drop AP routes from ingress when proxy is enabled

2025-09-29 13:52:09 +02:00 · 2025-09-29 13:52:09 +02:00 · 9443c74abc
commit 9443c74abc
parent 003b3bdf11
6 changed files with 37 additions and 11 deletions
--- a/charts/ghost/Chart.yaml
+++ b/charts/ghost/Chart.yaml
@ -18,7 +18,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.11.1
+version: 1.11.2

 # renovate: image=docker.io/ghost
 appVersion: "6.0.10"
--- a/charts/ghost/README.md
+++ b/charts/ghost/README.md
@ -1,6 +1,6 @@
 # ghost

-![Version: 1.11.1](https://img.shields.io/badge/Version-1.11.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.0.10](https://img.shields.io/badge/AppVersion-6.0.10-informational?style=flat-square)
+![Version: 1.11.2](https://img.shields.io/badge/Version-1.11.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.0.10](https://img.shields.io/badge/AppVersion-6.0.10-informational?style=flat-square)

 A Helm chart for deploying Ghost on Kubernetes

@ -95,10 +95,10 @@ A Helm chart for deploying Ghost on Kubernetes
 | imagePullSecrets | list | `[]` |  |
 | ingress.annotations | object | `{}` |  |
 | ingress.className | string | `""` | ingress class name e.g. nginx |
-| ingress.enabled | bool | `false` | enable ingress from outside the cluster |
+| ingress.enabled | bool | `true` | enable ingress from outside the cluster |
 | ingress.hosts[0].host | string | `"chart-example.local"` |  |
 | ingress.hosts[0].paths[0].path | string | `"/"` |  |
-| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` |  |
+| ingress.hosts[0].paths[0].pathType | string | `"Path"` |  |
 | ingress.tls | list | `[]` |  |
 | livenessProbe.httpGet.path | string | `"/"` |  |
 | livenessProbe.httpGet.port | string | `"http"` |  |
@ -112,6 +112,7 @@ A Helm chart for deploying Ghost on Kubernetes
 | podSecurityContext | object | `{}` | Configure Pods Security Context ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod |
 | proxy.config | string | `"user nginx;\nworker_processes  1;\nevents {\n  worker_connections  10240;\n}\nhttp {\n  server {\n      listen       80;\n      server_name  0.0.0.0;\n      location / {\n        root   /usr/share/nginx/html; #Change this line\n        index  index.html index.htm;\n    }\n  }\n}"` | config to be mounted into the nginx container |
 | proxy.enabled | bool | `true` | enable/disable the embedded proxy |
+| proxy.service.port | int | `80` | port exposed by proxy service |
 | readinessProbe.httpGet.path | string | `"/"` |  |
 | readinessProbe.httpGet.port | string | `"http"` |  |
 | replicaCount | int | `1` | This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ |
--- a/charts/ghost/templates/ingress.yaml
+++ b/charts/ghost/templates/ingress.yaml
@ -32,6 +32,7 @@ spec:
      http:
        paths:
          {{- if $.Values.activity_pub.enabled }}
+          {{- if not $.Values.proxy.enabled }}
          # ActivityPub routes (must come before the catch-all route)
          - path: /\.ghost/activitypub(?/.*)?
            pathType: ImplementationSpecific
@ -57,7 +58,7 @@ spec:
                port:
                  number: {{ $.Values.activity_pub.service.port }}
          {{- end }}
-
+          {{- end }}
          # regular ghost stuff
          {{- range .paths }}
          - path: {{ .path }}
@ -66,9 +67,15 @@ spec:
            {{- end }}
            backend:
              service:
+                {{- if $.Values.proxy.enabled }}
+                name: {{ include "ghost.fullname" $ }}-proxy
+                port:
+                  number: {{ $.Values.proxy.service.port }}
+                {{- else}}
                name: {{ include "ghost.fullname" $ }}
                port:
                  number: {{ $.Values.service.port }}
+                {{- end }}
          {{- end }}

    # Admin domain
@ -76,6 +83,7 @@ spec:
      http:
        paths:
          {{- if $.Values.activity_pub.enabled }}
+          {{- if not $.Values.proxy.enabled }}
          # ActivityPub routes (must come before the catch-all route)
          - path: /\.ghost/activitypub(?/.*)?
            pathType: ImplementationSpecific
@ -101,13 +109,20 @@ spec:
                port:
                  number: {{ $.Values.activity_pub.service.port }}
          {{- end }}
+          {{- end }}

          - path: /
            pathType: Prefix
            backend:
              service:
+                {{- if $.Values.proxy.enabled }}
+                name: {{ include "ghost.fullname" $ }}-proxy
+                port:
+                  number: {{ $.Values.proxy.service.port }}
+                {{- else}}
                name: {{ include "ghost.fullname" $ }}
                port:
                  number: {{ $.Values.service.port }}
+                {{- end }}
    {{- end }}
 {{- end }}
--- a/charts/ghost/templates/proxy-deployment.yaml
+++ b/charts/ghost/templates/proxy-deployment.yaml
@ -4,16 +4,22 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: ghost-nginx-proxy
+  labels:
+    app.kubernetes.io/component: proxy
+    {{- include "ghost.labels" . | nindent 4 }}
 spec:
  selector:
    matchLabels:
-      {{- include "ghost.selectorLabels" . | nindent 4 }}
+      {{- include "ghost.selectorLabels" . | nindent 6 }}
  replicas: 1
  template:
    metadata:
      labels:
-        app.kubernetes.io/component: ghost
-        {{- include "ghost.labels" . | nindent 4 }}
+        app.kubernetes.io/component: proxy
+        {{- include "ghost.labels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
    spec:
      containers:
        - name: nginx
--- a/charts/ghost/templates/proxy-service.yaml
+++ b/charts/ghost/templates/proxy-service.yaml
@ -10,7 +10,7 @@ spec:
  type: ClusterIP
  ports:
    - name: nginx
-      port: 80
+      port: {{ .Values.proxy.service.port }}
      targetPort: 80
      protocol: TCP
  selector:
--- a/charts/ghost/values.yaml
+++ b/charts/ghost/values.yaml
@ -76,7 +76,7 @@ service:
 # https://kubernetes.io/docs/concepts/services-networking/ingress/
 ingress:
  # -- enable ingress from outside the cluster
-  enabled: false
+  enabled: true
  # -- ingress class name e.g. nginx
  className: ""
  annotations: {}
@ -86,7 +86,7 @@ ingress:
    - host: chart-example.local
      paths:
        - path: /
-          pathType: ImplementationSpecific
+          pathType: Path
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
@ -359,6 +359,10 @@ proxy:
  # -- enable/disable the embedded proxy
  enabled: true

+  service:
+    # -- port exposed by proxy service
+    port: 80
+
  # -- config to be mounted into the nginx container
  config: |-
    user nginx;