From 153620272eecdd2ec7902096ee865dad359ebda5 Mon Sep 17 00:00:00 2001
From: Stephen Liang <stephenliang@users.noreply.github.com>
Date: Tue, 9 Jun 2020 20:02:04 -0700
Subject: [PATCH] Add ingress for Unifi controller sevice when not using the
 unified service. (#22703)

Fixes #21887

Bump version to 0.10.0

Signed-off-by: Stephen Liang <stephenliang@users.noreply.github.com>
---
 charts/unifi/Chart.yaml                       |  2 +-
 charts/unifi/README.md                        |  6 +++
 .../unifi/templates/controller-ingress.yaml   | 39 +++++++++++++++++++
 charts/unifi/values.yaml                      |  9 +++++
 4 files changed, 55 insertions(+), 1 deletion(-)
 create mode 100644 charts/unifi/templates/controller-ingress.yaml

diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml
index de7ba11a..b6349ab4 100644
--- a/charts/unifi/Chart.yaml
+++ b/charts/unifi/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: 5.12.35
 description: Ubiquiti Network's Unifi Controller
 name: unifi
-version: 0.9.0
+version: 0.10.0
 keywords:
   - ubiquiti
   - unifi
diff --git a/charts/unifi/README.md b/charts/unifi/README.md
index 5d6eaa2d..4e15a611 100644
--- a/charts/unifi/README.md
+++ b/charts/unifi/README.md
@@ -69,6 +69,12 @@ The following tables lists the configurable parameters of the Unifi chart and th
 | `controllerService.loadBalancerIP`              | `{}`                         | Loadbalance IP for the Unifi Controller                                                                                |
 | `controllerService.loadBalancerSourceRanges`    | None                         | List of IP CIDRs allowed access to load balancer (if supported)                                                        |
 | `controllerService.externalTrafficPolicy`       | `Cluster`                    | Set the externalTrafficPolicy in the Service to either Cluster or Local                                                |
+| `controllerService.ingress.enabled`             | `false`                      | Enables Ingress for the controller                                                                                     |
+| `controllerService.ingress.annotations`         | `{}`                         | Ingress annotations for the controller                                                                                 |
+| `controllerService.ingress.labels`              | `{}`                         | Custom labels for the controller                                                                                       |
+| `controllerService.ingress.path`                | `/`                          | Ingress path for the controller                                                                                        |
+| `controllerService.ingress.hosts`               | `chart-example.local`        | Ingress accepted hostnames for the controller                                                                          |
+| `controllerService.ingress.tls`                 | `[]`                         | Ingress TLS configuration for the controller                                                                           |
 | `stunService.type`                              | `NodePort`                   | Kubernetes service type for the Unifi STUN                                                                             |
 | `stunService.port`                              | `3478`                       | Kubernetes UDP port where the Unifi STUN is exposed                                                                    |
 | `stunService.annotations`                       | `{}`                         | Service annotations for the Unifi STUN                                                                                 |
diff --git a/charts/unifi/templates/controller-ingress.yaml b/charts/unifi/templates/controller-ingress.yaml
new file mode 100644
index 00000000..a0234af0
--- /dev/null
+++ b/charts/unifi/templates/controller-ingress.yaml
@@ -0,0 +1,39 @@
+{{- if (and .Values.controllerService.ingress.enabled (not .Values.unifiedService.enabled)) }}
+{{- $fullName := include "unifi.fullname" . -}}
+{{- $ingressPath := .Values.controllerService.ingress.path -}}
+{{- $unifiedServiceEnabled := .Values.unifiedService.enabled -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-controller
+  labels:
+    app.kubernetes.io/name: {{ include "unifi.name" . }}
+    helm.sh/chart: {{ include "unifi.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.controllerService.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.controllerService.ingress.tls }}
+  tls:
+  {{- range .Values.controllerService.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.controllerService.ingress.hosts }}
+    - host: {{ . }}
+      http:
+        paths:
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $fullName }}-controller
+              servicePort: controller
+  {{- end }}
+{{- end }}
diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml
index 722977f5..0b4e2678 100644
--- a/charts/unifi/values.yaml
+++ b/charts/unifi/values.yaml
@@ -117,6 +117,15 @@ controllerService:
   # loadBalancerSourceRanges: []
   ## Set the externalTrafficPolicy in the Service to either Cluster or Local
   # externalTrafficPolicy: Cluster
+  ##
+  # Ingress settings only for the controller
+  ingress:
+    enabled: false
+    annotations: {}
+    path: /
+    hosts:
+      - chart-example.local
+    tls: []
 
 stunService:
   type: NodePort