Feature Branch: Workbench CDDR (#27)

* Fix / Enable OAuth configuration (#24) * Remove duplicate /dashboard ingress path This fixes /cauth and SSO with oauth2-proxy * Enable OAuth2 configuration via Helm chart values.yaml * Simplify ingress configuration considerably * Expose admin port internally if oauth enabled * Fix auth-repsonse-headers annotation name, fix hard-coded secret name * Fix default values.yaml entry for auth_response_headers * Remove port mapping for 30002 Added a secure endpoint that can run on the usual 30001 instead * Include root Ingress (where did this go??) * Add back ingress rules that were accidentally removed * Parameterize ProductName and ProductLandingHtml for the webui (#28) * Parameterize AdvancedFeatures and ProductLandingHtml * Fix typo in deployment.yaml * Add favicon and logo path configs * Add brand logo and favicon path configs * Add brand_logo and favicon path configs * Consistency is important * Update config.yaml * Update deployment.yaml * Update values.yaml * Fix typo in configmap * Remove duplicate ingress rule * Fix AdvancedFeatures overrides by adding to ConfigMap * Fix AdvancedFeatures overrides by adding to ConfigMap * Redirect non-WWW to the correct subdomain * Added a hacky override for help_links (#29) * Parameterize AdvancedFeatures and ProductLandingHtml * Fix typo in deployment.yaml * feat: add override for help_links * added default values for help_links * feat: start moving to configmap -> json mounted into pod * feat: support traefik ingress (#31)
nds-org · Nov 30, 2021 · 3bd476a · 3bd476a
1 parent ac8a08e
commit 3bd476a
Show file tree

Hide file tree

Showing 4 changed files with 350 additions and 29 deletions.
diff --git a/templates/config.yaml b/templates/config.yaml
@@ -4,19 +4,45 @@ metadata:
   name: {{ .Release.Name }}
   namespace: {{ .Release.Namespace }}
 data:
+  frontend.json: |
+    {{ .Values.frontend | toJson }}
+  backend.json: |
+    {{ .Values.backend | toJson }}
+
+
+  ### DEPRECATED: 
+
   # Enable TLS (HTTPS)?
   workbench.tls.enable: "true"
 
   # Cert manager configuration
   workbench.ingress.tls.enable: "true"
   workbench.ingress.tls.cluster_issuer: "{{ default "" .Values.certmgr.cluster_issuer }}"
   workbench.ingress.tls.issuer: "{{ default "" .Values.certmgr.issuer }}"
-  workbench.ingress.tls.namespace: "{{ default "" .Values.certmgr.namespace }}"
 
   # Customize this instance of Workbench
   workbench.subdomain_prefix: "{{ .Values.workbench.subdomain_prefix }}"
   workbench.domain: "{{ .Values.workbench.domain }}"
+  workbench.cookie_domain: "{{ .Values.workbench.domain }}"
+
+  workbench.advanced_features.show_config: "{{ .Values.workbench.advanced_features.show_config }}"
+  workbench.advanced_features.show_logs: "{{ .Values.workbench.advanced_features.show_logs }}"
+  workbench.advanced_features.show_console: "{{ .Values.workbench.advanced_features.show_console }}"
+  workbench.advanced_features.show_service_help_icon: "{{ .Values.workbench.advanced_features.show_service_help_icon }}"
+  workbench.advanced_features.show_edit_service: "{{ .Values.workbench.advanced_features.show_edit_service }}"
+  workbench.advanced_features.show_remove_service: "{{ .Values.workbench.advanced_features.show_remove_service }}"
+  workbench.advanced_features.show_create_spec: "{{ .Values.workbench.advanced_features.show_create_spec }}"
+  workbench.advanced_features.show_import_spec: "{{ .Values.workbench.advanced_features.show_import_spec }}"
+  workbench.advanced_features.show_file_manager: "{{ .Values.workbench.advanced_features.show_file_manager }}"
+
   workbench.name: "{{ .Values.workbench.name }}"
+  workbench.landing_html: >- 
+    {{ .Values.workbench.landing_html }}
+  workbench.brand_logo_path: {{ .Values.workbench.brand_logo_path | quote }}
+  workbench.favicon_path: {{ .Values.workbench.favicon_path | quote }}
+  workbench.learn_more_url: {{ .Values.workbench.learn_more_url | quote }}
+  workbench.help_links: {{ .Values.workbench.help_links | quote }}
+
   workbench.support_email: "{{ .Values.workbench.support_email }}"
   workbench.analytics_tracking_id: "{{ .Values.workbench.analytics_tracking_id }}"
   workbench.node_selector_name: "{{ .Values.workbench.node_selector_name }}"

diff --git a/templates/deployment.yaml b/templates/deployment.yaml
@@ -111,6 +111,8 @@ metadata:
   annotations:
     configHash: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
 spec:
+  strategy:
+    type: "{{ .Values.workbench.strategyType | default "RollingUpdate" }}"
   replicas: 1
   selector:
     matchLabels:
@@ -158,6 +160,11 @@ spec:
               configMapKeyRef:
                 name: {{ .Release.Name }}
                 key: workbench.domain
+          - name: COOKIEDOMAIN
+            valueFrom:
+              configMapKeyRef:
+                name: {{ .Release.Name }}
+                key: workbench.cookie_domain
           - name: SUBDOMAIN_PREFIX
             valueFrom:
               configMapKeyRef:
@@ -189,10 +196,84 @@ spec:
 {{ else }}
             value: "$(DOMAIN)"
 {{ end }}
-          - name: NDSLABS_APISERVER_SERVICE_PORT
-            value: "30001"
+          - name: WORKBENCH_NAME
+            valueFrom:
+              configMapKeyRef:
+                name: {{ .Release.Name }}
+                key: workbench.name
+          - name: WORKBENCH_LANDING_HTML
+            valueFrom:
+              configMapKeyRef:
+                name: {{ .Release.Name }}
+                key: workbench.landing_html
+          - name: WORKBENCH_BRAND_LOGO_PATH
+            valueFrom:
+              configMapKeyRef:
+                name: {{ .Release.Name }}
+                key: workbench.brand_logo_path
+          - name: WORKBENCH_FAVICON_PATH
+            valueFrom:
+              configMapKeyRef:
+                name: {{ .Release.Name }}
+                key: workbench.favicon_path
+          - name: WORKBENCH_LEARNMORE_URL
+            valueFrom:
+              configMapKeyRef:
+                name: {{ .Release.Name }}
+                key: workbench.learn_more_url
+          - name: WORKBENCH_HELP_LINKS
+            valueFrom:
+              configMapKeyRef:
+                name: {{ .Release.Name }}
+                key: workbench.help_links
           - name: APISERVER_PATH
             value: "/api"
+          - name: SHOW_CONFIG
+            valueFrom:
+              configMapKeyRef:
+                name: {{ .Release.Name }}
+                key: workbench.advanced_features.show_config
+          - name: SHOW_LOGS
+            valueFrom:
+              configMapKeyRef:
+                name: {{ .Release.Name }}
+                key: workbench.advanced_features.show_logs
+          - name: SHOW_CONSOLE
+            valueFrom:
+              configMapKeyRef:
+                name: {{ .Release.Name }}
+                key: workbench.advanced_features.show_console
+          - name: SHOW_REMOVE_SERVICE
+            valueFrom:
+              configMapKeyRef:
+                name: {{ .Release.Name }}
+                key: workbench.advanced_features.show_remove_service
+          - name: SHOW_EDIT_SERVICE
+            valueFrom:
+              configMapKeyRef:
+                name: {{ .Release.Name }}
+                key: workbench.advanced_features.show_edit_service
+          - name: SHOW_SERVICE_HELP_ICON
+            valueFrom:
+              configMapKeyRef:
+                name: {{ .Release.Name }}
+                key: workbench.advanced_features.show_service_help_icon
+          - name: SHOW_CREATE_SPEC
+            valueFrom:
+              configMapKeyRef:
+                name: {{ .Release.Name }}
+                key: workbench.advanced_features.show_create_spec
+          - name: SHOW_IMPORT_SPEC
+            valueFrom:
+              configMapKeyRef:
+                name: {{ .Release.Name }}
+                key: workbench.advanced_features.show_import_spec
+          - name: SHOW_FILE_MANAGER
+            valueFrom:
+              configMapKeyRef:
+                name: {{ .Release.Name }}
+                key: workbench.advanced_features.show_file_manager
+
         readinessProbe:
           httpGet:
             path: /asset/png/favicon-2-32x32.png

diff --git a/templates/ingress.yaml b/templates/ingress.yaml
@@ -5,21 +5,29 @@ metadata:
   name: {{ .Release.Name }}-auth
   namespace: {{ .Release.Namespace }}
   annotations:
-    kubernetes.io/ingress.class: "nginx"
-{{ if .Values.workbench.subdomain_prefix }}    nginx.ingress.kubernetes.io/auth-url: "https://{{ .Values.workbench.subdomain_prefix }}.{{ .Values.workbench.domain }}/cauth/auth"
-    nginx.ingress.kubernetes.io/auth-signin: "https://{{ .Values.workbench.subdomain_prefix }}.{{ .Values.workbench.domain }}/login/"
-{{ else }}    nginx.ingress.kubernetes.io/auth-url: "https://{{ .Values.workbench.domain }}/cauth/auth"
-    nginx.ingress.kubernetes.io/auth-signin: "https://{{ .Values.workbench.domain }}/login/"{{ end }}
+#    kubernetes.io/ingress.class: "nginx"
+{{ if .Values.oauth.enabled | default false }}
+    nginx.ingress.kubernetes.io/auth-url: "{{ .Values.oauth.auth_url | default "https://$host/cauth/auth" }}"
+    nginx.ingress.kubernetes.io/auth-signin: "{{ .Values.oauth.signin_url | default "https://$host/login/" }}"
+    nginx.ingress.kubernetes.io/auth-response-headers: "{{ .Values.oauth.auth_response_headers | default "x-auth-request-user, x-auth-request-email" }}"
+{{ else }}
+    nginx.ingress.kubernetes.io/auth-url: "https://$host/cauth/auth"
+    nginx.ingress.kubernetes.io/auth-signin: "https://$host/login/"
+{{ end }}
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
     nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
   tls:
   - hosts:
     - {{ .Values.workbench.domain }}
     - '*.{{ .Values.workbench.domain }}'
-    secretName: {{ .Values.tls.secretName }}-auth
+    secretName: {{ .Values.tls.secretName }}
   rules:
-{{ if .Values.workbench.subdomain_prefix }}  - host: {{ .Values.workbench.subdomain_prefix }}.{{ .Values.workbench.domain }}{{ else }}  - host: {{ .Values.workbench.domain }}{{ end }}
+{{ if .Values.workbench.subdomain_prefix }}
+  - host: {{ .Values.workbench.subdomain_prefix }}.{{ .Values.workbench.domain }}
+{{ else }}
+  - host: {{ .Values.workbench.domain }}
+{{ end }}
     http:
       paths:
       - path: /logs
@@ -43,68 +51,74 @@ metadata:
   name: {{ .Release.Name }}-open
   namespace: {{ .Release.Namespace }}
   annotations:
-    kubernetes.io/ingress.class: "nginx"
+#    kubernetes.io/ingress.class: "nginx"
+#    nginx.ingress.kubernetes.io/app-root: "/landing/"
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
     nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
   tls:
   - hosts:
     - {{ .Values.workbench.domain }}
     - '*.{{ .Values.workbench.domain }}'
+    secretName: {{ .Values.tls.secretName }}
   rules:
-{{ if .Values.workbench.subdomain_prefix }}  - host: {{ .Values.workbench.subdomain_prefix }}.{{ .Values.workbench.domain }}{{ else }}  - host: {{ .Values.workbench.domain }}{{ end }}
+{{ if .Values.workbench.subdomain_prefix }}
+  - host: {{ .Values.workbench.subdomain_prefix }}.{{ .Values.workbench.domain }}
+{{ else }}
+  - host: {{ .Values.workbench.domain }}
+{{ end }}
     http:
       paths:
-      - path: /api
+      - path: /api/
         pathType: Prefix
         backend:
           service:
             name: {{ .Release.Name }}
             port: 
               number: 30001
-      - path: /login
+      - path: /login/
         pathType: Prefix
         backend:
           service:
             name: {{ .Release.Name }}
             port: 
               number: 80
-      - path: /landing
+      - path: /landing/
         pathType: Prefix
         backend:
           service:
             name: {{ .Release.Name }}
             port: 
               number: 80
-      - path: /cauth
+      - path: /cauth/
         pathType: Prefix
         backend:
           service:
             name: {{ .Release.Name }}
             port: 
               number: 80
-      - path: /shared
+      - path: /shared/
         pathType: Prefix
         backend:
           service:
             name: {{ .Release.Name }}
             port: 
               number: 80
-      - path: /bower_components
+      - path: /node_modules/
         pathType: Prefix
         backend:
           service:
             name: {{ .Release.Name }}
             port: 
               number: 80
-      - path: /node_modules
+      - path: /asset/
         pathType: Prefix
         backend:
           service:
             name: {{ .Release.Name }}
             port: 
               number: 80
-      - path: /asset
+      - path: /ConfigModule.js
         pathType: Prefix
         backend:
           service:
@@ -118,7 +132,7 @@ spec:
             name: {{ .Release.Name }}
             port: 
               number: 80
-      - path: /ConfigModule.js
+      - path: /env.json
         pathType: Prefix
         backend:
           service:
@@ -130,16 +144,85 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   annotations:
-    kubernetes.io/ingress.class: "nginx"
-{{ if .Values.certmgr.cluster_issuer }}    cert-manager.io/cluster-issuer: "{{ .Values.certmgr.cluster_issuer }}"{{ else if .Values.certmgr.issuer }}    cert-manager.io/issuer: "{{ .Values.certmgr.issuer }}"{{ end }}
+#    kubernetes.io/ingress.class: "nginx"
+{{ if .Values.certmgr.cluster_issuer }}
+    cert-manager.io/cluster-issuer: "{{ .Values.certmgr.cluster_issuer }}"
+{{ else if .Values.certmgr.issuer }}
+    cert-manager.io/issuer: "{{ .Values.certmgr.issuer }}"
+{{ end }}
     nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
-{{ if .Values.workbench.subdomain_prefix }}    nginx.ingress.kubernetes.io/permanent-redirect: "https://{{ .Values.workbench.subdomain_prefix }}.{{ .Values.workbench.domain }}/landing/"{{ else }}    nginx.ingress.kubernetes.io/permanent-redirect: "https://{{ .Values.workbench.domain }}/landing/"{{ end }}
+
+#    traefik.ingress.kubernetes.io/preserve-host: "true"
+#    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+#    traefik.ingress.kubernetes.io/redirect-regex: "^https://(.*)"
+#    traefik.ingress.kubernetes.io/redirect-replacement: "https://www.$1"
+
+{{ if .Values.workbench.subdomain_prefix }}
+    nginx.ingress.kubernetes.io/permanent-redirect: "https://{{ .Values.workbench.subdomain_prefix }}.{{ .Values.workbench.domain }}/landing/"
+{{ else }}
+    nginx.ingress.kubernetes.io/permanent-redirect: "https://{{ .Values.workbench.domain }}/landing/"
+{{ end }}
   name: {{ .Release.Name }}-root
   namespace: {{ .Release.Namespace }}
 spec:
   rules:
-{{ if .Values.workbench.subdomain_prefix }}  - host: {{ .Values.workbench.subdomain_prefix }}.{{ .Values.workbench.domain }}{{ else }}  - host: {{ .Values.workbench.domain }}{{ end }}
+  - host: {{ .Values.workbench.domain }}
+    http:
+      paths:
+      - backend:
+          service:
+            name: {{ .Release.Name }}
+            port: 
+              number: 80
+        path: /
+        pathType: Prefix
+{{ if .Values.workbench.subdomain_prefix }}
+  - host: {{ .Values.workbench.subdomain_prefix }}.{{ .Values.workbench.domain }}
+    http:
+      paths:
+      - backend:
+          service:
+            name: {{ .Release.Name }}
+            port: 
+              number: 80
+        path: /
+        pathType: Prefix
+{{ end }}
+  tls:
+  - hosts:
+    - {{ .Values.workbench.domain }}
+    - '*.{{ .Values.workbench.domain }}'
+    secretName: {{ .Values.tls.secretName }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+#    kubernetes.io/ingress.class: "nginx"
+#{{ if .Values.certmgr.cluster_issuer }}
+#    cert-manager.io/cluster-issuer: "{{ .Values.certmgr.cluster_issuer }}"
+#{{ else if .Values.certmgr.issuer }}
+#    cert-manager.io/issuer: "{{ .Values.certmgr.issuer }}"
+#{{ end }}
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+
+    traefik.ingress.kubernetes.io/preserve-host: "true"
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    traefik.ingress.kubernetes.io/redirect-regex: "^https://(.*)"
+    traefik.ingress.kubernetes.io/redirect-replacement: "https://www.$1"
+
+{{ if .Values.workbench.subdomain_prefix }}
+    nginx.ingress.kubernetes.io/permanent-redirect: "https://{{ .Values.workbench.subdomain_prefix }}.{{ .Values.workbench.domain }}/landing/"
+{{ else }}
+    nginx.ingress.kubernetes.io/permanent-redirect: "https://{{ .Values.workbench.domain }}/landing/"
+{{ end }}
+  name: {{ .Release.Name }}-www-redirect
+  namespace: {{ .Release.Namespace }}
+spec:
+  rules:
+  - host: {{ .Values.workbench.domain }}
     http:
       paths:
       - backend: