Fix enable/disable https

Vadym Mudryi · Vadym Mudryi · commit d358e6a1064a · 2025-04-01T20:24:14.000+03:00
diff --git a/charts/dependencies/templates/minio.yaml b/charts/dependencies/templates/minio.yaml
@@ -17,7 +17,11 @@ metadata:
   name: minio-route
 spec:
   entryPoints:
+  {{- if .Values.ingress.ssl_enabled }}
     - websecure
+  {{- else }}
+    - web
+  {{- end }}
   routes:
   - match: 'Host(`minio.{{ .Values.hostname }}`) || Host(`{{ .Values.hostname }}`)'
     kind: Rule
diff --git a/charts/dependencies/values.yaml b/charts/dependencies/values.yaml
@@ -14,7 +14,5 @@ elasticsearch: {}
 
 hostname: farajaland.dev
 
-cert_manager:
-  enabled: false
-  # Check doc at: https://cert-manager.io/docs/configuration/issuers/
-  cluster_issuer: "<put issuer here>"
+ingress:
+  ssl_enabled: true
diff --git a/charts/opencrvs-services/templates/_helpers.tpl b/charts/opencrvs-services/templates/_helpers.tpl
@@ -36,4 +36,13 @@ Parameters:
       {{- end }}
     {{- end }}
   {{- end }}
+{{- end }}
+
+{{- define "render-external-url" -}}
+{{- $service_name := .service_name }}
+{{- $http_scheme := "http" }}
+{{- if .Values.ingress.ssl_enabled }}
+  {{- $http_scheme = "https" }}
+{{- end }}
+{{- printf "%s://%s.%s" $http_scheme $service_name .Values.hostname }}
 {{- end }}
diff --git a/charts/opencrvs-services/templates/auth-deployment.yaml b/charts/opencrvs-services/templates/auth-deployment.yaml
@@ -18,7 +18,11 @@ metadata:
   name: auth-route
 spec:
   entryPoints:
+  {{- if .Values.ingress.ssl_enabled }}
     - websecure
+  {{- else }}
+    - web
+  {{- end }}
   routes:
   - match: 'Host(`auth.{{ .Values.hostname }}`)'
     kind: Rule
@@ -28,6 +32,7 @@ spec:
       port: 4040
     middlewares:
       - name: sts-and-basic-response-headers
+
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -52,11 +57,11 @@ spec:
             - name: REDIS_HOST
               value: {{ .Values.redis_host | quote }}
             - name: COUNTRY_CONFIG_URL
-              value: "https://countryconfig.{{ .Values.hostname }}"
+              value: {{ include "render-external-url" (dict "service_name" "countryconfig" "Values" .Values) }}
             - name: CLIENT_APP_URL
-              value: "https://register.{{ .Values.hostname }}"
+              value: {{ include "render-external-url" (dict "service_name" "register" "Values" .Values) }}
             - name: LOGIN_URL
-              value: "https://login.{{ .Values.hostname }}"
+              value: {{ include "render-external-url" (dict "service_name" "login" "Values" .Values) }}
             - name: CERT_PRIVATE_KEY_PATH
               value: /secrets/private-key.pem
             - name: CERT_PUBLIC_KEY_PATH
diff --git a/charts/opencrvs-services/templates/client-deployment.yaml b/charts/opencrvs-services/templates/client-deployment.yaml
@@ -18,7 +18,11 @@ metadata:
   name: client-route
 spec:
   entryPoints:
+  {{- if .Values.ingress.ssl_enabled }}
     - websecure
+  {{- else }}
+    - web
+  {{- end }}
   routes:
   - match: 'Host(`register.{{ .Values.hostname }}`) || Host(`{{ .Values.hostname }}`)'
     kind: Rule
@@ -29,6 +33,7 @@ spec:
     middlewares:
       - name: sts-and-basic-response-headers
       # - name: enable-compression
+
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -60,7 +65,7 @@ spec:
             # "DECLARED_DECLARATION_SEARCH_QUERY_COUNT
             # TODO: MINIO
             - name: MINIO_URL
-              value: "https://minio.{{ .Values.hostname }}"
+              value: {{ include "render-external-url" (dict "service_name" "minio" "Values" .Values) }}
           {{- include "render-env-vars" (dict "service_name" "client" "Values" .Values) }}
           livenessProbe:
             httpGet:
diff --git a/charts/opencrvs-services/templates/config-deployment.yaml b/charts/opencrvs-services/templates/config-deployment.yaml
@@ -18,7 +18,11 @@ metadata:
   name: config-route
 spec:
   entryPoints:
+  {{- if .Values.ingress.ssl_enabled }}
     - websecure
+  {{- else }}
+    - web
+  {{- end }}
   routes:
   - match: 'Host(`config.{{ .Values.hostname }}`)'
     kind: Rule
@@ -28,6 +32,10 @@ spec:
       port: 2021
     middlewares:
       - name: sts-and-basic-response-headers
+{{- $http := "http" }}
+{{- if .Values.ingress.ssl_enabled }}
+{{- $http = "https" }}
+{{- end }}
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -54,7 +62,7 @@ spec:
             - name: FHIR_URL
               value: {{ .Values.fhir_url | quote }}
             - name: CLIENT_APP_URL
-              value: "https://register.{{ .Values.hostname }}"
+              value: "{{ $http }}://register.{{ .Values.hostname }}"
             - name: HOST
               value: 0.0.0.0
             - name: PORT
diff --git a/charts/opencrvs-services/templates/countryconfig-deployment.yaml b/charts/opencrvs-services/templates/countryconfig-deployment.yaml
@@ -18,7 +18,11 @@ metadata:
   name: countryconfig-route
 spec:
   entryPoints:
+  {{- if .Values.ingress.ssl_enabled }}
     - websecure
+  {{- else }}
+    - web
+  {{- end }}
   routes:
   - match: 'Host(`countryconfig.{{ .Values.hostname }}`) && !Path(`/email`) && !Path(`/notification`) && !Path(`/dashboards/queries.json`)'
     kind: Rule
@@ -53,8 +57,7 @@ spec:
       port: 3040
     middlewares:
       - name: block-internal-routes
-  # tls:
-  #   certResolver: myresolver
+
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -83,12 +86,12 @@ spec:
             - name: FHIR_URL
               value: {{ .Values.fhir_url | quote }}
             - name: CLIENT_APP_URL
-              value: "https://register.{{ .Values.hostname }}"
+              value: {{ include "render-external-url" (dict "service_name" "register" "Values" .Values) }}
             - name: LOGIN_URL
-              value: "https://login.{{ .Values.hostname }}"
+              value: {{ include "render-external-url" (dict "service_name" "login" "Values" .Values) }}
             # TODO: Check if this value is needed here?
             - name: COUNTRY_CONFIG_URL
-              value: "https://countryconfig.{{ .Values.hostname }}"
+              value: {{ include "render-external-url" (dict "service_name" "countryconfig" "Values" .Values) }}
             - name: DOMAIN
               value: {{ .Values.hostname | quote }}
             - name: GATEWAY_URL
diff --git a/charts/opencrvs-services/templates/dashboards-deployment.yaml b/charts/opencrvs-services/templates/dashboards-deployment.yaml
@@ -18,7 +18,11 @@ metadata:
   name: dashboards-route
 spec:
   entryPoints:
+  {{- if .Values.ingress.ssl_enabled }}
     - websecure
+  {{- else }}
+    - web
+  {{- end }}
   routes:
   - match: 'Host(`metabase.{{ .Values.hostname }}`)'
     kind: Rule
diff --git a/charts/opencrvs-services/templates/events-deployment.yaml b/charts/opencrvs-services/templates/events-deployment.yaml
@@ -18,7 +18,11 @@ metadata:
   name: events-route
 spec:
   entryPoints:
+  {{- if .Values.ingress.ssl_enabled }}
     - websecure
+  {{- else }}
+    - web
+  {{- end }}
   routes:
   - match: 'Host(`events.{{ .Values.hostname }}`)'
     kind: Rule
diff --git a/charts/opencrvs-services/templates/gateway-deployment.yaml b/charts/opencrvs-services/templates/gateway-deployment.yaml
@@ -18,7 +18,11 @@ metadata:
   name: gateway-route
 spec:
   entryPoints:
+  {{- if .Values.ingress.ssl_enabled }}
     - websecure
+  {{- else }}
+    - web
+  {{- end }}
   routes:
   - match: 'Host(`gateway.{{ .Values.hostname }}`)'
     kind: Rule
@@ -29,6 +33,7 @@ spec:
     middlewares:
       - name: sts-and-basic-response-headers
       # - name: enable-compression
+
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -59,9 +64,9 @@ spec:
             - name: REDIS_HOST
               value: {{ .Values.redis_host | quote }}
             - name: CLIENT_APP_URL
-              value: "https://register.{{ .Values.hostname }}"
+              value: {{ include "render-external-url" (dict "service_name" "register" "Values" .Values) }}
             - name: LOGIN_URL
-              value: "https://login.{{ .Values.hostname }}"
+              value: {{ include "render-external-url" (dict "service_name" "login" "Values" .Values) }}
             - name: APPLICATION_CONFIG_URL
               value: "http://config.{{ .Release.Namespace }}.svc.cluster.local:2021"
             - name: AUTH_URL
diff --git a/charts/opencrvs-services/templates/login-deployment.yaml b/charts/opencrvs-services/templates/login-deployment.yaml
@@ -18,7 +18,11 @@ metadata:
   name: login-route
 spec:
   entryPoints:
+  {{- if .Values.ingress.ssl_enabled }}
     - websecure
+  {{- else }}
+    - web
+  {{- end }}
   routes:
   - match: 'Host(`login.{{ .Values.hostname }}`)'
     kind: Rule
diff --git a/charts/opencrvs-services/templates/user-mgnt-deployment.yaml b/charts/opencrvs-services/templates/user-mgnt-deployment.yaml
@@ -11,6 +11,7 @@ spec:
   selector:
     app: user-mgnt
   type: {{ .Values.service_type }}
+
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -49,7 +50,7 @@ spec:
             - name: MONGO_URL
               value: mongodb://{{ .Values.mongodb_host }}/user-mgnt
             - name: COUNTRY_CONFIG_URL
-              value: "https://countryconfig.{{ .Values.hostname }}"
+              value: {{ include "render-external-url" (dict "service_name" "countryconfig" "Values" .Values) }}
           {{- include "render-env-vars" (dict "service_name" "userMgnt" "Values" .Values) }}
           ports:
             - containerPort: 3030
diff --git a/charts/opencrvs-services/templates/webhooks-deployment.yaml b/charts/opencrvs-services/templates/webhooks-deployment.yaml
@@ -18,7 +18,11 @@ metadata:
   name: webhooks-route
 spec:
   entryPoints:
+  {{- if .Values.ingress.ssl_enabled }}
     - websecure
+  {{- else }}
+    - web
+  {{- end }}
   routes:
   - match: 'Host(`webhooks.{{ .Values.hostname }}`)'
     kind: Rule
diff --git a/charts/opencrvs-services/values.yaml b/charts/opencrvs-services/values.yaml
@@ -29,6 +29,9 @@ hostname: farajaland.com
 # Developer mode flag.
 dev_mode: false
 
+ingress:
+  ssl_enabled: true
+
 service_type: ClusterIP
 
 # Global environment variables applied to
