55 lines
1.2 KiB
YAML
55 lines
1.2 KiB
YAML
{{- /*
|
|
Generate IngressRoute for Traefik for each PocketBase instance
|
|
*/ -}}
|
|
{{- $ingress := .Values.ingress }}
|
|
{{- range .Values.instances }}
|
|
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: pocketbase-{{ .id }}
|
|
labels:
|
|
app: pocketbase
|
|
instance: {{ .id }}
|
|
{{- include "pocketbase.labels" $ | nindent 4 }}
|
|
{{- with $ingress.annotations }}
|
|
annotations:
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
spec:
|
|
entryPoints:
|
|
- web
|
|
- websecure
|
|
routes:
|
|
- match: Host(`{{ .domain }}`)
|
|
kind: Rule
|
|
services:
|
|
- name: pocketbase-{{ .id }}
|
|
port: 80
|
|
middlewares:
|
|
- name: pocketbase-{{ .id }}-headers
|
|
namespace: default
|
|
---
|
|
{{- /*
|
|
Middleware for security headers
|
|
*/ -}}
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: pocketbase-{{ .id }}-headers
|
|
labels:
|
|
app: pocketbase
|
|
instance: {{ .id }}
|
|
{{- include "pocketbase.labels" $ | nindent 4 }}
|
|
spec:
|
|
headers:
|
|
stsSeconds: 31536000
|
|
stsIncludeSubdomains: true
|
|
stsPreload: true
|
|
forceSTSHeader: true
|
|
contentTypeNosniff: true
|
|
browserXssFilter: true
|
|
referrerPolicy: "strict-origin-when-cross-origin"
|
|
customFrameOptionsValue: "SAMEORIGIN"
|
|
{{- end }}
|