Skip to content

Commit

Permalink
Add a reverse proxy sidecar
Browse files Browse the repository at this point in the history
  • Loading branch information
@wkmor1
wkmor1 committed Sep 5, 2024
1 parent 8813bf5 commit 52990c9
Show file tree
Hide file tree
Showing 4 changed files with 124 additions and 21 deletions.
4 changes: 4 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,3 +48,7 @@ vignettes/*.pdf
# Prerendered shiny content
index.html
/index_files/

# Certs
tls.crt
tls.key
35 changes: 35 additions & 0 deletions default.conf.template
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}

server {
listen ${PROXY_PORT} ssl;

ssl_session_timeout 5m;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

ssl_certificate /etc/ssl/tls.crt;
ssl_certificate_key /etc/ssl/tls.key;

location / {

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:${APP_PORT};
proxy_read_timeout 20d;
proxy_buffering off;

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;

proxy_redirect / $scheme://$host/;

}

}
32 changes: 23 additions & 9 deletions oc-process.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,38 +38,46 @@ elif [ $i = "config" ]; then

ITEM=".items[1]"

elif [ $i = "secrets" ]; then
elif [ $i = "nginx-config" ]; then

ITEM=".items[2]"

elif [ $i = "deploy-app" ]; then
elif [ $i = "secrets" ]; then

ITEM=".items[3]"

elif [ $i = "deploy-api" ]; then
elif [ $i = "nginx-secrets" ]; then

ITEM=".items[4]"

elif [ $i = "deploy-db" ]; then
elif [ $i = "deploy-app" ]; then

ITEM=".items[5]"

elif [ $i = "service-app" ]; then
elif [ $i = "deploy-api" ]; then

ITEM=".items[6]"

elif [ $i = "service-api" ]; then
elif [ $i = "deploy-db" ]; then

ITEM=".items[7]"

elif [ $i = "service-db" ]; then
elif [ $i = "service-app" ]; then

ITEM=".items[8]"

elif [ $i = "route" ]; then
elif [ $i = "service-api" ]; then

ITEM=".items[9]"

elif [ $i = "service-db" ]; then

ITEM=".items[10]"

elif [ $i = "route" ]; then

ITEM=".items[11]"

elif [ $i = "all" ]; then

ITEM=""
Expand All @@ -82,6 +90,9 @@ else
fi

DB_PASSWORD=$(echo -n $DB_PASSWORD | base64)
NGINX_TEMPLATE=$(cat default.conf.template)
TLS_CRT=$(cat tls.crt | base64)
TLS_KEY=$(cat tls.key | base64)

echo "# $(oc project finbif-dashboard)"

Expand All @@ -95,4 +106,7 @@ oc process -f $f \
-p ERROR_EMAIL_TO="$ERROR_EMAIL_TO" \
-p ERROR_EMAIL_FROM="$ERROR_EMAIL_FROM" \
-p MEMORY="$MEMORY" \
| jq $ITEM
-p NGINX_TEMPLATE="$NGINX_TEMPLATE" \
-p TLS_CRT="$TLS_CRT" \
-p TLS_KEY="$TLS_KEY" \
| jq $ITEM
74 changes: 62 additions & 12 deletions template.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@ parameters:
- name: API_PORT
required: true
value: "8000"
- name: PROXY_PORT
required: true
value: "8080"
- name: DB
required: true
value: postgres
Expand All @@ -46,6 +49,12 @@ parameters:
value: /pgdata
- name: DB_PASSWORD
required: true
- name: NGINX_TEMPLATE
required: true
- name: TLS_CRT
required: true
- name: TLS_KEY
required: true
- name: FINBIF_PRIVATE_API
required: true
- name: HOST
Expand Down Expand Up @@ -98,13 +107,27 @@ objects:
db_port: ${DB_PORT}
app_port: ${APP_PORT}
api_port: ${API_PORT}
- kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-template-${BRANCH}
data:
default.conf.template: ${NGINX_TEMPLATE}
- kind: Secret
apiVersion: v1
metadata:
name: ${APP}-${BRANCH}
type: Opaque
data:
db_password: ${DB_PASSWORD}
- kind: Secret
apiVersion: v1
metadata:
name: tls-${BRANCH}
type: kubernetes.io/tls
data:
tls.crt: ${TLS_CRT}
tls.key: ${TLS_KEY}
- kind: Deployment
apiVersion: apps/v1
metadata:
Expand All @@ -123,9 +146,37 @@ objects:
labels:
app: ${APP}
branch: ${BRANCH}
port: ${APP_PORT}
port: ${PROXY_PORT}
spec:
volumes:
- name: tls-${BRANCH}
secret:
secretName: tls-${BRANCH}
- name: nginx-template-${BRANCH}
configMap:
name: nginx-template-${BRANCH}
containers:
- image: nginxinc/nginx-unprivileged:1.27.1
imagePullPolicy: Always
name: nginx-${BRANCH}
env:
- name: PROXY_PORT
value: ${PROXY_PORT}
- name: APP_PORT
value: ${APP_PORT}
ports:
- containerPort: ${{PROXY_PORT}}
resources:
limits:
cpu: 500m
memory: 500Mi
volumeMounts:
- name: tls-${BRANCH}
mountPath: /etc/ssl
readOnly: true
- name: nginx-template-${BRANCH}
mountPath: /etc/nginx/templates
readOnly: true
- image: ghcr.io/luomus/${APP}:${BRANCH}
imagePullPolicy: Always
name: ${APP}-${BRANCH}
Expand All @@ -141,8 +192,6 @@ objects:
key: branch
- name: HOST
value: ${HOST}
ports:
- containerPort: ${{APP_PORT}}
startupProbe:
httpGet:
path: ${APP_HEALTH}
Expand All @@ -160,10 +209,10 @@ objects:
path: ${APP_HEALTH}
port: ${{APP_PORT}}
periodSeconds: ${{READINESS_PERIOD}}
resources:
limits:
cpu: "2000m"
memory: ${MEMORY}
resources:
limits:
cpu: "2000m"
memory: ${MEMORY}
- kind: Deployment
apiVersion: apps/v1
metadata:
Expand Down Expand Up @@ -322,13 +371,13 @@ objects:
app: ${APP}
spec:
ports:
- name: ${APP_PORT}
port: ${{APP_PORT}}
targetPort: ${{APP_PORT}}
- name: ${PROXY_PORT}
port: ${{PROXY_PORT}}
targetPort: ${{PROXY_PORT}}
selector:
app: ${APP}
branch: ${BRANCH}
port: ${APP_PORT}
port: ${PROXY_PORT}
- kind: Service
apiVersion: v1
metadata:
Expand Down Expand Up @@ -368,8 +417,9 @@ objects:
spec:
host: ${HOST}
port:
targetPort: ${{APP_PORT}}
targetPort: ${{PROXY_PORT}}
tls:
termination: passthrough
insecureEdgeTerminationPolicy: Redirect
to:
kind: Service
Expand Down

0 comments on commit 52990c9

Please sign in to comment.