From a27651727853e80f9e006659a3afb58e95d79228 Mon Sep 17 00:00:00 2001 From: lebaudantoine Date: Mon, 23 Sep 2024 11:44:20 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=93=88(frontend)=20setup=20a=20reverse=20?= =?UTF-8?q?proxy=20for=20analytics?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Proxy analytics requests through our backend to minimize ad-blockers impact. I configured the Helm Charts following PostHog official documentation. --- src/helm/env.d/dev/values.meet.yaml.gotmpl | 5 + .../env.d/preprod/values.meet.yaml.gotmpl | 9 ++ .../env.d/production/values.meet.yaml.gotmpl | 9 ++ .../env.d/staging/values.meet.yaml.gotmpl | 9 ++ src/helm/meet/templates/_helpers.tpl | 9 ++ src/helm/meet/templates/ingress_posthog.yaml | 115 ++++++++++++++++++ .../meet/templates/posthog_assets_svc.yaml | 24 ++++ src/helm/meet/templates/posthog_svc.yaml | 24 ++++ src/helm/meet/values.yaml | 30 +++++ 9 files changed, 234 insertions(+) create mode 100644 src/helm/meet/templates/ingress_posthog.yaml create mode 100644 src/helm/meet/templates/posthog_assets_svc.yaml create mode 100644 src/helm/meet/templates/posthog_svc.yaml diff --git a/src/helm/env.d/dev/values.meet.yaml.gotmpl b/src/helm/env.d/dev/values.meet.yaml.gotmpl index 46519b41..ff09c264 100644 --- a/src/helm/env.d/dev/values.meet.yaml.gotmpl +++ b/src/helm/env.d/dev/values.meet.yaml.gotmpl @@ -95,3 +95,8 @@ ingress: ingressAdmin: enabled: true host: meet.127.0.0.1.nip.io + +posthog: + ingress: + enabled: false + diff --git a/src/helm/env.d/preprod/values.meet.yaml.gotmpl b/src/helm/env.d/preprod/values.meet.yaml.gotmpl index 382e1f93..7f4d70a8 100644 --- a/src/helm/env.d/preprod/values.meet.yaml.gotmpl +++ b/src/helm/env.d/preprod/values.meet.yaml.gotmpl @@ -125,3 +125,12 @@ ingressAdmin: cert-manager.io/cluster-issuer: letsencrypt-prod nginx.ingress.kubernetes.io/auth-signin: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/start nginx.ingress.kubernetes.io/auth-url: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/auth + +posthog: + ingress: + enabled: true + host: product.visio-preprod.beta.numerique.gouv.fr + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/upstream-vhost: eu.i.posthog.com + nginx.ingress.kubernetes.io/backend-protocol: https diff --git a/src/helm/env.d/production/values.meet.yaml.gotmpl b/src/helm/env.d/production/values.meet.yaml.gotmpl index b2ffe074..4e64e2bd 100644 --- a/src/helm/env.d/production/values.meet.yaml.gotmpl +++ b/src/helm/env.d/production/values.meet.yaml.gotmpl @@ -126,3 +126,12 @@ ingressAdmin: cert-manager.io/cluster-issuer: letsencrypt nginx.ingress.kubernetes.io/auth-signin: https://oauth2-proxy.beta.numerique.gouv.fr/oauth2/start nginx.ingress.kubernetes.io/auth-url: https://oauth2-proxy.beta.numerique.gouv.fr/oauth2/auth + +posthog: + ingress: + enabled: true + host: product.visio.numerique.gouv.fr + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/upstream-vhost: eu.i.posthog.com + nginx.ingress.kubernetes.io/backend-protocol: https diff --git a/src/helm/env.d/staging/values.meet.yaml.gotmpl b/src/helm/env.d/staging/values.meet.yaml.gotmpl index de1a4c90..340d4f39 100644 --- a/src/helm/env.d/staging/values.meet.yaml.gotmpl +++ b/src/helm/env.d/staging/values.meet.yaml.gotmpl @@ -137,3 +137,12 @@ ingressAdmin: - secretName: transitional-tls hosts: - {{ .Values.newDomain }} + +posthog: + ingress: + enabled: true + host: product.visio-staging.beta.numerique.gouv.fr + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/upstream-vhost: eu.i.posthog.com + nginx.ingress.kubernetes.io/backend-protocol: https diff --git a/src/helm/meet/templates/_helpers.tpl b/src/helm/meet/templates/_helpers.tpl index bbdf8f8a..94524e11 100644 --- a/src/helm/meet/templates/_helpers.tpl +++ b/src/helm/meet/templates/_helpers.tpl @@ -157,6 +157,15 @@ Requires top level scope {{ include "meet.fullname" . }}-webrtc {{- end }} +{{/* +Full name for the Posthog + +Requires top level scope +*/}} +{{- define "meet.posthog.fullname" -}} +{{ include "meet.fullname" . }}-posthog +{{- end }} + {{/* Usage : {{ include "meet.secret.dockerconfigjson.name" (dict "fullname" (include "meet.fullname" .) "imageCredentials" .Values.path.to.the.image1) }} */}} diff --git a/src/helm/meet/templates/ingress_posthog.yaml b/src/helm/meet/templates/ingress_posthog.yaml new file mode 100644 index 00000000..318892fb --- /dev/null +++ b/src/helm/meet/templates/ingress_posthog.yaml @@ -0,0 +1,115 @@ +{{- if .Values.posthog.ingress.enabled -}} +{{- $fullName := include "meet.fullname" . -}} +{{- if and .Values.posthog.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.posthog.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.posthog.ingress.annotations "kubernetes.io/ingress.class" .Values.posthog.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }}-posthog + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "meet.labels" . | nindent 4 }} + {{- with .Values.posthog.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.posthog.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.posthog.ingress.className }} + {{- end }} + {{- if .Values.posthog.ingress.tls.enabled }} + tls: + {{- if .Values.posthog.ingress.host }} + - secretName: {{ $fullName }}-posthog-tls + hosts: + - {{ .Values.posthog.ingress.host | quote }} + {{- end }} + {{- range .Values.posthog.ingress.tls.additional }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- if .Values.posthog.ingress.host }} + - host: {{ .Values.posthog.ingress.host | quote }} + http: + paths: + - path: {{ .Values.posthog.ingress.path }} + {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ include "meet.posthog.fullname" . }}-proxy + port: + number: {{ .Values.posthog.service.port }} + {{- else }} + serviceName: {{ include "meet.posthog.fullname" . }}-proxy + servicePort: {{ .Values.posthog.service.port }} + {{- end }} + - path: {{ .Values.posthog.ingress.pathAssets }} + {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ include "meet.posthog.fullname" . }}-assets-proxy + port: + number: {{ .Values.posthog.assetsService.port }} + {{- else }} + serviceName: {{ include "meet.posthog.fullname" . }} + servicePort: {{ .Values.posthog.assetsService.port }} + {{- end }} + {{- end }} + {{- range .Values.posthog.ingress.hosts }} + - host: {{ . | quote }} + http: + paths: + - path: {{ $.Values.posthog.ingress.path | quote }} + {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ include "meet.posthog.fullname" . }}-proxy + port: + number: {{ $.Values.posthog.service.port }} + {{- else }} + serviceName: {{ include "meet.posthog.fullname" . }}-proxy + servicePort: {{ $.Values.posthog.service.port }} + {{- end }} + - path: {{ .Values.posthog.ingress.pathAssets }} + {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ include "meet.posthog.fullname" . }}-assets-proxy + port: + number: {{ $.Values.posthog.assetsService.service.port }} + {{- else }} + serviceName: {{ include "meet.posthog.fullname" . }}-assets-proxy + servicePort: {{ $.Values.posthog.assetsService.service.port }} + {{- end }} + {{- with $.Values.posthog.assetsService.customBackends }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- end }} +{{- end }} + diff --git a/src/helm/meet/templates/posthog_assets_svc.yaml b/src/helm/meet/templates/posthog_assets_svc.yaml new file mode 100644 index 00000000..201a93b0 --- /dev/null +++ b/src/helm/meet/templates/posthog_assets_svc.yaml @@ -0,0 +1,24 @@ +{{- if .Values.posthog.ingress.enabled -}} +{{- $envVars := include "meet.common.env" (list . .Values.posthog) -}} +{{- $fullName := include "meet.posthog.fullname" . -}} +{{- $component := "posthog" -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ $fullName }}-assets-proxy + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "meet.common.labels" (list . $component) | nindent 4 }} + annotations: + {{- toYaml $.Values.posthog.assetsService.annotations | nindent 4 }} +spec: + type: {{ .Values.posthog.assetsService.type }} + externalName: {{ .Values.posthog.assetsService.externalName }} + ports: + - port: {{ .Values.posthog.assetsService.port }} + targetPort: {{ .Values.posthog.assetsService.targetPort }} + protocol: TCP + name: http + selector: + {{- include "meet.common.selectorLabels" (list . $component) | nindent 4 }} +{{- end }} diff --git a/src/helm/meet/templates/posthog_svc.yaml b/src/helm/meet/templates/posthog_svc.yaml new file mode 100644 index 00000000..67bac0c7 --- /dev/null +++ b/src/helm/meet/templates/posthog_svc.yaml @@ -0,0 +1,24 @@ +{{- if .Values.posthog.ingress.enabled -}} +{{- $envVars := include "meet.common.env" (list . .Values.posthog) -}} +{{- $fullName := include "meet.posthog.fullname" . -}} +{{- $component := "posthog" -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ $fullName }}-proxy + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "meet.common.labels" (list . $component) | nindent 4 }} + annotations: + {{- toYaml $.Values.posthog.service.annotations | nindent 4 }} +spec: + type: {{ .Values.posthog.service.type }} + externalName: {{ .Values.posthog.service.externalName }} + ports: + - port: {{ .Values.posthog.service.port }} + targetPort: {{ .Values.posthog.service.targetPort }} + protocol: TCP + name: https + selector: + {{- include "meet.common.selectorLabels" (list . $component) | nindent 4 }} +{{- end }} diff --git a/src/helm/meet/values.yaml b/src/helm/meet/values.yaml index 41e81e25..2363d9eb 100644 --- a/src/helm/meet/values.yaml +++ b/src/helm/meet/values.yaml @@ -263,3 +263,33 @@ frontend: ## @param frontend.extraVolumes Additional volumes to mount on the frontend. extraVolumes: [] + +## @section Posthog + +posthog: + + ingress: + enabled: false + className: null + host: meet.example.com + path: / + pathAssets: /static + hosts: [ ] + tls: + enabled: true + additional: [ ] + + customBackends: [ ] + annotations: {} + + service: + type: ExternalName + externalName: eu.i.posthog.com + port: 443 + annotations: {} + + assetsService: + type: ExternalName + externalName: eu-assets.i.posthog.com + port: 443 + annotations: {}