From 620871a595694816eeb1a29a2bd4aba897f54d1f Mon Sep 17 00:00:00 2001
From: Andrei Kvapil <kvapss@gmail.com>
Date: Fri, 11 Oct 2024 11:09:59 +0200
Subject: [PATCH] Add TLS to bucket ui (#419)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **New Features**
- Enhanced ingress configuration with conditional logic for ingress
class.
- Added TLS settings for improved security, including a dynamically
constructed host name.

- **Bug Fixes**
- Default value for issuer type set to "http01" to prevent
misconfigurations.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---
 packages/system/bucket/templates/ingress.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/packages/system/bucket/templates/ingress.yaml b/packages/system/bucket/templates/ingress.yaml
index 759ce397..50494922 100644
--- a/packages/system/bucket/templates/ingress.yaml
+++ b/packages/system/bucket/templates/ingress.yaml
@@ -1,6 +1,7 @@
 {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
 {{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
 {{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
+{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
 
 apiVersion: networking.k8s.io/v1
 kind: Ingress
@@ -13,8 +14,16 @@ metadata:
     nginx.ingress.kubernetes.io/proxy-body-size: "0"
     nginx.ingress.kubernetes.io/proxy-read-timeout: "99999"
     nginx.ingress.kubernetes.io/proxy-send-timeout: "99999"
+    {{- if ne $issuerType "cloudflare" }}
+    acme.cert-manager.io/http01-ingress-class: {{ $ingress }}
+    {{- end }}
+    cert-manager.io/cluster-issuer: letsencrypt-prod
 spec:
   ingressClassName: {{ $ingress }}
+  tls:
+    - hosts:
+        - "{{ .Values.bucketName }}.{{ $host }}"
+      secretName: {{ .Values.bucketName }}-ui-tls
   rules:
   - host: {{ .Values.bucketName }}.{{ $host }}
     http: