arvados/templates/keep-proxy-https.yaml

   1 # Copyright (C) The Arvados Authors. All rights reserved.
   2 #
   3 # SPDX-License-Identifier: Apache-2.0
   4
   5 ---
   6 apiVersion: apps/v1beta2
   7 kind: Deployment
   8 metadata:
   9   name: arvados-keep-proxy-https
  10   labels:
  11     app: arvados-keep-proxy-https
  12     chart: {{ template "arvados.chart" . }}
  13     release: {{ .Release.Name }}
  14     heritage: {{ .Release.Service }}
  15 spec:
  16   replicas: 1
  17   selector:
  18     matchLabels:
  19       app: arvados-keep-proxy-https
  20       release: {{ .Release.Name }}
  21   template:
  22     metadata:
  23       labels:
  24         app: arvados-keep-proxy-https
  25         release: {{ .Release.Name }}
  26     spec:
  27       containers:
  28         - name: {{ .Chart.Name }}
  29           image: "nginx:1.10"
  30           imagePullPolicy: {{ .Values.image.pullPolicy }}
  31           volumeMounts:
  32             - name: nginx-configmap
  33               mountPath: /etc/nginx/conf.d/default.conf
  34               subPath: nginx.conf
  35             - name: ssl-configmap
  36               mountPath: /etc/nginx/ssl.crt
  37               subPath: cert
  38             - name: ssl-configmap
  39               mountPath: /etc/nginx/ssl.key
  40               subPath: key
  41       volumes:
  42         - name: ssl-configmap
  43           configMap:
  44             name: ssl-configmap
  45         - name: nginx-configmap
  46           configMap:
  47             name: arvados-keep-proxy-https-configmap
  48 ---
  49 apiVersion: v1
  50 kind: ConfigMap
  51 metadata:
  52   name: arvados-keep-proxy-https-configmap
  53   labels:
  54     app: {{ template "arvados.name" . }}
  55     chart: {{ template "arvados.chart" . }}
  56     release: {{ .Release.Name }}
  57     heritage: {{ .Release.Service }}
  58 data:
  59   nginx.conf: |
  60     upstream httpContainer {
  61       server                arvados-keep-proxy:25107;
  62     }
  63
  64     server {
  65       listen                0.0.0.0:25107 ssl;
  66       server_name           arvados-keep-proxy-https;
  67
  68       proxy_connect_timeout 90s;
  69       proxy_read_timeout    300s;
  70       proxy_set_header      X-Real-IP $remote_addr;
  71
  72       ssl                   on;
  73       ssl_certificate       /etc/nginx/ssl.crt;
  74       ssl_certificate_key   /etc/nginx/ssl.key;
  75
  76       # Clients need to be able to upload blocks of data up to 64MiB in size.
  77       client_max_body_size  64m;
  78
  79       # Redirect plain HTTP requests to HTTPS.
  80       error_page 497 301 =307 https://$host:$server_port$request_uri;
  81
  82       location / {
  83         proxy_pass          http://httpContainer;
  84         proxy_set_header    Upgrade         $http_upgrade;
  85         proxy_set_header    Connection      "upgrade";
  86         proxy_set_header    Host            $host:$server_port;
  87         proxy_set_header    X-Forwarded-For $remote_addr;
  88       }
  89     }
  90 ---
  91 apiVersion: v1
  92 kind: Service
  93 metadata:
  94   name: arvados-keep-proxy-https
  95   labels:
  96     app: {{ template "arvados.name" . }}
  97     chart: {{ template "arvados.chart" . }}
  98     release: {{ .Release.Name }}
  99     heritage: {{ .Release.Service }}
 100 spec:
 101   type: LoadBalancer
 102   loadBalancerIP: "8.8.8.8"
 103   ports:
 104   - name: https
 105     port: 25107
 106     targetPort: 25107
 107     protocol: TCP
 108   selector:
 109     app: arvados-keep-proxy-https