Add option for nginx + cert manager
Closed this issue · 5 comments
Currently this helm chart deploys Traefik as the Ingress Controller.
We want an option (probably should the default) to instead install nginx + cert-manager.
It should work the same way as the current prototype - when a new Open edX instance is installed via Tutor, the Ingress
object it creates will register it with the Ingress Controller, and nginx+cert-manager will take care of getting an HTTPS cert and forwarding traffic to that new Caddy instance.
We quickly discussed this work during the meeting, with @felipemontoya and @MoisesGSalas having posted a pull request for the work at #10 . @bradenmacdonald will do a review (anyone else wants to review too?)
I'd recommend expecting that 'cert-manager' and 'nginx-ingress-controller' are already installed.
Most helm charts just have an ingress template, which you can enable to not, generally enabled by default & a place to specify ingress annotations (that's where you'd add your cert-manager annotations). Also, in general there is a field to specify 'ingressClassName', which for me would be 'nginx' because I use the nginx ingress controller.
There was a project 'k8s-at-home' which used a common charts library. They had maybe 100 apps. For each of the apps, you'd specify the configuration of the ingress and the common library would generate the ingress. 'k8s-at-home' has since become deprecated and the common library has been moved over to the 'truecharts' project.
I'm not suggesting you might want to use that common library, but to see it as an example that for all those apps everyone was just expected to have the ingress controller & cert-manager installed, and only to specify how to configure the ingress ... after that an ingress template would fill in the values for ingressClassName, the host url, and the tls host url, and also the annotations.
Lots of ingress templates out there, all fairly similar, maybe this one is a good example:
https://github.com/MoJo2600/pihole-kubernetes/blob/master/charts/pihole/templates/ingress.yaml
With the ingress section in the values file looking something like this:
# -- Configuration for the Ingress
ingress:
# -- Generate a Ingress resource
enabled: false
# -- Specify an ingressClassName
# ingressClassName: nginx
# -- Annotations for the ingress
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
path: /
hosts:
# virtualHost (default value is pi.hole) will be appended to the hosts
- chart-example.local
tls: []
# - secretName: chart-example-tls
# hosts:
# #- virtualHost (default value is pi.hole) will be appended to the hosts
# - chart-example.local
I'm only just stopping by today, so maybe you already have something else in mind. I was just looking to see if there was a helm chart so I could install Open edX and give it a shot. I wouldn't want it to install cert-manager or an ingress controller by default.
Recap from the meeting update - this is now waiting for a new review from @bradenmacdonald , which should likely lead to a merge of the work.
Now that #10 is merged we can close this.