diff --git a/deployment/helm-templates/templates/wri-prod-ingress-fe-internal-admin.yaml b/deployment/helm-templates/templates/wri-prod-ingress-fe-internal-admin.yaml new file mode 100644 index 000000000..a04d6788f --- /dev/null +++ b/deployment/helm-templates/templates/wri-prod-ingress-fe-internal-admin.yaml @@ -0,0 +1,49 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: cert-manager + kubernetes.io/ingress.class: nginx + meta.helm.sh/release-name: dx-helm-wri-prod-release + meta.helm.sh/release-namespace: wri-odp-prod + nginx.ingress.kubernetes.io/configuration-snippet: | + more_set_headers "server: hide"; + more_set_headers "X-Content-Type-Options: nosniff"; + more_set_headers "X-Xss-Protection: 1"; + more_set_headers "Referrer-Policy: origin"; + more_set_headers "Expect-CT: max-age=86400, enforce, report-uri='[reportURL]'"; + more_set_headers "X-Permitted-Cross-Domain-Policies: none"; + nginx.ingress.kubernetes.io/limit-connections: "50" + nginx.ingress.kubernetes.io/limit-rps: "50" + nginx.ingress.kubernetes.io/proxy-body-size: 1000M + nginx.ingress.kubernetes.io/proxy-connect-timeout: "60" + nginx.ingress.kubernetes.io/proxy-read-timeout: "60" + nginx.ingress.kubernetes.io/rewrite-target: /$1 + nginx.ingress.kubernetes.io/use-regex: "true" + labels: + app.kubernetes.io/managed-by: Helm + name: wri-prod-ingress-fe-internal-admin + namespace: wri-odp-prod +spec: + rules: + - host: datasets.wri.org + http: + paths: + - backend: + service: + name: wri-prod-ckan-svc + port: + number: 80 + path: /private-admin/(.*) + pathType: ImplementationSpecific + - backend: + service: + name: wri-prod-ckan-svc + port: + number: 80 + path: /private-admin + pathType: ImplementationSpecific + tls: + - hosts: + - datasets.wri.org + secretName: datasets.wri.org diff --git a/deployment/helm-templates/templates/wri-prod-ingress-fe-internal-api.yaml b/deployment/helm-templates/templates/wri-prod-ingress-fe-internal-api.yaml new file mode 100644 index 000000000..6e9c2adb4 --- /dev/null +++ b/deployment/helm-templates/templates/wri-prod-ingress-fe-internal-api.yaml @@ -0,0 +1,52 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: cert-manager + kubernetes.io/ingress.class: nginx + meta.helm.sh/release-name: dx-helm-wri-prod-release + meta.helm.sh/release-namespace: wri-odp-prod + nginx.ingress.kubernetes.io/configuration-snippet: | + more_set_headers "server: hide"; + more_set_headers "X-Content-Type-Options: nosniff"; + more_set_headers "X-Xss-Protection: 1"; + more_set_headers "Referrer-Policy: origin"; + more_set_headers "Expect-CT: max-age=86400, enforce, report-uri='[reportURL]'"; + more_set_headers "X-Permitted-Cross-Domain-Policies: none"; + nginx.ingress.kubernetes.io/limit-connections: "50" + nginx.ingress.kubernetes.io/limit-rps: "50" + nginx.ingress.kubernetes.io/proxy-body-size: 1000M + nginx.ingress.kubernetes.io/proxy-connect-timeout: "60" + nginx.ingress.kubernetes.io/proxy-read-timeout: "60" + nginx.ingress.kubernetes.io/rewrite-target: /api/action/$1 + nginx.ingress.kubernetes.io/use-regex: "true" + labels: + app.kubernetes.io/managed-by: Helm + name: wri-prod-ingress-fe-internal-api + namespace: wri-odp-prod +spec: + rules: + - host: datasets.wri.org + http: + paths: + - backend: + service: + name: wri-prod-ckan-svc + port: + number: 80 + path: /api/action/(.*) + pathType: ImplementationSpecific + - host: datasets.wri.org + http: + paths: + - backend: + service: + name: wri-prod-ckan-svc + port: + number: 80 + path: /api/3/action/(.*) + pathType: ImplementationSpecific + tls: + - hosts: + - datasets.wri.org + secretName: datasets.wri.org