helm: allow to define extra ingresses

CHANGES.rst

@@ -8,7 +8,7 @@ Version 0.9.1 (UNRELEASED)
     - Adds new configuration option ``interactive_sessions.maximum_inactivity_period`` to set a limit in days for the maximum inactivity period of interactive sessions after which they will be closed.
     - Adds new configuration option ``interactive_sessions.cronjob_schedule`` to set how often interactive session cleanup should be performed.
     - Adds support for Kubernetes clusters 1.26.
-    - Adds new Ingress resource that uses traefik middleware to redirect HTTP requests to HTTPS, in order to support traefik v2 version.
+    - Adds new configuration option ``ingress.extra`` to define extra Ingress resources, in order to support redirecting HTTP requests to HTTPS with traefik v2 version.
 
 Version 0.9.0 (2023-01-26)
 --------------------------

helm/reana/README.md

@@ -63,6 +63,7 @@ This Helm automatically prefixes all names using the release name to avoid colli
 | `ingress.annotations.kubernetes.io/ingress.class`        | Type of ingress controller                                                           | traefik                                         |
 | `ingress.annotations.traefik.ingress.kubernetes.io/router.entrypoints` | Entrypoints allowed by the ingress controller                          | "web,websecure"                                 |
 | `ingress.enabled`                                        | Create an ingress resource to access the REANA instance from outside the cluster     | true                                            |
+| `ingress.extra`                                          | An array of extra ingress resources. They can be configured in the same way as the default ingress, with the addition of `ingress.extra[].name`. | [] |
 | `ingress.tls.secret_name`                                | Name of the Kubernetes secret containing the TLS certificate to be used              | None                                            |
 | `ingress.tls.self_signed_cert`                           | Enable the generation of a self-signed TLS certificate                               | true                                            |
 | `kubernetes_jobs_memory_limit`                           | Maximum default memory limit for user job containers. Exceeding this limit will terminate the container. Please see the following URL for possible values https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-memory. | 4Gi |

helm/reana/templates/ingress.yaml

@@ -1,56 +1,22 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ include "reana.prefix" . }}-ingress-http
-  namespace: {{ .Release.Namespace }}
-  annotations:
-    kubernetes.io/ingress.class: traefik
-    traefik.ingress.kubernetes.io/router.entrypoints: http
-    traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-scheme@kubernetescrd
-spec:
-  rules:
-    - http:
-        paths:
-        - path: /api
-          pathType: Prefix
-          backend:
-            service:
-              name: {{ include "reana.prefix" . }}-server
-              port:
-                number: 80
-        - path: /oauth
-          pathType: Prefix
-          backend:
-            service:
-              name: {{ include "reana.prefix" . }}-server
-              port:
-                number: 80
-        {{- if .Values.components.reana_ui.enabled }}
-        - path: /
-          pathType: Prefix
-          backend:
-            service:
-              name: {{ include "reana.prefix" . }}-ui
-              port:
-                number: 80
-        {{- end }}
-      {{- if .Values.reana_hostname }}
-      host: {{ .Values.reana_hostname }}
-      {{- end }}
+{{- range (concat (list .Values.ingress) .Values.ingress.extra) }}
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ include "reana.prefix" . }}-ingress
-  namespace: {{ .Release.Namespace }}
-  {{- with .Values.ingress.annotations }}
+  {{- if .name }}
+  name: {{ include "reana.prefix" $ }}-ingress-{{ .name }}
+  {{- else }}
+  name: {{ include "reana.prefix" $ }}-ingress
+  {{- end }}
+  namespace: {{ $.Release.Namespace }}
+  {{- with .annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
-  {{- with .Values.ingress.tls }}
+  {{- with .tls }}
   {{- if and .self_signed_cert .secret_name }}
-    {{- fail "Cannot set `ingress.tls.secret_name` and `ingress.tls.self_signed_cert` at the same time" }}
+    {{- fail "Cannot set `.tls.secret_name` and `.tls.self_signed_cert` at the same time" }}
   {{- end }}
   {{- if .self_signed_cert }}
   tls:
@@ -68,25 +34,26 @@ spec:
           pathType: Prefix
           backend:
             service:
-              name: {{ include "reana.prefix" . }}-server
+              name: {{ include "reana.prefix" $ }}-server
               port:
                 number: 80
         - path: /oauth
           pathType: Prefix
           backend:
             service:
-              name: {{ include "reana.prefix" . }}-server
+              name: {{ include "reana.prefix" $ }}-server
               port:
                 number: 80
-        {{- if .Values.components.reana_ui.enabled }}
+        {{- if $.Values.components.reana_ui.enabled }}
         - path: /
           pathType: Prefix
           backend:
             service:
-              name: {{ include "reana.prefix" . }}-ui
+              name: {{ include "reana.prefix" $ }}-ui
               port:
                 number: 80
         {{- end }}
-      {{- if .Values.reana_hostname }}
-      host: {{ .Values.reana_hostname }}
+      {{- if $.Values.reana_hostname }}
+      host: {{ $.Values.reana_hostname }}
       {{- end }}
+{{- end }}

helm/reana/values.yaml

@@ -127,6 +127,7 @@ ingress:
     traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
   tls:
     self_signed_cert: true
+  extra: []
 
 # Permissions
 serviceAccount: