From ffa0d91392f4243426a31f160ecdc9eb79e998c0 Mon Sep 17 00:00:00 2001 From: Polina Sizintseva Date: Mon, 1 Jun 2026 17:26:46 +0300 Subject: [PATCH 1/2] helm: update ingress tls --- .helm/templates/20-ingress-tuf-router.yaml | 18 ++++++---- .helm/templates/20-ingress.yaml | 39 ++++------------------ .helm/values.yaml | 1 + 3 files changed, 19 insertions(+), 39 deletions(-) diff --git a/.helm/templates/20-ingress-tuf-router.yaml b/.helm/templates/20-ingress-tuf-router.yaml index ab9297a98..b54cf3eee 100644 --- a/.helm/templates/20-ingress-tuf-router.yaml +++ b/.helm/templates/20-ingress-tuf-router.yaml @@ -4,30 +4,35 @@ {{- end }} {{- $targetCluster := include "targetCluster" . }} {{- $ruHost := pluck .Values.werf.env .Values.ruHost | first | default (printf "ru.%s" $host) }} +{{- $wwwHost := printf "www.%s" $host }} +{{- $ingressSecretName := pluck .Values.werf.env .Values.ingressSecretName | first | default .Values.ingressSecretName._default }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: tuf-router +{{- if eq .Values.werf.env "production" }} + annotations: + nginx.ingress.kubernetes.io/from-to-www-redirect: "true" +{{- else }} annotations: {} +{{- end }} spec: ingressClassName: {{ include "ingressClassName" . }} tls: - hosts: + - {{ $host }} {{- if eq .Values.werf.env "production" }} + - {{ $wwwHost }} {{- if eq $targetCluster "ru" }} - {{ $ruHost }} -{{- else }} - - {{ $host }} {{- end }} - secretName: tls-{{ $host }} + secretName: {{ $ingressSecretName }} {{- else }} - - {{ $host }} - ru-{{ $host }} - secretName: {{ pluck .Values.werf.env .Values.ingressSecretName | first | default .Values.ingressSecretName._default }} + secretName: {{ $ingressSecretName }} {{- end }} rules: -{{- if or (ne .Values.werf.env "production") (eq $targetCluster "eu") }} - host: {{ $host }} http: paths: @@ -45,7 +50,6 @@ spec: name: tuf-router port: name: http -{{- end }} {{- if eq .Values.werf.env "production" }} {{- if eq $targetCluster "ru" }} - host: {{ $ruHost }} diff --git a/.helm/templates/20-ingress.yaml b/.helm/templates/20-ingress.yaml index 3ad374134..fa68fbe88 100644 --- a/.helm/templates/20-ingress.yaml +++ b/.helm/templates/20-ingress.yaml @@ -5,6 +5,7 @@ {{- $targetCluster := include "targetCluster" . }} {{- $ruHost := pluck .Values.werf.env .Values.ruHost | first | default (printf "ru.%s" $host) }} {{- $wwwHost := printf "www.%s" $host }} +{{- $ingressSecretName := pluck .Values.werf.env .Values.ingressSecretName | first | default .Values.ingressSecretName._default }} {{- if eq .Values.werf.env "production" }} --- apiVersion: networking.k8s.io/v1 @@ -22,15 +23,13 @@ spec: ingressClassName: {{ include "ingressClassName" . }} tls: - hosts: -{{- if eq $targetCluster "ru" }} - - {{ $ruHost }} -{{- else }} - {{ $host }} - {{ $wwwHost }} +{{- if eq $targetCluster "ru" }} + - {{ $ruHost }} {{- end }} - secretName: tls-{{ $host }} + secretName: {{ $ingressSecretName }} rules: -{{- if eq $targetCluster "eu" }} - host: {{ $host }} http: paths: @@ -41,7 +40,7 @@ spec: name: backend port: name: http -{{- else }} +{{- if eq $targetCluster "ru" }} - host: {{ $ruHost }} http: paths: @@ -73,7 +72,7 @@ spec: tls: - hosts: - {{ $host }} - secretName: {{ pluck .Values.werf.env .Values.ingressSecretName | first | default .Values.ingressSecretName._default }} + secretName: {{ $ingressSecretName }} rules: - host: {{ $host }} http: @@ -104,7 +103,7 @@ spec: tls: - hosts: - ru-{{ $host }} - secretName: {{ pluck .Values.werf.env .Values.ingressSecretName | first | default .Values.ingressSecretName._default }} + secretName: {{ $ingressSecretName }} rules: - host: ru-{{ $host }} http: @@ -118,27 +117,3 @@ spec: name: http {{- end }} -{{- if eq .Values.werf.env "production" }} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ .Chart.Name }}-cert -spec: - secretName: tls-{{ $host }} - issuerRef: - kind: ClusterIssuer - name: {{ include "certificateIssuerName" . }} -{{- if eq $targetCluster "ru" }} - commonName: {{ $ruHost }} -{{- else }} - commonName: {{ $host }} -{{- end }} - dnsNames: -{{- if eq $targetCluster "ru" }} - - {{ $ruHost }} -{{- else }} - - {{ $host }} - - {{ $wwwHost }} -{{- end }} -{{- end }} diff --git a/.helm/values.yaml b/.helm/values.yaml index d5eb4fed9..dbe883658 100644 --- a/.helm/values.yaml +++ b/.helm/values.yaml @@ -40,6 +40,7 @@ ingressSecretName: _default: wildcard-dev-flant-dev test: wildcard-test-flant-dev stage: wildcard-stage-flant-dev + production: tls-werf-io resources: requests: From e89abf58fb53b8ecb4d23153f726dd6785c1b7d6 Mon Sep 17 00:00:00 2001 From: Polina Sizintseva Date: Tue, 2 Jun 2026 14:52:51 +0300 Subject: [PATCH 2/2] chore: resolve remarks Signed-off-by: Polina Sizintseva --- .helm/templates/20-ingress-tuf-router.yaml | 12 ------------ .helm/templates/20-ingress.yaml | 5 ----- .helm/values.yaml | 3 --- 3 files changed, 20 deletions(-) diff --git a/.helm/templates/20-ingress-tuf-router.yaml b/.helm/templates/20-ingress-tuf-router.yaml index b54cf3eee..89caeb1fa 100644 --- a/.helm/templates/20-ingress-tuf-router.yaml +++ b/.helm/templates/20-ingress-tuf-router.yaml @@ -2,31 +2,21 @@ {{- if hasPrefix "review" .Values.werf.env }} {{- $host = ( printf "%s.%s" .Values.werf.env (pluck "dev" .Values.host | first | default .Values.host._default ) | lower ) }} {{- end }} -{{- $targetCluster := include "targetCluster" . }} {{- $ruHost := pluck .Values.werf.env .Values.ruHost | first | default (printf "ru.%s" $host) }} -{{- $wwwHost := printf "www.%s" $host }} {{- $ingressSecretName := pluck .Values.werf.env .Values.ingressSecretName | first | default .Values.ingressSecretName._default }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: tuf-router -{{- if eq .Values.werf.env "production" }} - annotations: - nginx.ingress.kubernetes.io/from-to-www-redirect: "true" -{{- else }} annotations: {} -{{- end }} spec: ingressClassName: {{ include "ingressClassName" . }} tls: - hosts: - {{ $host }} {{- if eq .Values.werf.env "production" }} - - {{ $wwwHost }} -{{- if eq $targetCluster "ru" }} - {{ $ruHost }} -{{- end }} secretName: {{ $ingressSecretName }} {{- else }} - ru-{{ $host }} @@ -51,7 +41,6 @@ spec: port: name: http {{- if eq .Values.werf.env "production" }} -{{- if eq $targetCluster "ru" }} - host: {{ $ruHost }} http: paths: @@ -69,7 +58,6 @@ spec: name: tuf-router port: name: http -{{- end }} {{- else }} - host: ru-{{ $host }} http: diff --git a/.helm/templates/20-ingress.yaml b/.helm/templates/20-ingress.yaml index fa68fbe88..e78dd441f 100644 --- a/.helm/templates/20-ingress.yaml +++ b/.helm/templates/20-ingress.yaml @@ -2,7 +2,6 @@ {{- if hasPrefix "review" .Values.werf.env }} {{- $host = ( printf "%s.%s" .Values.werf.env (pluck "dev" .Values.host | first | default .Values.host._default ) | lower ) }} {{- end }} -{{- $targetCluster := include "targetCluster" . }} {{- $ruHost := pluck .Values.werf.env .Values.ruHost | first | default (printf "ru.%s" $host) }} {{- $wwwHost := printf "www.%s" $host }} {{- $ingressSecretName := pluck .Values.werf.env .Values.ingressSecretName | first | default .Values.ingressSecretName._default }} @@ -25,9 +24,7 @@ spec: - hosts: - {{ $host }} - {{ $wwwHost }} -{{- if eq $targetCluster "ru" }} - {{ $ruHost }} -{{- end }} secretName: {{ $ingressSecretName }} rules: - host: {{ $host }} @@ -40,7 +37,6 @@ spec: name: backend port: name: http -{{- if eq $targetCluster "ru" }} - host: {{ $ruHost }} http: paths: @@ -51,7 +47,6 @@ spec: name: backend port: name: http -{{- end }} {{- else }} --- apiVersion: networking.k8s.io/v1 diff --git a/.helm/values.yaml b/.helm/values.yaml index dbe883658..9de31e0a5 100644 --- a/.helm/values.yaml +++ b/.helm/values.yaml @@ -32,9 +32,6 @@ ingressClassName: _default: "nginx" production: "standalone-geo" -certificateIssuerName: - _default: letsencrypt - production: letsencrypt-standalone-geo ingressSecretName: _default: wildcard-dev-flant-dev