studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔧(helm) add ingress collaboration api

Browse Source 
We need to keep the stickyness between the
collaboration api and the ws server, to do so,
we will use "upstream-hash-by: $arg_room", meaning
that the stickyness will be based on the room query.
We need to ahve 2 ingress to handle the
"collaboration_auth", only the ws routes has to
use the "collaboration_auth" subrequest.
This commit is contained in:
Anthony LC
2024-12-03 15:19:26 +01:00
committed by Anthony LC
parent 932ab13d97
commit a902e31521
4 changed files with 138 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/helm/env.d/dev/values.impress.yaml.gotmpl
View File

@@ -8,7 +8,7 @@ backend:
envVars: envVars:
COLLABORATION_API_URL: https://impress.127.0.0.1.nip.io/collaboration/api/ COLLABORATION_API_URL: https://impress.127.0.0.1.nip.io/collaboration/api/
COLLABORATION_SERVER_SECRET: my-secret COLLABORATION_SERVER_SECRET: my-secret
DJANGO_CSRF_TRUSTED_ORIGINS: https://impress.127.0.0.1.nip.io,http://impress.127.0.0.1.nip.io DJANGO_CSRF_TRUSTED_ORIGINS: https://impress.127.0.0.1.nip.io
DJANGO_CONFIGURATION: Feature DJANGO_CONFIGURATION: Feature
DJANGO_ALLOWED_HOSTS: impress.127.0.0.1.nip.io DJANGO_ALLOWED_HOSTS: impress.127.0.0.1.nip.io
DJANGO_SECRET_KEY: {{ .Values.djangoSecretKey }} DJANGO_SECRET_KEY: {{ .Values.djangoSecretKey }}
@@ -28,7 +28,9 @@ backend:
OIDC_RP_CLIENT_ID: {{ .Values.oidc.clientId }} OIDC_RP_CLIENT_ID: {{ .Values.oidc.clientId }}
OIDC_RP_CLIENT_SECRET: {{ .Values.oidc.clientSecret }} OIDC_RP_CLIENT_SECRET: {{ .Values.oidc.clientSecret }}
OIDC_RP_SIGN_ALGO: RS256 OIDC_RP_SIGN_ALGO: RS256
OIDC_RP_SCOPES: "openid email" OIDC_RP_SCOPES: "openid email given_name usual_name"
USER_OIDC_FIELD_TO_SHORTNAME: "given_name"
USER_OIDC_FIELDS_TO_FULLNAME: "given_name,usual_name"
OIDC_REDIRECT_ALLOWED_HOSTS: https://impress.127.0.0.1.nip.io OIDC_REDIRECT_ALLOWED_HOSTS: https://impress.127.0.0.1.nip.io
OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
LOGIN_REDIRECT_URL: https://impress.127.0.0.1.nip.io LOGIN_REDIRECT_URL: https://impress.127.0.0.1.nip.io
@@ -77,8 +79,6 @@ frontend:
envVars: envVars:
PORT: 8080 PORT: 8080
NEXT_PUBLIC_API_ORIGIN: https://impress.127.0.0.1.nip.io NEXT_PUBLIC_API_ORIGIN: https://impress.127.0.0.1.nip.io
NEXT_PUBLIC_Y_PROVIDER_URL: wss://impress.127.0.0.1.nip.io/ws
NEXT_PUBLIC_MEDIA_URL: https://impress.127.0.0.1.nip.io
replicas: 1 replicas: 1
command: command:
@@ -107,15 +107,16 @@ ingress:
enabled: true enabled: true
host: impress.127.0.0.1.nip.io host: impress.127.0.0.1.nip.io
ingressWS: ingressCollaborationWS:
enabled: true enabled: true
host: impress.127.0.0.1.nip.io host: impress.127.0.0.1.nip.io
annotations: annotations:
nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, Can-Edit, User-Id"
nginx.ingress.kubernetes.io/auth-url: https://impress.127.0.0.1.nip.io/api/v1.0/documents/collaboration-auth/ nginx.ingress.kubernetes.io/auth-url: https://impress.127.0.0.1.nip.io/api/v1.0/documents/collaboration-auth/
nginx.ingress.kubernetes.io/enable-websocket: "true"
nginx.ingress.kubernetes.io/upstream-hash-by: "$request_uri" ingressCollaborationApi:
enabled: true
host: impress.127.0.0.1.nip.io
ingressAdmin: ingressAdmin:
enabled: true enabled: true

72
src/helm/impress/templates/ingress_collaboration_api.yaml Normal file
View File

@@ -0,0 +1,72 @@
{{- if .Values.ingressCollaborationApi.enabled -}}
{{- $fullName := include "impress.fullname" . -}}
{{- if and .Values.ingressCollaborationApi.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingressCollaborationApi.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingressCollaborationApi.annotations "kubernetes.io/ingress.class" .Values.ingressCollaborationApi.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}-collaboration-api
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "impress.labels" . | nindent 4 }}
{{- with .Values.ingressCollaborationApi.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingressCollaborationApi.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingressCollaborationApi.className }}
{{- end }}
{{- if .Values.ingressCollaborationApi.tls.enabled }}
tls:
{{- if .Values.ingressCollaborationApi.host }}
- secretName: {{ $fullName }}-tls
hosts:
- {{ .Values.ingressCollaborationApi.host | quote }}
{{- end }}
{{- range .Values.ingressCollaborationApi.tls.additional }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- if .Values.ingressCollaborationApi.host }}
- host: {{ .Values.ingressCollaborationApi.host | quote }}
http:
paths:
- path: {{ .Values.ingressCollaborationApi.path | quote }}
{{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
pathType: ImplementationSpecific
{{- end }}
backend:
service:
name: {{ include "impress.yProvider.fullname" . }}
port:
number: {{ .Values.yProvider.service.port }}
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ include "impress.yProvider.fullname" . }}
port:
number: {{ .Values.yProvider.service.port }}
{{- else }}
serviceName: {{ include "impress.yProvider.fullname" . }}
servicePort: {{ .Values.yProvider.service.port }}
{{- end }}
{{- with .Values.ingressCollaborationApi.customBackends }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- end }}

30
src/helm/impress/templates/ingress_ws.yaml → src/helm/impress/templates/ingress_collaboration_ws.yaml
View File

@@ -1,8 +1,8 @@
{{- if .Values.ingressWS.enabled -}} {{- if .Values.ingressCollaborationWS.enabled -}}
{{- $fullName := include "impress.fullname" . -}} {{- $fullName := include "impress.fullname" . -}}
{{- if and .Values.ingressWS.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} {{- if and .Values.ingressCollaborationWS.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingressWS.annotations "kubernetes.io/ingress.class") }} {{- if not (hasKey .Values.ingressCollaborationWS.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingressWS.annotations "kubernetes.io/ingress.class" .Values.ingressWS.className}} {{- $_ := set .Values.ingressCollaborationWS.annotations "kubernetes.io/ingress.class" .Values.ingressCollaborationWS.className}}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
@@ -18,22 +18,22 @@ metadata:
namespace: {{ .Release.Namespace | quote }} namespace: {{ .Release.Namespace | quote }}
labels: labels:
{{- include "impress.labels" . | nindent 4 }} {{- include "impress.labels" . | nindent 4 }}
{{- with .Values.ingressWS.annotations }} {{- with .Values.ingressCollaborationWS.annotations }}
annotations: annotations:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
spec: spec:
{{- if and .Values.ingressWS.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} {{- if and .Values.ingressCollaborationWS.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingressWS.className }} ingressClassName: {{ .Values.ingressCollaborationWS.className }}
{{- end }} {{- end }}
{{- if .Values.ingressWS.tls.enabled }} {{- if .Values.ingressCollaborationWS.tls.enabled }}
tls: tls:
{{- if .Values.ingressWS.host }} {{- if .Values.ingressCollaborationWS.host }}
- secretName: {{ $fullName }}-tls - secretName: {{ $fullName }}-tls
hosts: hosts:
- {{ .Values.ingressWS.host | quote }} - {{ .Values.ingressCollaborationWS.host | quote }}
{{- end }} {{- end }}
{{- range .Values.ingressWS.tls.additional }} {{- range .Values.ingressCollaborationWS.tls.additional }}
- hosts: - hosts:
{{- range .hosts }} {{- range .hosts }}
- {{ . | quote }} - {{ . | quote }}
@@ -42,11 +42,11 @@ spec:
{{- end }} {{- end }}
{{- end }} {{- end }}
rules: rules:
{{- if .Values.ingressWS.host }} {{- if .Values.ingressCollaborationWS.host }}
- host: {{ .Values.ingressWS.host | quote }} - host: {{ .Values.ingressCollaborationWS.host | quote }}
http: http:
paths: paths:
- path: {{ .Values.ingressWS.path | quote }} - path: {{ .Values.ingressCollaborationWS.path | quote }}
{{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
pathType: ImplementationSpecific pathType: ImplementationSpecific
{{- end }} {{- end }}
@@ -64,7 +64,7 @@ spec:
serviceName: {{ include "impress.yProvider.fullname" . }} serviceName: {{ include "impress.yProvider.fullname" . }}
servicePort: {{ .Values.yProvider.service.port }} servicePort: {{ .Values.yProvider.service.port }}
{{- end }} {{- end }}
{{- with .Values.ingressWS.customBackends }} {{- with .Values.ingressCollaborationWS.customBackends }}
{{- toYaml . | nindent 10 }} {{- toYaml . | nindent 10 }}
{{- end }} {{- end }}
{{- end }} {{- end }}

54
src/helm/impress/values.yaml
View File

@@ -48,34 +48,62 @@ ingress:
## @param ingress.customBackends Add custom backends to ingress ## @param ingress.customBackends Add custom backends to ingress
customBackends: [] customBackends: []
## @param ingressWS.enabled whether to enable the Ingress or not ## @param ingressCollaborationWS.enabled whether to enable the Ingress or not
## @param ingressWS.className IngressClass to use for the Ingress ## @param ingressCollaborationWS.className IngressClass to use for the Ingress
## @param ingressWS.host Host for the Ingress ## @param ingressCollaborationWS.host Host for the Ingress
## @param ingressWS.path Path to use for the Ingress ## @param ingressCollaborationWS.path Path to use for the Ingress
ingressWS: ingressCollaborationWS:
enabled: false enabled: false
className: null className: null
host: impress.example.com host: impress.example.com
path: /ws path: /collaboration/ws/
## @param ingress.hosts Additional host to configure for the Ingress ## @param ingress.hosts Additional host to configure for the Ingress
hosts: [] hosts: []
# - chart-example.local # - chart-example.local
## @param ingressWS.tls.enabled Wether to enable TLS for the Ingress ## @param ingressCollaborationWS.tls.enabled Wether to enable TLS for the Ingress
## @skip ingressWS.tls.additional ## @skip ingressCollaborationWS.tls.additional
## @extra ingressWS.tls.additional[].secretName Secret name for additional TLS config ## @extra ingressCollaborationWS.tls.additional[].secretName Secret name for additional TLS config
## @extra ingressWS.tls.additional[].hosts[] Hosts for additional TLS config ## @extra ingressCollaborationWS.tls.additional[].hosts[] Hosts for additional TLS config
tls: tls:
enabled: true enabled: true
additional: [] additional: []
## @param ingressWS.customBackends Add custom backends to ingress ## @param ingressCollaborationWS.customBackends Add custom backends to ingress
customBackends: [] customBackends: []
annotations: annotations:
nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Can-Edit, X-User-Id"
nginx.ingress.kubernetes.io/auth-url: https://impress.example.com/api/v1.0/documents/collaboration-auth/ nginx.ingress.kubernetes.io/auth-url: https://impress.example.com/api/v1.0/documents/collaboration-auth/
nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, Can-Edit, User-Id"
nginx.ingress.kubernetes.io/enable-websocket: "true" nginx.ingress.kubernetes.io/enable-websocket: "true"
nginx.ingress.kubernetes.io/upstream-hash-by: "$request_uri" nginx.ingress.kubernetes.io/proxy-read-timeout: "86400"
nginx.ingress.kubernetes.io/proxy-send-timeout: "86400"
nginx.ingress.kubernetes.io/upstream-hash-by: $arg_room
## @param ingressCollaborationApi.enabled whether to enable the Ingress or not
## @param ingressCollaborationApi.className IngressClass to use for the Ingress
## @param ingressCollaborationApi.host Host for the Ingress
## @param ingressCollaborationApi.path Path to use for the Ingress
ingressCollaborationApi:
enabled: false
className: null
host: impress.example.com
path: /collaboration/api/
## @param ingress.hosts Additional host to configure for the Ingress
hosts: []
# - chart-example.local
## @param ingressCollaborationApi.tls.enabled Wether to enable TLS for the Ingress
## @skip ingressCollaborationApi.tls.additional
## @extra ingressCollaborationApi.tls.additional[].secretName Secret name for additional TLS config
## @extra ingressCollaborationApi.tls.additional[].hosts[] Hosts for additional TLS config
tls:
enabled: true
additional: []
## @param ingressCollaborationApi.customBackends Add custom backends to ingress
customBackends: []
annotations:
nginx.ingress.kubernetes.io/upstream-hash-by: $arg_room
## @param ingressAdmin.enabled whether to enable the Ingress or not ## @param ingressAdmin.enabled whether to enable the Ingress or not
## @param ingressAdmin.className IngressClass to use for the Ingress ## @param ingressAdmin.className IngressClass to use for the Ingress