From a902e31521c7691a796a3ace3a1f695d3d6afa3c Mon Sep 17 00:00:00 2001 From: Anthony LC Date: Tue, 3 Dec 2024 15:19:26 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7(helm)=20add=20ingress=20collaborat?= =?UTF-8?q?ion=20api?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We need to keep the stickyness between the collaboration api and the ws server, to do so, we will use "upstream-hash-by: $arg_room", meaning that the stickyness will be based on the room query. We need to ahve 2 ingress to handle the "collaboration_auth", only the ws routes has to use the "collaboration_auth" subrequest. --- src/helm/env.d/dev/values.impress.yaml.gotmpl | 19 ++--- .../templates/ingress_collaboration_api.yaml | 72 +++++++++++++++++++ ..._ws.yaml => ingress_collaboration_ws.yaml} | 30 ++++---- src/helm/impress/values.yaml | 54 ++++++++++---- 4 files changed, 138 insertions(+), 37 deletions(-) create mode 100644 src/helm/impress/templates/ingress_collaboration_api.yaml rename src/helm/impress/templates/{ingress_ws.yaml => ingress_collaboration_ws.yaml} (60%) diff --git a/src/helm/env.d/dev/values.impress.yaml.gotmpl b/src/helm/env.d/dev/values.impress.yaml.gotmpl index c49c39d5..fd049cb7 100644 --- a/src/helm/env.d/dev/values.impress.yaml.gotmpl +++ b/src/helm/env.d/dev/values.impress.yaml.gotmpl @@ -8,7 +8,7 @@ backend: envVars: COLLABORATION_API_URL: https://impress.127.0.0.1.nip.io/collaboration/api/ COLLABORATION_SERVER_SECRET: my-secret - DJANGO_CSRF_TRUSTED_ORIGINS: https://impress.127.0.0.1.nip.io,http://impress.127.0.0.1.nip.io + DJANGO_CSRF_TRUSTED_ORIGINS: https://impress.127.0.0.1.nip.io DJANGO_CONFIGURATION: Feature DJANGO_ALLOWED_HOSTS: impress.127.0.0.1.nip.io DJANGO_SECRET_KEY: {{ .Values.djangoSecretKey }} @@ -28,7 +28,9 @@ backend: OIDC_RP_CLIENT_ID: {{ .Values.oidc.clientId }} OIDC_RP_CLIENT_SECRET: {{ .Values.oidc.clientSecret }} OIDC_RP_SIGN_ALGO: RS256 - OIDC_RP_SCOPES: "openid email" + OIDC_RP_SCOPES: "openid email given_name usual_name" + USER_OIDC_FIELD_TO_SHORTNAME: "given_name" + USER_OIDC_FIELDS_TO_FULLNAME: "given_name,usual_name" OIDC_REDIRECT_ALLOWED_HOSTS: https://impress.127.0.0.1.nip.io OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" LOGIN_REDIRECT_URL: https://impress.127.0.0.1.nip.io @@ -77,8 +79,6 @@ frontend: envVars: PORT: 8080 NEXT_PUBLIC_API_ORIGIN: https://impress.127.0.0.1.nip.io - NEXT_PUBLIC_Y_PROVIDER_URL: wss://impress.127.0.0.1.nip.io/ws - NEXT_PUBLIC_MEDIA_URL: https://impress.127.0.0.1.nip.io replicas: 1 command: @@ -107,15 +107,16 @@ ingress: enabled: true host: impress.127.0.0.1.nip.io -ingressWS: +ingressCollaborationWS: enabled: true host: impress.127.0.0.1.nip.io - + annotations: - nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, Can-Edit, User-Id" nginx.ingress.kubernetes.io/auth-url: https://impress.127.0.0.1.nip.io/api/v1.0/documents/collaboration-auth/ - nginx.ingress.kubernetes.io/enable-websocket: "true" - nginx.ingress.kubernetes.io/upstream-hash-by: "$request_uri" + +ingressCollaborationApi: + enabled: true + host: impress.127.0.0.1.nip.io ingressAdmin: enabled: true diff --git a/src/helm/impress/templates/ingress_collaboration_api.yaml b/src/helm/impress/templates/ingress_collaboration_api.yaml new file mode 100644 index 00000000..9d9c07e8 --- /dev/null +++ b/src/helm/impress/templates/ingress_collaboration_api.yaml @@ -0,0 +1,72 @@ +{{- if .Values.ingressCollaborationApi.enabled -}} +{{- $fullName := include "impress.fullname" . -}} +{{- if and .Values.ingressCollaborationApi.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingressCollaborationApi.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingressCollaborationApi.annotations "kubernetes.io/ingress.class" .Values.ingressCollaborationApi.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }}-collaboration-api + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "impress.labels" . | nindent 4 }} + {{- with .Values.ingressCollaborationApi.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingressCollaborationApi.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingressCollaborationApi.className }} + {{- end }} + {{- if .Values.ingressCollaborationApi.tls.enabled }} + tls: + {{- if .Values.ingressCollaborationApi.host }} + - secretName: {{ $fullName }}-tls + hosts: + - {{ .Values.ingressCollaborationApi.host | quote }} + {{- end }} + {{- range .Values.ingressCollaborationApi.tls.additional }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- if .Values.ingressCollaborationApi.host }} + - host: {{ .Values.ingressCollaborationApi.host | quote }} + http: + paths: + - path: {{ .Values.ingressCollaborationApi.path | quote }} + {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: ImplementationSpecific + {{- end }} + backend: + service: + name: {{ include "impress.yProvider.fullname" . }} + port: + number: {{ .Values.yProvider.service.port }} + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ include "impress.yProvider.fullname" . }} + port: + number: {{ .Values.yProvider.service.port }} + {{- else }} + serviceName: {{ include "impress.yProvider.fullname" . }} + servicePort: {{ .Values.yProvider.service.port }} + {{- end }} + {{- with .Values.ingressCollaborationApi.customBackends }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- end }} +{{- end }} + diff --git a/src/helm/impress/templates/ingress_ws.yaml b/src/helm/impress/templates/ingress_collaboration_ws.yaml similarity index 60% rename from src/helm/impress/templates/ingress_ws.yaml rename to src/helm/impress/templates/ingress_collaboration_ws.yaml index 363c9439..ecb60ce6 100644 --- a/src/helm/impress/templates/ingress_ws.yaml +++ b/src/helm/impress/templates/ingress_collaboration_ws.yaml @@ -1,8 +1,8 @@ -{{- if .Values.ingressWS.enabled -}} +{{- if .Values.ingressCollaborationWS.enabled -}} {{- $fullName := include "impress.fullname" . -}} -{{- if and .Values.ingressWS.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingressWS.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingressWS.annotations "kubernetes.io/ingress.class" .Values.ingressWS.className}} +{{- if and .Values.ingressCollaborationWS.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingressCollaborationWS.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingressCollaborationWS.annotations "kubernetes.io/ingress.class" .Values.ingressCollaborationWS.className}} {{- end }} {{- end }} {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} @@ -18,22 +18,22 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "impress.labels" . | nindent 4 }} - {{- with .Values.ingressWS.annotations }} + {{- with .Values.ingressCollaborationWS.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: - {{- if and .Values.ingressWS.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingressWS.className }} + {{- if and .Values.ingressCollaborationWS.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingressCollaborationWS.className }} {{- end }} - {{- if .Values.ingressWS.tls.enabled }} + {{- if .Values.ingressCollaborationWS.tls.enabled }} tls: - {{- if .Values.ingressWS.host }} + {{- if .Values.ingressCollaborationWS.host }} - secretName: {{ $fullName }}-tls hosts: - - {{ .Values.ingressWS.host | quote }} + - {{ .Values.ingressCollaborationWS.host | quote }} {{- end }} - {{- range .Values.ingressWS.tls.additional }} + {{- range .Values.ingressCollaborationWS.tls.additional }} - hosts: {{- range .hosts }} - {{ . | quote }} @@ -42,11 +42,11 @@ spec: {{- end }} {{- end }} rules: - {{- if .Values.ingressWS.host }} - - host: {{ .Values.ingressWS.host | quote }} + {{- if .Values.ingressCollaborationWS.host }} + - host: {{ .Values.ingressCollaborationWS.host | quote }} http: paths: - - path: {{ .Values.ingressWS.path | quote }} + - path: {{ .Values.ingressCollaborationWS.path | quote }} {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} pathType: ImplementationSpecific {{- end }} @@ -64,7 +64,7 @@ spec: serviceName: {{ include "impress.yProvider.fullname" . }} servicePort: {{ .Values.yProvider.service.port }} {{- end }} - {{- with .Values.ingressWS.customBackends }} + {{- with .Values.ingressCollaborationWS.customBackends }} {{- toYaml . | nindent 10 }} {{- end }} {{- end }} diff --git a/src/helm/impress/values.yaml b/src/helm/impress/values.yaml index 2e3d6c81..3ebfe119 100644 --- a/src/helm/impress/values.yaml +++ b/src/helm/impress/values.yaml @@ -48,34 +48,62 @@ ingress: ## @param ingress.customBackends Add custom backends to ingress customBackends: [] -## @param ingressWS.enabled whether to enable the Ingress or not -## @param ingressWS.className IngressClass to use for the Ingress -## @param ingressWS.host Host for the Ingress -## @param ingressWS.path Path to use for the Ingress -ingressWS: +## @param ingressCollaborationWS.enabled whether to enable the Ingress or not +## @param ingressCollaborationWS.className IngressClass to use for the Ingress +## @param ingressCollaborationWS.host Host for the Ingress +## @param ingressCollaborationWS.path Path to use for the Ingress +ingressCollaborationWS: enabled: false className: null host: impress.example.com - path: /ws + path: /collaboration/ws/ ## @param ingress.hosts Additional host to configure for the Ingress hosts: [] # - chart-example.local - ## @param ingressWS.tls.enabled Wether to enable TLS for the Ingress - ## @skip ingressWS.tls.additional - ## @extra ingressWS.tls.additional[].secretName Secret name for additional TLS config - ## @extra ingressWS.tls.additional[].hosts[] Hosts for additional TLS config + ## @param ingressCollaborationWS.tls.enabled Wether to enable TLS for the Ingress + ## @skip ingressCollaborationWS.tls.additional + ## @extra ingressCollaborationWS.tls.additional[].secretName Secret name for additional TLS config + ## @extra ingressCollaborationWS.tls.additional[].hosts[] Hosts for additional TLS config tls: enabled: true additional: [] - ## @param ingressWS.customBackends Add custom backends to ingress + ## @param ingressCollaborationWS.customBackends Add custom backends to ingress customBackends: [] annotations: + nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Can-Edit, X-User-Id" nginx.ingress.kubernetes.io/auth-url: https://impress.example.com/api/v1.0/documents/collaboration-auth/ - nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, Can-Edit, User-Id" nginx.ingress.kubernetes.io/enable-websocket: "true" - nginx.ingress.kubernetes.io/upstream-hash-by: "$request_uri" + nginx.ingress.kubernetes.io/proxy-read-timeout: "86400" + nginx.ingress.kubernetes.io/proxy-send-timeout: "86400" + nginx.ingress.kubernetes.io/upstream-hash-by: $arg_room + +## @param ingressCollaborationApi.enabled whether to enable the Ingress or not +## @param ingressCollaborationApi.className IngressClass to use for the Ingress +## @param ingressCollaborationApi.host Host for the Ingress +## @param ingressCollaborationApi.path Path to use for the Ingress +ingressCollaborationApi: + enabled: false + className: null + host: impress.example.com + path: /collaboration/api/ + ## @param ingress.hosts Additional host to configure for the Ingress + hosts: [] + # - chart-example.local + ## @param ingressCollaborationApi.tls.enabled Wether to enable TLS for the Ingress + ## @skip ingressCollaborationApi.tls.additional + ## @extra ingressCollaborationApi.tls.additional[].secretName Secret name for additional TLS config + ## @extra ingressCollaborationApi.tls.additional[].hosts[] Hosts for additional TLS config + tls: + enabled: true + additional: [] + + ## @param ingressCollaborationApi.customBackends Add custom backends to ingress + customBackends: [] + + annotations: + nginx.ingress.kubernetes.io/upstream-hash-by: $arg_room ## @param ingressAdmin.enabled whether to enable the Ingress or not ## @param ingressAdmin.className IngressClass to use for the Ingress