From 6394862081c9021f1e3c337d57c55140d32ee672 Mon Sep 17 00:00:00 2001
From: Tamas Levai <levait@tmit.bme.hu>
Date: Mon, 7 Oct 2024 20:02:12 +0200
Subject: [PATCH] Use Ingress for wss:// connections

---
 .github/workflows/deploy-gke.yaml             |  2 +-
 .../templates/mediaserver.yaml                |  6 +--
 .../webrtc-observer-org/templates/webapp.yaml | 39 +++++++++----------
 3 files changed, 23 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/deploy-gke.yaml b/.github/workflows/deploy-gke.yaml
index 078d919..b16ae97 100644
--- a/.github/workflows/deploy-gke.yaml
+++ b/.github/workflows/deploy-gke.yaml
@@ -31,7 +31,7 @@ jobs:
         cd webapp
         docker build \
           --tag docker.io/levaitamas/webrtc-observer-webapp \
-          --build-arg host="wss://webrtc-observer.org:9081" \
+          --build-arg host="wss://webrtc-observer.org:443" \
           .
         cd ../media-server
         docker build \
diff --git a/charts/webrtc-observer-org/templates/mediaserver.yaml b/charts/webrtc-observer-org/templates/mediaserver.yaml
index 8980b4b..de84f8b 100644
--- a/charts/webrtc-observer-org/templates/mediaserver.yaml
+++ b/charts/webrtc-observer-org/templates/mediaserver.yaml
@@ -47,10 +47,10 @@ metadata:
   labels:
     app: mediaserver
 spec:
-  type: LoadBalancer
-  loadBalancerIP: {{ .Values.publicIP }}
+  type: ClusterIP
   ports:
-  - port: 9081
+  - port: 443
+    targetPort: 9081
     protocol: TCP
     name: mediaserver-ws
   selector:
diff --git a/charts/webrtc-observer-org/templates/webapp.yaml b/charts/webrtc-observer-org/templates/webapp.yaml
index 2fd7e32..f74a80c 100644
--- a/charts/webrtc-observer-org/templates/webapp.yaml
+++ b/charts/webrtc-observer-org/templates/webapp.yaml
@@ -53,30 +53,29 @@ metadata:
   annotations:
     kubernetes.io/ingress.global-static-ip-name: webrtc-observer-org
     cert-manager.io/cluster-issuer: letsencrypt-prod
-    # nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
-    # nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
-    # nginx.org/websocket-services: "mediaserver-ws"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
+    nginx.org/websocket-services: "mediaserver-ws"
 spec:
   ingressClassName: nginx
   tls:
     - hosts:
         - {{ .Values.domain }}
       secretName: webapp-tls
+  defaultBackend:
+    service:
+      name: webapp
+      port:
+        number: 80
   rules:
-  - host: {{ .Values.domain }}
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: webapp
-            port:
-              number: 80
-      # - path: /
-      #   pathType: Prefix
-      #   backend:
-      #     service:
-      #       name: mediaserver-ws
-      #       port:
-      #         number: 9081
+    - host: {{ .Values.domain }}
+      http:
+        paths:
+        - path: /*
+          pathType: ImplementationSpecific
+          backend:
+            service:
+              name: mediaserver-ws
+              port:
+                number: 443