helm: make hosts customizable in TLS section of ingress specification

audrium · Mar 1, 2023 · 35f42c5 · 35f42c5
1 parent d34edd6
commit 35f42c5
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 4 deletions.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -9,6 +9,7 @@ Version 0.9.1 (UNRELEASED)
     - Adds new configuration option ``interactive_sessions.cronjob_schedule`` to set how often interactive session cleanup should be performed.
     - Adds support for Kubernetes clusters 1.26.
     - Adds new configuration option ``ingress.extra`` to define extra Ingress resources, in order to support redirecting HTTP requests to HTTPS with traefik v2 version.
+    - Adds new configuration option ``ingress.tls.hosts`` to define hosts that are present in the TLS certificate, in order to support cert-manager's automatic creation of certificates.
 
 Version 0.9.0 (2023-01-26)
 --------------------------

diff --git a/helm/reana/README.md b/helm/reana/README.md
@@ -64,6 +64,7 @@ This Helm automatically prefixes all names using the release name to avoid colli
 | `ingress.annotations.traefik.ingress.kubernetes.io/router.entrypoints` | Entrypoints allowed by the ingress controller                          | "web,websecure"                                 |
 | `ingress.enabled`                                        | Create an ingress resource to access the REANA instance from outside the cluster     | true                                            |
 | `ingress.extra`                                          | An array of extra ingress resources. They can be configured in the same way as the default ingress, with the addition of `ingress.extra[].name`. | [] |
+| `ingress.tls.hosts`                                      | List of hosts included in the TLS certificate, needed by cert-manager                | []                                              |
 | `ingress.tls.secret_name`                                | Name of the Kubernetes secret containing the TLS certificate to be used              | None                                            |
 | `ingress.tls.self_signed_cert`                           | Enable the generation of a self-signed TLS certificate                               | true                                            |
 | `kubernetes_jobs_memory_limit`                           | Maximum default memory limit for user job containers. Exceeding this limit will terminate the container. Please see the following URL for possible values https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-memory. | 4Gi |

diff --git a/helm/reana/templates/ingress.yaml b/helm/reana/templates/ingress.yaml
@@ -18,13 +18,20 @@ spec:
   {{- if and .self_signed_cert .secret_name }}
     {{- fail "Cannot set `.tls.secret_name` and `.tls.self_signed_cert` at the same time" }}
   {{- end }}
-  {{- if .self_signed_cert }}
+  {{- if or .self_signed_cert .secret_name}}
   tls:
+    {{- if .self_signed_cert }}
     - secretName: {{ include "reana.prefix" $ }}-tls-secret
-  {{- end }}
-  {{- if .secret_name }}
-  tls:
+    {{- end }}
+    {{- if .secret_name }}
     - secretName: {{ .secret_name | quote }}
+    {{- end }}
+      {{- if .hosts }}
+      hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      {{- end }}
   {{- end }}
   {{- end }}
   rules:

diff --git a/helm/reana/values.yaml b/helm/reana/values.yaml
@@ -127,6 +127,7 @@ ingress:
     traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
   tls:
     self_signed_cert: true
+    hosts: []
   extra: []
 
 # Permissions