Support for GCP GCE LB with Google managed certificates

jouve · May 12, 2024 · 328c0f3 · 328c0f3
1 parent a2ef882
commit 328c0f3
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 2 deletions.
diff --git a/charts/mailpit/templates/gcp_managed_certificate.yaml b/charts/mailpit/templates/gcp_managed_certificate.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.ingress.gce.gcp_managed_certificate.enabled }}
+apiVersion: networking.gke.io/v1
+kind: ManagedCertificate
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+spec:
+  domains:
+    - {{ .Values.ingress.gce.gcp_managed_certificate.domain }}
+{{- end }}
diff --git a/charts/mailpit/templates/ingress.yaml b/charts/mailpit/templates/ingress.yaml
@@ -5,8 +5,19 @@ metadata:
   name: {{ template "common.names.fullname" . }}
   namespace: {{ include "common.names.namespace" . | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  annotations:
+  {{- if .Values.ingress.gce.enabled }}
+    kubernetes.io/ingress.class: gce
+    kubernetes.io/ingress.allow-http: "true"
+    kubernetes.io/ssl-redirect: "true"
+    {{- if .Values.ingress.gce.gcp_managed_certificate.enabled }}
+    networking.gke.io/managed-certificates: {{ template "common.names.fullname" . }}
+    {{- end }}
+  {{- else }}
+    kubernetes.io/ingress.class: nginx
+  {{- end }}
   {{- with include "common.tplvalues.merge" ( dict "values" (list .Values.ingress.annotations .Values.commonAnnotations) "context" . ) | fromYaml }}
-  annotations: {{- . | toYaml | nindent 4 }}
+    {{- . | toYaml | nindent 4 }}
   {{- end }}
 spec:
   {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}

diff --git a/charts/mailpit/values.yaml b/charts/mailpit/values.yaml
@@ -263,6 +263,14 @@ ingress:
   ## @param ingress.enabled Enable ingress record generation for %%MAIN_CONTAINER_NAME%%
   ##
   enabled: false
+  ## Enable google managed ingress/loadbalancer
+  gce:
+    enabled: false
+    ## Enable google managed ssl certificate
+    gcp_managed_certificate:
+      enabled: false
+      ## Domain name for the managed certificate
+      domain: hostname.local
   ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
   ## Use this parameter to set the required annotations for cert-manager, see
   ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
@@ -286,7 +294,7 @@ ingress:
   path: /
   ## @param ingress.pathType Ingress path type
   ##
-  pathType: ImplementationSpecific
+  pathType: Prefix
   ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
   ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
   ## extraHosts: