Add option to enable dashboard in ingress-nginx (#229)

Add option to enable dashboard in ingress Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
2026-01-27 18:18:41 +00:00 · 2024-07-22 23:35:16 +02:00
parent ceefae03e9
commit bad59ec444
5 changed files with 51 additions and 0 deletions
--- a/packages/apps/tenant/templates/networkpolicy.yaml
+++ b/packages/apps/tenant/templates/networkpolicy.yaml
@@ -112,6 +112,18 @@ spec:
 ---
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
+metadata:
+  name: allow-to-dashboard
+  namespace: {{ include "tenant.name" . }}
+spec:
+  endpointSelector: {}
+  egress:
+  - toEndpoints:
+      - matchLabels:
+          io.kubernetes.pod.namespace: cozy-dashboard
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
 metadata:
  name: allow-to-ingress
  namespace: {{ include "tenant.name" . }}
--- a/packages/extra/ingress/README.md
+++ b/packages/extra/ingress/README.md
@@ -10,3 +10,5 @@
 | `externalIPs`    | List of externalIPs for service.                                  | `[]`    |
 | `whitelist`      | List of client networks                                           | `[]`    |
 | `clouflareProxy` | Restoring original visitor IPs when Cloudflare proxied is enabled | `false` |
+| `dashboard`      | Should ingress serve Cozystack service dashboard                  | `false` |
+
--- a/packages/extra/ingress/templates/dashboard.yaml
+++ b/packages/extra/ingress/templates/dashboard.yaml
@@ -0,0 +1,29 @@
+{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
+{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
+{{- if .Values.dashboard }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    acme.cert-manager.io/http01-ingress-class: tenant-root
+  name: dashboard-{{ .Release.Namespace }}
+  namespace: cozy-dashboard
+spec:
+  ingressClassName: {{ .Release.Namespace }}
+  rules:
+  - host: dashboard.{{ $host }}
+    http:
+      paths:
+      - backend:
+          service:
+            name: dashboard
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - dashboard.{{ $host }}
+    secretName: dashboard-{{ .Release.Namespace }}-tls
+{{- end }}
--- a/packages/extra/ingress/values.schema.json
+++ b/packages/extra/ingress/values.schema.json
@@ -25,6 +25,11 @@
            "type": "boolean",
            "description": "Restoring original visitor IPs when Cloudflare proxied is enabled",
            "default": false
+        },
+        "dashboard": {
+            "type": "boolean",
+            "description": "Should ingress serve Cozystack service dashboard",
+            "default": false
        }
    }
 }
--- a/packages/extra/ingress/values.yaml
+++ b/packages/extra/ingress/values.yaml
@@ -24,3 +24,6 @@ whitelist: []

 ## @param clouflareProxy Restoring original visitor IPs when Cloudflare proxied is enabled
 clouflareProxy: false
+
+## @param dashboard Should ingress serve Cozystack service dashboard
+dashboard: false