nds-org · bodom0015 · Mar 12, 2021 · Feb 6, 2021 · Feb 6, 2021 · Feb 6, 2021
diff --git a/templates/config.yaml b/templates/config.yaml
@@ -11,7 +11,6 @@ data:
   workbench.ingress.tls.enable: "true"
   workbench.ingress.tls.cluster_issuer: "{{ default "" .Values.certmgr.cluster_issuer }}"
   workbench.ingress.tls.issuer: "{{ default "" .Values.certmgr.issuer }}"
-  workbench.ingress.tls.namespace: "{{ default "" .Values.certmgr.namespace }}"
 
   # Customize this instance of Workbench
   workbench.subdomain_prefix: "{{ .Values.workbench.subdomain_prefix }}"

diff --git a/templates/ingress.yaml b/templates/ingress.yaml
@@ -6,20 +6,28 @@ metadata:
   namespace: {{ .Release.Namespace }}
   annotations:
     kubernetes.io/ingress.class: "nginx"
-{{ if .Values.workbench.subdomain_prefix }}    nginx.ingress.kubernetes.io/auth-url: "https://{{ .Values.workbench.subdomain_prefix }}.{{ .Values.workbench.domain }}/cauth/auth"
-    nginx.ingress.kubernetes.io/auth-signin: "https://{{ .Values.workbench.subdomain_prefix }}.{{ .Values.workbench.domain }}/login/"
-{{ else }}    nginx.ingress.kubernetes.io/auth-url: "https://{{ .Values.workbench.domain }}/cauth/auth"
-    nginx.ingress.kubernetes.io/auth-signin: "https://{{ .Values.workbench.domain }}/login/"{{ end }}
+{{ if .Values.oauth.enabled | default false }}
+    nginx.ingress.kubernetes.io/auth-url: "{{ .Values.oauth.auth_url | default "https://$host/cauth/auth" }}"
+    nginx.ingress.kubernetes.io/auth-signin: "{{ .Values.oauth.signin_url | default "https://$host/login/" }}"
+    nginx.ingress.kubernetes.io/auth-response-headers: "{{ .Values.oauth.auth_response_headers | default "x-auth-request-user, x-auth-request-email" }}"
+{{ else }}
+    nginx.ingress.kubernetes.io/auth-url: "https://$host/cauth/auth"
+    nginx.ingress.kubernetes.io/auth-signin: "https://$host/login/"
+{{ end }}
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
     nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
   tls:
   - hosts:
     - {{ .Values.workbench.domain }}
     - '*.{{ .Values.workbench.domain }}'
-    secretName: {{ .Values.tls.secretName }}-auth
+    secretName: {{ .Values.tls.secretName }}
   rules:
-{{ if .Values.workbench.subdomain_prefix }}  - host: {{ .Values.workbench.subdomain_prefix }}.{{ .Values.workbench.domain }}{{ else }}  - host: {{ .Values.workbench.domain }}{{ end }}
+{{ if .Values.workbench.subdomain_prefix }}
+  - host: {{ .Values.workbench.subdomain_prefix }}.{{ .Values.workbench.domain }}
+{{ else }}
+  - host: {{ .Values.workbench.domain }}
+{{ end }}
     http:
       paths:
       - path: /logs
@@ -44,81 +52,73 @@ metadata:
   namespace: {{ .Release.Namespace }}
   annotations:
     kubernetes.io/ingress.class: "nginx"
+    nginx.ingress.kubernetes.io/app-root: "/landing/"
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
     nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
   tls:
   - hosts:
     - {{ .Values.workbench.domain }}
     - '*.{{ .Values.workbench.domain }}'
+    secretName: {{ .Values.tls.secretName }}
   rules:
-{{ if .Values.workbench.subdomain_prefix }}  - host: {{ .Values.workbench.subdomain_prefix }}.{{ .Values.workbench.domain }}{{ else }}  - host: {{ .Values.workbench.domain }}{{ end }}
+{{ if .Values.workbench.subdomain_prefix }}
+  - host: {{ .Values.workbench.subdomain_prefix }}.{{ .Values.workbench.domain }}
+{{ else }}
+  - host: {{ .Values.workbench.domain }}
+{{ end }}
     http:
       paths:
-      - path: /api
+      - path: /api/
         pathType: Prefix
         backend:
           service:
             name: {{ .Release.Name }}
             port: 
               number: 30001
-      - path: /login
-        pathType: Prefix
-        backend:
-          service:
-            name: {{ .Release.Name }}
-            port: 
-              number: 80
-      - path: /landing
-        pathType: Prefix
-        backend:
-          service:
-            name: {{ .Release.Name }}
-            port: 
-              number: 80
-      - path: /cauth
+      - path: /login/
         pathType: Prefix
         backend:
           service:
             name: {{ .Release.Name }}
             port: 
               number: 80
-      - path: /shared
+      - path: /landing/
         pathType: Prefix
         backend:
           service:
             name: {{ .Release.Name }}
             port: 
               number: 80
-      - path: /bower_components
+      - path: /cauth/
         pathType: Prefix
         backend:
           service:
             name: {{ .Release.Name }}
             port: 
               number: 80
-      - path: /node_modules
+      - path: /shared/
         pathType: Prefix
         backend:
           service:
             name: {{ .Release.Name }}
             port: 
               number: 80
-      - path: /asset
+      - path: /node_modules/
         pathType: Prefix
         backend:
           service:
             name: {{ .Release.Name }}
             port: 
               number: 80
-      - path: /swagger.yaml
+      - path: /asset/
         pathType: Prefix
         backend:
           service:
             name: {{ .Release.Name }}
             port: 
               number: 80
-      - path: /ConfigModule.js
+      - path: /
         pathType: Prefix
         backend:
           service:
@@ -131,15 +131,27 @@ kind: Ingress
 metadata:
   annotations:
     kubernetes.io/ingress.class: "nginx"
-{{ if .Values.certmgr.cluster_issuer }}    cert-manager.io/cluster-issuer: "{{ .Values.certmgr.cluster_issuer }}"{{ else if .Values.certmgr.issuer }}    cert-manager.io/issuer: "{{ .Values.certmgr.issuer }}"{{ end }}
+{{ if .Values.certmgr.cluster_issuer }}
+    cert-manager.io/cluster-issuer: "{{ .Values.certmgr.cluster_issuer }}"
+{{ else if .Values.certmgr.issuer }}
+    cert-manager.io/issuer: "{{ .Values.certmgr.issuer }}"
+{{ end }}
     nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
-{{ if .Values.workbench.subdomain_prefix }}    nginx.ingress.kubernetes.io/permanent-redirect: "https://{{ .Values.workbench.subdomain_prefix }}.{{ .Values.workbench.domain }}/landing/"{{ else }}    nginx.ingress.kubernetes.io/permanent-redirect: "https://{{ .Values.workbench.domain }}/landing/"{{ end }}
+{{ if .Values.workbench.subdomain_prefix }}
+    nginx.ingress.kubernetes.io/permanent-redirect: "https://{{ .Values.workbench.subdomain_prefix }}.{{ .Values.workbench.domain }}/landing/"
+{{ else }}
+    nginx.ingress.kubernetes.io/permanent-redirect: "https://{{ .Values.workbench.domain }}/landing/"
+{{ end }}
   name: {{ .Release.Name }}-root
   namespace: {{ .Release.Namespace }}
 spec:
   rules:
-{{ if .Values.workbench.subdomain_prefix }}  - host: {{ .Values.workbench.subdomain_prefix }}.{{ .Values.workbench.domain }}{{ else }}  - host: {{ .Values.workbench.domain }}{{ end }}
+{{ if .Values.workbench.subdomain_prefix }}
+  - host: {{ .Values.workbench.subdomain_prefix }}.{{ .Values.workbench.domain }}
+{{ else }}
+  - host: {{ .Values.workbench.domain }}
+{{ end }}
     http:
       paths:
       - backend:

diff --git a/values.yaml b/values.yaml
@@ -45,16 +45,15 @@ workbench:
   timeout: 30
   inactivity_timeout: 480
 
-# FIXME: This has not been tested
 oauth:
   enabled: false
-  signin_url: ""
-  auth_url: ""
+  signin_url: "https://$host/login/"
+  auth_url: "https://$host/cauth/auth"
+  auth_response_headers: "x-auth-request-user, x-auth-request-email" # , x-auth-request-access-token, x-auth-request-redirect, x-auth-request-preferred-username"
 
 certmgr:
   cluster_issuer: "acmedns-issuer"
   issuer: ""
-  namespace: ""
 
 rbac:
   enabled: true