add ingress

Author: girts512

helm/token-images/templates/ingress.yaml

@@ -0,0 +1,39 @@
+{{- if .Values.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "token-images.fullname" . }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    {{- include "token-images.labels" . | nindent 4 }}
+  annotations:
+    # AWS Load Balancer Controller annotations
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/target-type: ip
+    alb.ingress.kubernetes.io/subnets: {{ .Values.ingress.subnets | quote }}
+    # IMPORTANT: Comment out group.name to avoid creating separate ALB
+    # alb.ingress.kubernetes.io/group.name: {{ .Values.ingress.groupName | default "default" }}
+    # SSL/TLS settings
+    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+    alb.ingress.kubernetes.io/ssl-redirect: '443'
+    # Health check settings
+    alb.ingress.kubernetes.io/healthcheck-path: {{ .Values.ingress.healthCheckPath | default "/health" }}
+    alb.ingress.kubernetes.io/healthcheck-port: {{ .Values.service.targetPort | quote }}
+spec:
+  ingressClassName: {{ .Values.ingress.className | default "alb" }}
+  rules:
+  - host: {{ .Values.ingress.host }}
+    http:
+      paths:
+      - path: {{ .Values.ingress.path | default "/" }}
+        pathType: {{ .Values.ingress.pathType | default "Prefix" }}
+        backend:
+          service:
+            name: {{ include "token-images.fullname" . }}
+            port:
+              number: {{ .Values.service.port }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- toYaml .Values.ingress.tls | nindent 4 }}
+  {{- end }}
+{{- end }}

helm/token-images/values.yaml

@@ -12,6 +12,9 @@ service:
   type: ClusterIP
   port: 80
   targetPort: 4000
+  # Option 2: Use ExternalName service to point to existing ALB
+  useExternalName: false
+  externalName: "eul-dev-lb-1234567890.eu-west-1.elb.amazonaws.com"  # Replace with your ALB DNS name
 
 resources:
   limits:
@@ -34,3 +37,18 @@ secrets:
   name: "token-images-prd"  # Matches managedSecret.name in DopplerSecret
   # Optional: specify if you want to use envFrom (mounts all secrets) or individual env vars
   useEnvFrom: true
+
+# Ingress configuration for AWS ALB
+ingress:
+  enabled: true
+  className: "alb"
+  groupName: "eul-dev-lb-group"  # Group name for ALB sharing
+  subnets: "subnet-0c1704842f6ef41d1, subnet-0e76b0603f950b3fa, subnet-0a2dac517ddd5c387"
+  host: "tokens.eul.dev"
+  path: "/"
+  pathType: "Prefix"
+  healthCheckPath: "/health"  # Update this to match your app's health endpoint
+  tls:
+    - secretName: tokens-eul-dev-tls  # Create this secret with your SSL certificate
+      hosts:
+        - tokens.eul.dev