From bcd8bd93710819cd7ade4dce6312cdb9940a1ec8 Mon Sep 17 00:00:00 2001
From: Robert Choi <taeil.choi@sk.com>
Date: Tue, 10 Oct 2023 18:07:11 +0900
Subject: [PATCH 1/2] use separate ingress-nginx for tks-admin-tools

---
 tks-admin-tools/base/resources.yaml | 58 +++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)

diff --git a/tks-admin-tools/base/resources.yaml b/tks-admin-tools/base/resources.yaml
index 6cb1f17..92bae7a 100644
--- a/tks-admin-tools/base/resources.yaml
+++ b/tks-admin-tools/base/resources.yaml
@@ -186,3 +186,61 @@ spec:
     portal:
       replicas: 1  # tunable
     harborAdminPassword: password  # tunable
+---
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+  labels:
+    name: ingress-nginx
+  name: ingress-nginx
+spec:
+  helmVersion: v3
+  chart:
+    type: helmrepo
+    repository: https://harbor.taco-cat.xyz/chartrepo/tks
+    name: ingress-nginx
+    version: 4.0.17
+    origin: https://kubernetes.github.io/ingress-nginx
+  releaseName: ingress-nginx
+  targetNamespace: ingress-nginx
+  values:
+    controller:
+      image:
+        registry: harbor.taco-cat.xyz
+        image: tks/controller
+        digest: ""
+      admissionWebhooks:
+        patch:
+          image:
+            registry: harbor.taco-cat.xyz
+            image: tks/kube-webhook-certgen
+            digest: ""
+      replicaCount: 1
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/name
+                  operator: In
+                  values:
+                  - ingress-nginx
+              topologyKey: "kubernetes.io/hostname"
+      service:
+        externalTrafficPolicy: Local
+        annotations: {}
+        type: TO_BE_FIXED
+      config:
+        enable-underscores-in-headers: "true"
+        use-proxy-protocol: "false"
+        enable-real-ip: "true"
+        proxy-body-size: "10m"
+      hostPort:
+        enabled: true
+      resources:
+        requests:
+          cpu: 100m
+          memory: 4Gi
+  wait: true

From 64d38e7dee31a9f3e908d6eaa0d35eda140a781b Mon Sep 17 00:00:00 2001
From: Robert Choi <taeil.choi@sk.com>
Date: Tue, 10 Oct 2023 18:14:43 +0900
Subject: [PATCH 2/2] trivial: add tunable tag

---
 tks-admin-tools/base/resources.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tks-admin-tools/base/resources.yaml b/tks-admin-tools/base/resources.yaml
index 92bae7a..abb5ef6 100644
--- a/tks-admin-tools/base/resources.yaml
+++ b/tks-admin-tools/base/resources.yaml
@@ -168,7 +168,7 @@ spec:
         # "verify-full" - Always SSL (verify that the certification presented by the
         # server was signed by a trusted CA and the server host name matches the one
         # in the certificate)
-        sslmode: "require"
+        sslmode: "require" # tunable
     notary:
       enabled: false
     cache: