Skip to content

Instantly share code, notes, and snippets.

@darkn3rd
Created September 18, 2022 07:38
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save darkn3rd/2e230da9c1d69222470000fe221b22b2 to your computer and use it in GitHub Desktop.
Save darkn3rd/2e230da9c1d69222470000fe221b22b2 to your computer and use it in GitHub Desktop.
GKE NSM2: Dgraph VirtualServer and Policy
repositories:
# https://artifacthub.io/packages/helm/itscontained/raw
- name: itscontained
url: https://charts.itscontained.io
releases:
- name: dgraph-virtualservers
chart: itscontained/raw
namespace: dgraph
version: 0.2.5
disableValidation: true
values:
- resources:
- apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: dgraph-http
spec:
host: dgraph.{{ requiredEnv "DNS_DOMAIN" }}
{{- if eq (env "NGINX_APP_PROTECT") "true" }}
policies:
- name: dgraph-policy
{{- end }}
tls:
secret: dgraph-tls-secret
cert-manager:
cluster-issuer: {{ requiredEnv "ACME_ISSUER_NAME" }}
externalDNS:
enable: true
upstreams:
- name: dgraph
# Name of Service is '${RELEASE}-dgraph-alpha'
service: dgraph-dgraph-alpha
port: 8080
routes:
- path: /
action:
pass: dgraph
- apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: dgraph-grpc
namespace: dgraph
spec:
host: grpc.{{ requiredEnv "DNS_DOMAIN" }}
{{- if eq (env "NGINX_APP_PROTECT") "true" }}
policies:
- name: dgraph-policy
{{- end }}
tls:
secret: grpc-tls-secret
cert-manager:
cluster-issuer: {{ requiredEnv "ACME_ISSUER_NAME" }}
externalDNS:
enable: true
upstreams:
- name: grpc
# Name of Service is '${RELEASE}-dgraph-alpha'
service: dgraph-dgraph-alpha
port: 9080
type: grpc
routes:
- path: /
action:
pass: grpc
{{- if eq (env "NGINX_APP_PROTECT") "true" }}
- apiVersion: k8s.nginx.org/v1
kind: Policy
metadata:
name: dgraph-policy
spec:
accessControl:
allow:
- {{ env "MY_IP_ADDRESS" | default "0.0.0.0/0" | quote }}
{{- end }}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment