feat(backend)!: support configuring TLS secretName, adjust value keys

Author: SIMULATAN

backend/templates/_config.tpl

@@ -12,7 +12,7 @@
       {{- end -}}
     {{- end }}
     {{- with $.Values.ingress }}
-    publicHost: {{ ternary "https" "http" .tls }}://{{ .hostname }}{{ trimSuffix "/" .path }}
+    publicHost: {{ (or .tls.enabled (not (empty .tls.extraHosts))) | ternary "https" "http" }}://{{ .hostname }}{{ trimSuffix "/" .path }}
     {{- end }}
     # if `appConfig.mongodb` is set, it overrides the config from `mongodb`.
     {{- if and $.Values.mongodb.deploy (not (kindIs "map" $.Values.appConfig.mongodb)) }}

backend/templates/ingress.yaml

@@ -44,18 +44,20 @@ spec:
     {{- if .Values.ingress.extraRules }}
     {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }}
     {{- end }}
-  {{- if or .Values.ingress.tls .Values.ingress.extraTls }}
+  {{- with .Values.ingress.tls -}}
+  {{- if or .enabled .extraTls }}
   tls:
-    {{- if .Values.ingress.tls }}
+    {{- if .enabled }}
     - hosts:
-        - {{ .Values.ingress.hostname }}
-        {{- range .Values.ingress.extraHosts }}
+        - {{ $.Values.ingress.hostname }}
+        {{- range $.Values.ingress.extraHosts }}
         - {{ .name }}
         {{- end }}
-      secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
+      secretName: {{ .secretName | default (printf "%s-tls" $.Values.ingress.hostname) }}
     {{- end }}
-    {{- if .Values.ingress.extraTls }}
-    {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }}
+    {{- if .extraTls }}
+    {{- include "common.tplvalues.render" ( dict "value" .extraTls "context" $ ) | nindent 4 }}
     {{- end }}
   {{- end }}
+  {{- end -}}
 {{- end }}

backend/values.yaml

@@ -173,11 +173,21 @@ ingress:
   ##   cert-manager.io/cluster-issuer: cluster-issuer-name
   ##
   annotations: {}
-  ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter
-  ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
-  ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
-  ##
-  tls: false
+  tls:
+    ## @param ingress.tls.enabled Enable default TLS configuration for the hostname defined at ingress.hostname parameter
+    ## TLS certificates will be retrieved from a TLS secret with the configured ingress.tls.secretName or default to {{- printf "%s-tls" .Values.ingress.hostname }}
+    enabled: false
+    ## @param ingress.tls.secretName Override the secret to retrieve the TLS certificates from
+    ## will default to {{- printf "%s-tls" .Values.ingress.hostname }}
+    secretName: null
+    ## @param ingress.tls.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
+    ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+    ## extraTls:
+    ## - hosts:
+    ##     - snoty.example.com
+    ##   secretName: snoty-tls-secret
+    ##
+    extraTls: []
   ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
   ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
   ## extraHosts:
@@ -194,14 +204,6 @@ ingress:
   ##     servicePort: use-annotation
   ##
   extraPaths: []
-  ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
-  ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
-  ## extraTls:
-  ## - hosts:
-  ##     - minio.local
-  ##   secretName: minio.local-tls
-  ##
-  extraTls: []
   ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
   ## key and certificate should start with -----BEGIN CERTIFICATE----- or
   ## -----BEGIN RSA PRIVATE KEY-----