projects / arvados-k8s.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Revert "Switch to phusion/passenger-ruby25 for the base of the rails-runtime image."
[arvados-k8s.git] / charts / arvados / templates / keep-proxy-https.yaml
1 # Copyright (C) The Arvados Authors. All rights reserved.
2 #
3 # SPDX-License-Identifier: Apache-2.0
4
5 ---
6 apiVersion: apps/v1
7 kind: Deployment
8 metadata:
9   name: arvados-keep-proxy-https
10   labels:
11     app: arvados-keep-proxy-https
12     chart: {{ template "arvados.chart" . }}
13     release: {{ .Release.Name }}
14     heritage: {{ .Release.Service }}
15 spec:
16   selector:
17     matchLabels:
18       app: arvados-keep-proxy-https
19       release: {{ .Release.Name }}
20   template:
21     metadata:
22       labels:
23         app: arvados-keep-proxy-https
24         release: {{ .Release.Name }}
25     spec:
26       containers:
27         - name: {{ .Chart.Name }}
28           image: "nginx:1.10"
29           imagePullPolicy: {{ .Values.image.pullPolicy }}
30           volumeMounts:
31             - name: nginx-configmap
32               mountPath: /etc/nginx/conf.d/default.conf
33               subPath: nginx.conf
34             - name: ssl-configmap
35               mountPath: /etc/nginx/ssl.crt
36               subPath: cert
37             - name: ssl-configmap
38               mountPath: /etc/nginx/ssl.key
39               subPath: key
40       volumes:
41         - name: ssl-configmap
42           configMap:
43             name: ssl-configmap
44         - name: nginx-configmap
45           configMap:
46             name: arvados-keep-proxy-https-configmap
47 ---
48 apiVersion: v1
49 kind: ConfigMap
50 metadata:
51   name: arvados-keep-proxy-https-configmap
52   labels:
53     app: {{ template "arvados.name" . }}
54     chart: {{ template "arvados.chart" . }}
55     release: {{ .Release.Name }}
56     heritage: {{ .Release.Service }}
57 data:
58   nginx.conf: |
59     upstream httpContainer {
60       server                arvados-keep-proxy:25107;
61     }
62     
63     server {
64       listen                0.0.0.0:25107 ssl;
65       server_name           arvados-keep-proxy-https;
66     
67       ssl                   on;
68       ssl_certificate       /etc/nginx/ssl.crt;
69       ssl_certificate_key   /etc/nginx/ssl.key;
70     
71       # Clients need to be able to upload blocks of data up to 64MiB in size.
72       client_body_buffer_size 64M;
73       client_max_body_size  64m;
74     
75       # Redirect plain HTTP requests to HTTPS.
76       error_page 497 301 =307 https://$host:$server_port$request_uri;
77     
78       location / {
79         proxy_pass            http://httpContainer;
80         proxy_connect_timeout 90s;
81         proxy_read_timeout    300s;
82         proxy_redirect        off;
83         proxy_set_header      X-Forwarded-Proto https;
84         proxy_set_header      Host $host:$server_port;
85         proxy_set_header      X-Real-IP $remote_addr;
86         proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
87       }
88     }
89 ---
90 apiVersion: v1
91 kind: Service
92 metadata:
93   name: arvados-keep-proxy-https
94   labels:
95     app: {{ template "arvados.name" . }}
96     chart: {{ template "arvados.chart" . }}
97     release: {{ .Release.Name }}
98     heritage: {{ .Release.Service }}
99 spec:
100   type: LoadBalancer
101   loadBalancerIP: {{ required "A valid externalIP is required!" .Values.externalIP }}
102   ports:
103   - name: https
104     port: 25107
105     targetPort: 25107
106     protocol: TCP
107   selector:
108     app: arvados-keep-proxy-https