charts/arvados/templates/ws-https.yaml

   1 # Copyright (C) The Arvados Authors. All rights reserved.
   2 #
   3 # SPDX-License-Identifier: Apache-2.0
   4
   5 ---
   6 apiVersion: apps/v1
   7 kind: Deployment
   8 metadata:
   9   name: arvados-ws-https
  10   labels:
  11     app: arvados-ws-https
  12     chart: {{ template "arvados.chart" . }}
  13     release: {{ .Release.Name }}
  14     heritage: {{ .Release.Service }}
  15 spec:
  16   selector:
  17     matchLabels:
  18       app: arvados-ws-https
  19       release: {{ .Release.Name }}
  20   template:
  21     metadata:
  22       labels:
  23         app: arvados-ws-https
  24         release: {{ .Release.Name }}
  25     spec:
  26       containers:
  27         - name: {{ .Chart.Name }}
  28           image: "nginx:1.10"
  29           imagePullPolicy: {{ .Values.image.pullPolicy }}
  30           volumeMounts:
  31             - name: nginx-configmap
  32               mountPath: /etc/nginx/conf.d/default.conf
  33               subPath: nginx.conf
  34             - name: ssl-configmap
  35               mountPath: /etc/nginx/ssl.crt
  36               subPath: cert
  37             - name: ssl-configmap
  38               mountPath: /etc/nginx/ssl.key
  39               subPath: key
  40       volumes:
  41         - name: ssl-configmap
  42           configMap:
  43             name: ssl-configmap
  44         - name: nginx-configmap
  45           configMap:
  46             name: arvados-ws-https-configmap
  47 ---
  48 apiVersion: v1
  49 kind: ConfigMap
  50 metadata:
  51   name: arvados-ws-https-configmap
  52   labels:
  53     app: {{ template "arvados.name" . }}
  54     chart: {{ template "arvados.chart" . }}
  55     release: {{ .Release.Name }}
  56     heritage: {{ .Release.Service }}
  57 data:
  58   nginx.conf: |
  59     upstream httpContainer {
  60       server                arvados-ws:9003;
  61     }
  62
  63     server {
  64       listen                0.0.0.0:9003 ssl;
  65       server_name           arvados-ws-https;
  66
  67       proxy_connect_timeout 90s;
  68       proxy_read_timeout    300s;
  69       proxy_set_header      X-Real-IP $remote_addr;
  70
  71       ssl                   on;
  72       ssl_certificate       /etc/nginx/ssl.crt;
  73       ssl_certificate_key   /etc/nginx/ssl.key;
  74
  75       # Clients need to be able to upload blocks of data up to 64MiB in size.
  76       client_max_body_size  64m;
  77
  78       # Redirect plain HTTP requests to HTTPS.
  79       error_page 497 301 =307 https://$host:$server_port$request_uri;
  80
  81       location / {
  82         proxy_pass          http://httpContainer;
  83         proxy_set_header    Upgrade         $http_upgrade;
  84         proxy_set_header    Connection      "upgrade";
  85         proxy_set_header    Host            $host:$server_port;
  86         proxy_set_header    X-Forwarded-For $remote_addr;
  87       }
  88     }
  89 ---
  90 apiVersion: v1
  91 kind: Service
  92 metadata:
  93   name: arvados-ws-https
  94   labels:
  95     app: {{ template "arvados.name" . }}
  96     chart: {{ template "arvados.chart" . }}
  97     release: {{ .Release.Name }}
  98     heritage: {{ .Release.Service }}
  99 spec:
 100   type: LoadBalancer
 101   loadBalancerIP: {{ required "A valid externalIP is required!" .Values.externalIP }}
 102   ports:
 103   - name: https
 104     port: 9003
 105     targetPort: 9003
 106     protocol: TCP
 107   selector:
 108     app: arvados-ws-https