tea/browsertrix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ingress: simplify ingress config: (fixes #1135) (#1146)

Browse Source 
* ingress: simplify ingress config: (fixes #1135)
- use standard Prefix pathTypes
- remove nginx-specific rewriting
- remove 'scheme', use https/http based on 'tls' setting (in ingress and configmap)
- fix signing ingress to use ingressClassName
This commit is contained in:
Ilya Kreymer 2023-09-07 09:51:48 -07:00 committed by GitHub
parent d2ededc895
commit 2967f1e320
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
chart/templates/configmap.yaml
View File

@ -6,7 +6,7 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
data: data:
APP_ORIGIN: {{.Values.ingress.scheme }}://{{ .Values.ingress.host | default "localhost:9870" }} APP_ORIGIN: {{ .Values.ingress.tls | ternary "https" "http" }}://{{ .Values.ingress.host | default "localhost:9870" }}
CRON_NAMESPACE: {{ .Release.Namespace }} CRON_NAMESPACE: {{ .Release.Namespace }}

18
chart/templates/ingress.yaml
View File

@ -8,9 +8,6 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
annotations: annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
# cors enabled via backend directly on allowed paths
#nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-request-buffering: "off" nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
nginx.ingress.kubernetes.io/proxy-buffering: "off" nginx.ingress.kubernetes.io/proxy-buffering: "off"
@ -19,7 +16,7 @@ metadata:
{{- end }} {{- end }}
nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.ingress.host }}" nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.ingress.host }}"
nginx.ingress.kubernetes.io/configuration-snippet: | nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header X-Forwarded-Proto {{ .Values.ingress.scheme | default "https" }}; proxy_set_header X-Forwarded-Proto {{ .Values.ingress.tls | ternary "https" "http" }};
spec: spec:
ingressClassName: {{ .Values.ingress_class | default "nginx" }} ingressClassName: {{ .Values.ingress_class | default "nginx" }}
@ -34,16 +31,16 @@ spec:
- host: {{ .Values.ingress.host }} - host: {{ .Values.ingress.host }}
http: http:
paths: paths:
- path: /(api/.*) - path: /api/
pathType: ImplementationSpecific pathType: Prefix
backend: backend:
service: service:
name: browsertrix-cloud-backend name: browsertrix-cloud-backend
port: port:
number: 8000 number: 8000
- path: /(.*) - path: /
pathType: ImplementationSpecific pathType: Prefix
backend: backend:
service: service:
name: browsertrix-cloud-frontend name: browsertrix-cloud-frontend
@ -59,17 +56,16 @@ metadata:
name: ingress-authsign name: ingress-authsign
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
annotations: annotations:
kubernetes.io/ingress.class: {{ .Values.ingress_class | default "nginx" }}
nginx.ingress.kubernetes.io/ssl-redirect: "false" nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.signer.host }}" nginx.ingress.kubernetes.io/upstream-vhost: "{{ .Values.signer.host }}"
spec: spec:
ingressClassName: {{ .Values.ingress_class | default "nginx" }}
rules: rules:
- host: {{ .Values.signer.host }} - host: {{ .Values.signer.host }}
http: http:
paths: paths:
- path: /(.*) - path: /
pathType: Prefix pathType: Prefix
backend: backend:
service: service:

1
chart/values.yaml
View File

@ -292,7 +292,6 @@ email:
ingress: ingress:
#host: "" #host: ""
cert_email: "test@example.com" cert_email: "test@example.com"
scheme: "http"
tls: false tls: false
ingress_class: nginx ingress_class: nginx