feat: allow multiple ingress hostnames (#74)

* allow multiple ingress hostnames * fix: make default for ingress.additionalHostnames blank array * fix: update default values to shrink diff on PR to upstream * fix: increment chart version to expose feature add * docs: provide example of ingress.additionalHostnames in README
guerzon · Feb 18, 2024 · 5ca9c62 · 5ca9c62
1 parent 2fc77ef
commit 5ca9c62
Show file tree

Hide file tree

Showing 5 changed files with 47 additions and 4 deletions.
diff --git a/charts/vaultwarden/Chart.yaml b/charts/vaultwarden/Chart.yaml
@@ -13,5 +13,5 @@ maintainers:
   - name: guerzon
     email: [email protected]
     url: https://github.com/guerzon
-version: 0.22.0
+version: 0.22.1
 kubeVersion: ">=1.12.0-0"
diff --git a/charts/vaultwarden/README.md b/charts/vaultwarden/README.md
@@ -118,6 +118,19 @@ ingress:
   allowList: "10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16"
 ```
 
+If you intend on making your ingress available via multiple hostnames, you can invoke the `ingress.additionalHostnames` as follows:
+
+```yaml
+ingress:
+  enabled: true
+  class: "nginx"
+  tlsSecret: vw-contoso-com-crt
+  hostname: vaultwarden.contoso.com
+  additionalHostnames:
+    - vw.contoso.com
+  allowList: "10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16"
+```
+
 ### AWS LB Controller
 
 When using AWS, the [AWS Load Balancer controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/deploy/installation/) can be used together with [ACM](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/ingress/cert_discovery/).
@@ -414,7 +427,7 @@ helm -n $NAMESPACE uninstall $RELEASE_NAME
 | `smtp.acceptInvalidCerts`         | Accept Invalid Certificates                                                                                                                         | `false`    |
 | `smtp.debug`                      | SMTP debugging                                                                                                                                      | `false`    |
 
-### Exposure settings 
+### Exposure settings
 
 | Name                              | Description                                                                    | Value                |
 | --------------------------------- | ------------------------------------------------------------------------------ | -------------------- |
@@ -435,6 +448,7 @@ helm -n $NAMESPACE uninstall $RELEASE_NAME
 | `ingress.labels`                  | Additional labels for the ingress resource.                                    | `{}`                 |
 | `ingress.tls`                     | Enable TLS on the ingress resource.                                            | `true`               |
 | `ingress.hostname`                | Hostname for the ingress.                                                      | `warden.contoso.com` |
+| `ingress.additionalHostnames`     | Additional hostnames for the ingress.                                          | `[]`                 |
 | `ingress.path`                    | Default application path for the ingress                                       | `/`                  |
 | `ingress.pathWs`                  | Path for the websocket ingress                                                 | `/notifications/hub` |
 | `ingress.pathType`                | Path type for the ingress                                                      | `Prefix`             |

diff --git a/charts/vaultwarden/templates/ingress.yaml b/charts/vaultwarden/templates/ingress.yaml
@@ -1,4 +1,6 @@
 {{- $ingress := .Values.ingress -}}
+{{- $websocket := .Values.websocket -}}
+{{- $fullname := .Release.fullname -}}
 {{- if $ingress.enabled }}
 {{- $newAPIversion := .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
 {{- if $newAPIversion }}
@@ -49,9 +51,33 @@ spec:
   tls:
     - hosts:
         - {{ $ingress.hostname | quote }}
+        {{- range $ingress.additionalHostnames }}
+        - {{ . | quote }}
+        {{- end }}
       secretName: {{ $ingress.tlsSecret }}
   {{- end }}
   rules:
+    {{- range $ingress.additionalHostnames }}
+    - host: {{ . | quote }}
+      http:
+        paths:
+        - path: {{ $ingress.path }}
+          pathType: {{ $ingress.pathType }}
+          backend:
+            service:
+              name: {{ include "vaultwarden.fullname" $ }}
+              port:
+                name: "http"
+        {{- if $websocket.enabled }}
+        - path: {{ $ingress.pathWs }}
+          pathType: {{ $ingress.pathTypeWs }}
+          backend:
+            service:
+              name: {{ include "vaultwarden.fullname" $ }}
+              port:
+                name: "websocket"
+        {{- end }}
+    {{- end }}
     - host: {{ $ingress.hostname | quote }}
       http:
         paths:
@@ -62,7 +88,7 @@ spec:
               name: {{ include "vaultwarden.fullname" . }}
               port:
                 name: "http"
-        {{- if .Values.websocket.enabled }}
+        {{- if $websocket.enabled }}
         - path: {{ $ingress.pathWs }}
           pathType: {{ $ingress.pathTypeWs }}
           backend:

diff --git a/charts/vaultwarden/values.yaml b/charts/vaultwarden/values.yaml
@@ -643,6 +643,9 @@ ingress:
   ## @param ingress.hostname Hostname for the ingress.
   ##
   hostname: "warden.contoso.com"
+  ## @param ingress.additionalHostnames Additional hostnames for the ingress.
+  ##
+  additionalHostnames: []
   ## @param ingress.path Default application path for the ingress
   ##
   path: "/"

diff --git a/generate-readme.sh b/generate-readme.sh
@@ -7,4 +7,4 @@ fi
 docker build -t readme-gen readme-generator-for-helm/
 
 # Run the tool and mount the current project directory.
-docker run --rm -v $(pwd):/mnt -w /mnt readme-gen readme-generator -v charts/vaultwarden/values.yaml -r charts/vaultwarden/README.md 
+docker run --rm --privileged -v $(pwd):/mnt -w /mnt readme-gen readme-generator -v charts/vaultwarden/values.yaml -r charts/vaultwarden/README.md