnames` as follows: + +```yaml +ingress: + enabled: true + class: "nginx" + tlsSecret: vw-contoso-com-crt + hostname: vaultwarden.contoso.com + additionalHostnames: + - vw.contoso.com + allowList: "10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16" +``` + ### AWS LB Controller When using AWS, the [AWS Load Balancer controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/deploy/installation/) can be used together with [ACM](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/ingress/cert_discovery/). @@ -414,7 +427,7 @@ helm -n $NAMESPACE uninstall $RELEASE_NAME | `smtp.acceptInvalidCerts` | Accept Invalid Certificates | `false` | | `smtp.debug` | SMTP debugging | `false` | -### Exposure settings +### Exposure settings | Name | Description | Value | | --------------------------------- | ------------------------------------------------------------------------------ | -------------------- | @@ -435,6 +448,7 @@ helm -n $NAMESPACE uninstall $RELEASE_NAME | `ingress.labels` | Additional labels for the ingress resource. | `{}` | | `ingress.tls` | Enable TLS on the ingress resource. | `true` | | `ingress.hostname` | Hostname for the ingress. | `warden.contoso.com` | +| `ingress.additionalHostnames` | Additional hostnames for the ingress. | `[]` | | `ingress.path` | Default application path for the ingress | `/` | | `ingress.pathWs` | Path for the websocket ingress | `/notifications/hub` | | `ingress.pathType` | Path type for the ingress | `Prefix` | diff --git a/charts/vaultwarden/templates/ingress.yaml b/charts/vaultwarden/templates/ingress.yaml index 973641a..9325790 100644 --- a/charts/vaultwarden/templates/ingress.yaml +++ b/charts/vaultwarden/templates/ingress.yaml @@ -1,4 +1,6 @@ {{- $ingress := .Values.ingress -}} +{{- $websocket := .Values.websocket -}} +{{- $fullname := .Release.fullname -}} {{- if $ingress.enabled }} {{- $newAPIversion := .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} {{- if $newAPIversion }} @@ -49,9 +51,33 @@ spec: tls: - hosts: - {{ $ingress.hostname | quote }} + {{- range $ingress.additionalHostnames }} + - {{ . | quote }} + {{- end }} secretName: {{ $ingress.tlsSecret }} {{- end }} rules: + {{- range $ingress.additionalHostnames }} + - host: {{ . | quote }} + http: + paths: + - path: {{ $ingress.path }} + pathType: {{ $ingress.pathType }} + backend: + service: + name: {{ include "vaultwarden.fullname" $ }} + port: + name: "http" + {{- if $websocket.enabled }} + - path: {{ $ingress.pathWs }} + pathType: {{ $ingress.pathTypeWs }} + backend: + service: + name: {{ include "vaultwarden.fullname" $ }} + port: + name: "websocket" + {{- end }} + {{- end }} - host: {{ $ingress.hostname | quote }} http: paths: @@ -62,7 +88,7 @@ spec: name: {{ include "vaultwarden.fullname" . }} port: name: "http" - {{- if .Values.websocket.enabled }} + {{- if $websocket.enabled }} - path: {{ $ingress.pathWs }} pathType: {{ $ingress.pathTypeWs }} backend: diff --git a/charts/vaultwarden/values.yaml b/charts/vaultwarden/values.yaml index aab5f2a..2f8f19e 100644 --- a/charts/vaultwarden/values.yaml +++ b/charts/vaultwarden/values.yaml @@ -643,6 +643,9 @@ ingress: ## @param ingress.hostname Hostname for the ingress. ## hostname: "warden.contoso.com" + ## @param ingress.additionalHostnames Additional hostnames for the ingress. + ## + additionalHostnames: [] ## @param ingress.path Default application path for the ingress ## path: "/" diff --git a/generate-readme.sh b/generate-readme.sh index 486f3c3..b1cca53 100755 --- a/generate-readme.sh +++ b/generate-readme.sh @@ -7,4 +7,4 @@ fi docker build -t readme-gen readme-generator-for-helm/ # Run the tool and mount the current project directory. -docker run --rm -v $(pwd):/mnt -w /mnt readme-gen readme-generator -v charts/vaultwarden/values.yaml -r charts/vaultwarden/README.md +docker run --rm --privileged -v $(pwd):/mnt -w /mnt readme-gen readme-generator -v charts/vaultwarden/values.yaml -r charts/vaultwarden/README.md