From e4c7bc08264a6a8cdef611ff48d48d775807d483 Mon Sep 17 00:00:00 2001
From: lebaudantoine <lebaud.antoine131@gmail.com>
Date: Wed, 25 Sep 2024 10:28:14 +0200
Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F(helm)=20separate=20PostHog?=
 =?UTF-8?q?=20ingress?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Based on feedback from @rouja, I've updated the Helm configuration for PostHog
to use separate ingress resources for each service. Although the documentation
suggests sharing the same ingress, the services have different externalName
values, which conflicts with the use of a vhost in the ingress annotations.
This change ensures proper service redirection by aligning each service with
its own ingress.
---
 src/helm/env.d/dev/values.meet.yaml.gotmpl    |  3 +
 .../env.d/production/values.meet.yaml.gotmpl  |  8 ++
 .../env.d/staging/values.meet.yaml.gotmpl     |  8 ++
 src/helm/meet/templates/ingress_posthog.yaml  | 28 ------
 .../templates/ingress_posthog_assets.yaml     | 87 +++++++++++++++++++
 .../meet/templates/posthog_assets_svc.yaml    |  2 +-
 src/helm/meet/values.yaml                     | 14 ++-
 7 files changed, 120 insertions(+), 30 deletions(-)
 create mode 100644 src/helm/meet/templates/ingress_posthog_assets.yaml

diff --git a/src/helm/env.d/dev/values.meet.yaml.gotmpl b/src/helm/env.d/dev/values.meet.yaml.gotmpl
index a53d446e..ab10c245 100644
--- a/src/helm/env.d/dev/values.meet.yaml.gotmpl
+++ b/src/helm/env.d/dev/values.meet.yaml.gotmpl
@@ -102,3 +102,6 @@ posthog:
   ingress:
     enabled: false
 
+  ingressAssets:
+    enabled: false
+
diff --git a/src/helm/env.d/production/values.meet.yaml.gotmpl b/src/helm/env.d/production/values.meet.yaml.gotmpl
index d2b10543..e7a0c633 100644
--- a/src/helm/env.d/production/values.meet.yaml.gotmpl
+++ b/src/helm/env.d/production/values.meet.yaml.gotmpl
@@ -138,3 +138,11 @@ posthog:
       kubernetes.io/ingress.class: nginx
       nginx.ingress.kubernetes.io/upstream-vhost: eu.i.posthog.com
       nginx.ingress.kubernetes.io/backend-protocol: https
+
+  ingressAssets:
+    enabled: true
+    host: product.visio.numerique.gouv.fr
+    annotations:
+      kubernetes.io/ingress.class: nginx
+      nginx.ingress.kubernetes.io/upstream-vhost: eu-assets.i.posthog.com
+      nginx.ingress.kubernetes.io/backend-protocol: https
diff --git a/src/helm/env.d/staging/values.meet.yaml.gotmpl b/src/helm/env.d/staging/values.meet.yaml.gotmpl
index 87caeecd..96e4f80e 100644
--- a/src/helm/env.d/staging/values.meet.yaml.gotmpl
+++ b/src/helm/env.d/staging/values.meet.yaml.gotmpl
@@ -148,3 +148,11 @@ posthog:
       kubernetes.io/ingress.class: nginx
       nginx.ingress.kubernetes.io/upstream-vhost: eu.i.posthog.com
       nginx.ingress.kubernetes.io/backend-protocol: https
+
+  ingressAssets:
+    enabled: true
+    host: product.visio-staging.beta.numerique.gouv.fr
+    annotations:
+      kubernetes.io/ingress.class: nginx
+      nginx.ingress.kubernetes.io/upstream-vhost: eu-assets.i.posthog.com
+      nginx.ingress.kubernetes.io/backend-protocol: https
diff --git a/src/helm/meet/templates/ingress_posthog.yaml b/src/helm/meet/templates/ingress_posthog.yaml
index 318892fb..5707c7d7 100644
--- a/src/helm/meet/templates/ingress_posthog.yaml
+++ b/src/helm/meet/templates/ingress_posthog.yaml
@@ -60,20 +60,6 @@ spec:
               serviceName: {{ include "meet.posthog.fullname" . }}-proxy
               servicePort: {{ .Values.posthog.service.port }}
             {{- end }}
-          - path: {{ .Values.posthog.ingress.pathAssets }}
-            {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
-            pathType: Prefix
-            {{- end }}
-            backend:
-              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
-              service:
-                name: {{ include "meet.posthog.fullname" . }}-assets-proxy
-                port:
-                  number: {{ .Values.posthog.assetsService.port }}
-              {{- else }}
-              serviceName: {{ include "meet.posthog.fullname" . }}
-              servicePort: {{ .Values.posthog.assetsService.port }}
-            {{- end }}
     {{- end }}
     {{- range .Values.posthog.ingress.hosts }}
     - host: {{ . | quote }}
@@ -93,20 +79,6 @@ spec:
               serviceName: {{ include "meet.posthog.fullname" . }}-proxy
               servicePort: {{ $.Values.posthog.service.port }}
           {{- end }}
-          - path: {{ .Values.posthog.ingress.pathAssets }}
-          {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
-            pathType: Prefix
-          {{- end }}
-            backend:
-            {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
-              service:
-                name: {{ include "meet.posthog.fullname" . }}-assets-proxy
-                port:
-                  number: {{ $.Values.posthog.assetsService.service.port }}
-            {{- else }}
-              serviceName: {{ include "meet.posthog.fullname" . }}-assets-proxy
-              servicePort: {{ $.Values.posthog.assetsService.service.port }}
-          {{- end }}
         {{- with $.Values.posthog.assetsService.customBackends }}
           {{- toYaml . | nindent 10 }}
         {{- end }}
diff --git a/src/helm/meet/templates/ingress_posthog_assets.yaml b/src/helm/meet/templates/ingress_posthog_assets.yaml
new file mode 100644
index 00000000..224dbbf4
--- /dev/null
+++ b/src/helm/meet/templates/ingress_posthog_assets.yaml
@@ -0,0 +1,87 @@
+{{- if .Values.posthog.ingressAssets.enabled -}}
+{{- $fullName := include "meet.fullname" . -}}
+{{- if and .Values.posthog.ingressAssets.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.posthog.ingressAssets.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.posthog.ingressAssets.annotations "kubernetes.io/ingress.class" .Values.posthog.ingressAssets.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-posthog-assets
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "meet.labels" . | nindent 4 }}
+  {{- with .Values.posthog.ingressAssets.annotations }}
+  annotations:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.posthog.ingressAssets.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.posthog.ingressAssets.className }}
+  {{- end }}
+  {{- if .Values.posthog.ingressAssets.tls.enabled }}
+  tls:
+    {{- if .Values.posthog.ingressAssets.host }}
+    - secretName: {{ $fullName }}-posthog-tls
+      hosts:
+        - {{ .Values.posthog.ingressAssets.host | quote }}
+    {{- end }}
+    {{- range .Values.posthog.ingressAssets.tls.additional }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- if .Values.posthog.ingressAssets.host }}
+    - host: {{ .Values.posthog.ingressAssets.host | quote }}
+      http:
+        paths:
+          - path: {{ .Values.posthog.ingressAssets.path }}
+            {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
+            pathType: Prefix
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ include "meet.posthog.fullname" . }}-assets-proxy
+                port:
+                  number: {{ .Values.posthog.assetsService.port }}
+              {{- else }}
+              serviceName: {{ include "meet.posthog.fullname" . }}
+              servicePort: {{ .Values.posthog.assetsService.port }}
+            {{- end }}
+    {{- end }}
+    {{- range .Values.posthog.ingressAssets.hosts }}
+    - host: {{ . | quote }}
+      http:
+        paths:
+          - path: {{ $.Values.posthog.ingressAssets.path | quote }}
+          {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
+            pathType: Prefix
+          {{- end }}
+            backend:
+            {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ include "meet.posthog.fullname" . }}-assets-proxy
+                port:
+                  number: {{ $.Values.posthog.assetsService.service.port }}
+            {{- else }}
+              serviceName: {{ include "meet.posthog.fullname" . }}-assets-proxy
+              servicePort: {{ $.Values.posthog.assetsService.service.port }}
+          {{- end }}
+        {{- with $.Values.posthog.assetsService.customBackends }}
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+
diff --git a/src/helm/meet/templates/posthog_assets_svc.yaml b/src/helm/meet/templates/posthog_assets_svc.yaml
index 201a93b0..c1e74d8e 100644
--- a/src/helm/meet/templates/posthog_assets_svc.yaml
+++ b/src/helm/meet/templates/posthog_assets_svc.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.posthog.ingress.enabled -}}
+{{- if .Values.posthog.ingressAssets.enabled -}}
 {{- $envVars := include "meet.common.env" (list . .Values.posthog) -}}
 {{- $fullName := include "meet.posthog.fullname" . -}}
 {{- $component := "posthog" -}}
diff --git a/src/helm/meet/values.yaml b/src/helm/meet/values.yaml
index 2363d9eb..5d077c1c 100644
--- a/src/helm/meet/values.yaml
+++ b/src/helm/meet/values.yaml
@@ -273,7 +273,19 @@ posthog:
     className: null
     host: meet.example.com
     path: /
-    pathAssets: /static
+    hosts: [ ]
+    tls:
+      enabled: true
+      additional: [ ]
+
+    customBackends: [ ]
+    annotations: {}
+
+  ingressAssets:
+    enabled: false
+    className: null
+    host: meet.example.com
+    path: /static
     hosts: [ ]
     tls:
       enabled: true