+++ /dev/null
-# Copyright (C) The Arvados Authors. All rights reserved.
-#
-# SPDX-License-Identifier: Apache-2.0
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: arvados-keep-proxy-https
- labels:
- app: arvados-keep-proxy-https
- chart: {{ template "arvados.chart" . }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: arvados-keep-proxy-https
- release: {{ .Release.Name }}
- template:
- metadata:
- labels:
- app: arvados-keep-proxy-https
- release: {{ .Release.Name }}
- spec:
- containers:
- - name: {{ .Chart.Name }}
- image: "nginx:1.10"
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- volumeMounts:
- - name: nginx-configmap
- mountPath: /etc/nginx/conf.d/default.conf
- subPath: nginx.conf
- - name: ssl-configmap
- mountPath: /etc/nginx/ssl.crt
- subPath: cert
- - name: ssl-configmap
- mountPath: /etc/nginx/ssl.key
- subPath: key
- volumes:
- - name: ssl-configmap
- configMap:
- name: ssl-configmap
- - name: nginx-configmap
- configMap:
- name: arvados-keep-proxy-https-configmap
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: arvados-keep-proxy-https-configmap
- labels:
- app: {{ template "arvados.name" . }}
- chart: {{ template "arvados.chart" . }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-data:
- nginx.conf: |
- upstream httpContainer {
- server arvados-keep-proxy:25107;
- }
-
- server {
- listen 0.0.0.0:25107 ssl;
- server_name arvados-keep-proxy-https;
-
- ssl on;
- ssl_certificate /etc/nginx/ssl.crt;
- ssl_certificate_key /etc/nginx/ssl.key;
-
- # Clients need to be able to upload blocks of data up to 64MiB in size.
- client_body_buffer_size 64M;
- client_max_body_size 64m;
-
- # Redirect plain HTTP requests to HTTPS.
- error_page 497 301 =307 https://$host:$server_port$request_uri;
-
- location / {
- proxy_pass http://httpContainer;
- proxy_connect_timeout 90s;
- proxy_read_timeout 300s;
- proxy_redirect off;
- proxy_set_header X-Forwarded-Proto https;
- proxy_set_header Host $host:$server_port;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- }
----
-apiVersion: v1
-kind: Service
-metadata:
- name: arvados-keep-proxy-https
- labels:
- app: {{ template "arvados.name" . }}
- chart: {{ template "arvados.chart" . }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-spec:
- type: LoadBalancer
- loadBalancerIP: {{ required "A valid externalIP is required!" .Values.externalIP }}
- ports:
- - name: https
- port: 25107
- targetPort: 25107
- protocol: TCP
- selector:
- app: arvados-keep-proxy-https