From 2967f1e32019261b93b6cb52f8786eff8c721028 Mon Sep 17 00:00:00 2001 From: Ilya Kreymer Date: Thu, 7 Sep 2023 09:51:48 -0700 Subject: [PATCH] ingress: simplify ingress config: (fixes #1135) (#1146) * ingress: simplify ingress config: (fixes #1135) - use standard Prefix pathTypes - remove nginx-specific rewriting - remove 'scheme', use https/http based on 'tls' setting (in ingress and configmap) - fix signing ingress to use ingressClassName --- chart/templates/configmap.yaml | 2 +- chart/templates/ingress.yaml | 18 +++++++----------- chart/values.yaml | 1 - 3 files changed, 8 insertions(+), 13 deletions(-) diff --git a/chart/templates/configmap.yaml b/chart/templates/configmap.yaml index fae1d0a9..1abef6e3 100644 --- a/chart/templates/configmap.yaml +++ b/chart/templates/configmap.yaml @@ -6,7 +6,7 @@ metadata: namespace: {{ .Release.Namespace }} data: - APP_ORIGIN: {{.Values.ingress.scheme }}://{{ .Values.ingress.host | default "localhost:9870" }} + APP_ORIGIN: {{ .Values.ingress.tls | ternary "https" "http" }}://{{ .Values.ingress.host | default "localhost:9870" }} CRON_NAMESPACE: {{ .Release.Namespace }} diff --git a/chart/templates/ingress.yaml b/chart/templates/ingress.yaml index f4fdadb2..d759b6a7 100644 --- a/chart/templates/ingress.yaml +++ b/chart/templates/ingress.yaml @@ -8,9 +8,6 @@ metadata: namespace: {{ .Release.Namespace }} annotations: nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/rewrite-target: /$1 - # cors enabled via backend directly on allowed paths - #nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-request-buffering: "off" nginx.ingress.kubernetes.io/proxy-buffering: "off" @@ -19,7 +16,7 @@ metadata: {{- end }} nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.ingress.host }}" nginx.ingress.kubernetes.io/configuration-snippet: | - proxy_set_header X-Forwarded-Proto {{ .Values.ingress.scheme | default "https" }}; + proxy_set_header X-Forwarded-Proto {{ .Values.ingress.tls | ternary "https" "http" }}; spec: ingressClassName: {{ .Values.ingress_class | default "nginx" }} @@ -34,16 +31,16 @@ spec: - host: {{ .Values.ingress.host }} http: paths: - - path: /(api/.*) - pathType: ImplementationSpecific + - path: /api/ + pathType: Prefix backend: service: name: browsertrix-cloud-backend port: number: 8000 - - path: /(.*) - pathType: ImplementationSpecific + - path: / + pathType: Prefix backend: service: name: browsertrix-cloud-frontend @@ -59,17 +56,16 @@ metadata: name: ingress-authsign namespace: {{ .Release.Namespace }} annotations: - kubernetes.io/ingress.class: {{ .Values.ingress_class | default "nginx" }} nginx.ingress.kubernetes.io/ssl-redirect: "false" - nginx.ingress.kubernetes.io/rewrite-target: /$1 nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.signer.host }}" spec: + ingressClassName: {{ .Values.ingress_class | default "nginx" }} rules: - host: {{ .Values.signer.host }} http: paths: - - path: /(.*) + - path: / pathType: Prefix backend: service: diff --git a/chart/values.yaml b/chart/values.yaml index e0aff8fc..7927ab29 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -292,7 +292,6 @@ email: ingress: #host: "" cert_email: "test@example.com" - scheme: "http" tls: false ingress_class: nginx