dsk-devops-toolchains/helm/teleport-cluster/templates/proxy/ingress.yaml

{{- $proxy := mustMergeOverwrite (mustDeepCopy .Values) .Values.proxy -}}
{{- if .Values.ingress.enabled -}}
  {{- if (not (eq .Values.proxyListenerMode "multiplex")) -}}
    {{- fail "Use of an ingress requires TLS multiplexing to be enabled, so you must also set proxyListenerMode=multiplex - see https://goteleport.com/docs/architecture/tls-routing/" -}}
  {{- end -}}
  {{- $publicAddr := coalesce .Values.publicAddr (list .Values.clusterName) -}}
  {{- /* Trim ports from all public addresses if present */ -}}
  {{- range $publicAddr -}}
    {{- $address := . -}}
    {{- if (contains ":" $address) -}}
      {{- $split := split ":" $address -}}
      {{- $address = $split._0 -}}
      {{- $publicAddr = append (mustWithout $publicAddr .) $address -}}
    {{- end -}}
    {{- $wildcard := printf "*.%s" $address -}}
    {{- /* Add wildcard versions of all public addresses to ingress, unless 1) suppressed or 2) wildcard version already exists */ -}}
    {{- if and (not $.Values.ingress.suppressAutomaticWildcards) (not (hasPrefix "*." $address)) (not (has $wildcard $publicAddr)) -}}
      {{- $publicAddr = append $publicAddr (printf "*.%s" $address) -}}
    {{- end -}}
  {{- end -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: {{ .Release.Name }}-proxy
  namespace: {{ .Release.Namespace }}
  labels: {{- include "teleport-cluster.proxy.labels" . | nindent 4 }}
  {{- if $proxy.annotations.ingress }}
  annotations: {{- toYaml $proxy.annotations.ingress | nindent 4 }}
  {{- end }}
spec:
  {{- with $proxy.ingress.spec }}
    {{- toYaml . | nindent 2 }}
  {{- end }}
  tls:
  - hosts:
  {{- range $publicAddr }}
    - {{ quote . }}
  {{- end }}
  {{- if $proxy.highAvailability.certManager.enabled }}
    secretName: teleport-tls
  {{- else if $proxy.tls.existingSecretName }}
    secretName: {{ $proxy.tls.existingSecretName }}
  {{- end }}
  rules:
   {{- range $publicAddr }}
  - host: {{ quote . }}
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: {{ $.Release.Name }}
            port:
              number: 443
    {{- end }}
{{- end }}