From a645d2dc17607312525019f97ba9fc4f935d7afd Mon Sep 17 00:00:00 2001 From: ypoplavs Date: Thu, 23 Nov 2023 09:17:48 +0200 Subject: [PATCH 1/8] add redirect Ingress --- .../templates/ingress-redirect.yaml | 65 +++++++++++++++++++ charts/testkube-cloud-ui/values.yaml | 5 ++ charts/testkube-enterprise/values.yaml | 3 + 3 files changed, 73 insertions(+) create mode 100644 charts/testkube-cloud-ui/templates/ingress-redirect.yaml diff --git a/charts/testkube-cloud-ui/templates/ingress-redirect.yaml b/charts/testkube-cloud-ui/templates/ingress-redirect.yaml new file mode 100644 index 000000000..0ac86bbdf --- /dev/null +++ b/charts/testkube-cloud-ui/templates/ingress-redirect.yaml @@ -0,0 +1,65 @@ +{{- if and .Values.ingressRedirect.enabled -}} +{{- $fullName := include "testkube-cloud-ui.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }}-{{ .Values.global.redirectSubdomain }} + labels: + {{- include "testkube-cloud-ui.labels" . | nindent 4 }} + {{- if .Values.ingressRedirect.labels }} + {{- toYaml .Values.ingress.labels | nindent 4 }} + {{- end }} + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/preserve-trailing-slash: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + add_header X-Frame-Options "sameorigin"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options nosniff; + add_header Referrer-Policy 'same-origin'; + add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; + {{- if (eq .Values.global.certificateProvider "cert-manager") }} + cert-manager.io/cluster-issuer: {{ required ".Values.global.certManager.issuerRef must be provided if provider is cert-manager" .Values.global.certManager.issuerRef }} + {{- end }} + {{- with .Values.ingressRedirect.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + tls: + - hosts: + - {{ .Values.global.redirectSubdomain }} + secretName: {{ .Values.ingress.tlsSecretName }}-{{ .Values.global.redirectSubdomain }} + rules: + - host: {{ .Values.global.redirectSubdomain }} + http: + paths: + - path: / + {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + name: http + {{- else }} + serviceName: {{ $fullName }} + servicePort: http + {{- end }} +{{- end }} diff --git a/charts/testkube-cloud-ui/values.yaml b/charts/testkube-cloud-ui/values.yaml index a469ce604..af201bb70 100644 --- a/charts/testkube-cloud-ui/values.yaml +++ b/charts/testkube-cloud-ui/values.yaml @@ -9,6 +9,8 @@ global: domain: "" # -- UI subdomain which get prepended to the domain uiSubdomain: "cloud" + # -- new UI subdomain which get prepended to the domain. Replaces uiSubdomain. + redirectSubdomain: "app" # -- TLS provider (possible values: "", "cert-manager") certificateProvider: "" certManager: @@ -92,6 +94,9 @@ ingress: provider: "cert-manager" # -- Hostname for which to create rules and TLS certificates host: "" +ingressRedirect: + enabled: false + annotations: {} resources: requests: cpu: 50m diff --git a/charts/testkube-enterprise/values.yaml b/charts/testkube-enterprise/values.yaml index e9f7e1434..962525ec1 100644 --- a/charts/testkube-enterprise/values.yaml +++ b/charts/testkube-enterprise/values.yaml @@ -205,6 +205,9 @@ testkube-cloud-ui: ingress: # -- Name of the TLS secret which contains the certificate files tlsSecretName: testkube-enterprise-ui-tls + ingressRedirect: + enabled: false + annotations: {} ## NATS chart parameter ## For more configuration parameters of NATS chart please look here: https://docs.nats.io/running-a-nats-service/nats-kubernetes/helm-charts From c95091798f38de56a8eb8f0e434a35525afaf89a Mon Sep 17 00:00:00 2001 From: ypoplavs Date: Thu, 23 Nov 2023 09:45:21 +0200 Subject: [PATCH 2/8] fix --- charts/testkube-cloud-ui/templates/ingress-redirect.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/testkube-cloud-ui/templates/ingress-redirect.yaml b/charts/testkube-cloud-ui/templates/ingress-redirect.yaml index 0ac86bbdf..6e4208db4 100644 --- a/charts/testkube-cloud-ui/templates/ingress-redirect.yaml +++ b/charts/testkube-cloud-ui/templates/ingress-redirect.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.ingressRedirect.enabled -}} +{{- if .Values.ingressRedirect.enabled -}} {{- $fullName := include "testkube-cloud-ui.fullname" . -}} {{- $svcPort := .Values.service.port -}} {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} @@ -43,7 +43,7 @@ spec: tls: - hosts: - {{ .Values.global.redirectSubdomain }} - secretName: {{ .Values.ingress.tlsSecretName }}-{{ .Values.global.redirectSubdomain }} + secretName: "{{ .Values.ingress.tlsSecretName }}-{{ .Values.global.redirectSubdomain }}" rules: - host: {{ .Values.global.redirectSubdomain }} http: From 5ade0ae5ac69ed51903c1054b7f132e471928525 Mon Sep 17 00:00:00 2001 From: ypoplavs Date: Thu, 23 Nov 2023 10:05:57 +0200 Subject: [PATCH 3/8] fix labels --- charts/testkube-cloud-ui/templates/ingress-redirect.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/testkube-cloud-ui/templates/ingress-redirect.yaml b/charts/testkube-cloud-ui/templates/ingress-redirect.yaml index 6e4208db4..b228de288 100644 --- a/charts/testkube-cloud-ui/templates/ingress-redirect.yaml +++ b/charts/testkube-cloud-ui/templates/ingress-redirect.yaml @@ -19,7 +19,7 @@ metadata: labels: {{- include "testkube-cloud-ui.labels" . | nindent 4 }} {{- if .Values.ingressRedirect.labels }} - {{- toYaml .Values.ingress.labels | nindent 4 }} + {{- toYaml .Values.ingressRedirect.labels | nindent 4 }} {{- end }} annotations: nginx.ingress.kubernetes.io/backend-protocol: "HTTP" From 58ad53305afe8b7f514b5a6a70a855f9e9ee3e12 Mon Sep 17 00:00:00 2001 From: ypoplavs Date: Thu, 23 Nov 2023 10:37:08 +0200 Subject: [PATCH 4/8] update host --- charts/testkube-cloud-ui/templates/ingress-redirect.yaml | 4 ++-- charts/testkube-cloud-ui/values.yaml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/testkube-cloud-ui/templates/ingress-redirect.yaml b/charts/testkube-cloud-ui/templates/ingress-redirect.yaml index b228de288..4647c437a 100644 --- a/charts/testkube-cloud-ui/templates/ingress-redirect.yaml +++ b/charts/testkube-cloud-ui/templates/ingress-redirect.yaml @@ -42,10 +42,10 @@ spec: {{- end }} tls: - hosts: - - {{ .Values.global.redirectSubdomain }} + - {{ .Values.global.redirectSubdomain }}.{{ .Values.global.domain }} secretName: "{{ .Values.ingress.tlsSecretName }}-{{ .Values.global.redirectSubdomain }}" rules: - - host: {{ .Values.global.redirectSubdomain }} + - host: {{ .Values.global.redirectSubdomain }}.{{ .Values.global.domain }} http: paths: - path: / diff --git a/charts/testkube-cloud-ui/values.yaml b/charts/testkube-cloud-ui/values.yaml index af201bb70..3a69773e7 100644 --- a/charts/testkube-cloud-ui/values.yaml +++ b/charts/testkube-cloud-ui/values.yaml @@ -97,6 +97,7 @@ ingress: ingressRedirect: enabled: false annotations: {} + labels: {} resources: requests: cpu: 50m From 94298f83ee46cec4904c5187fedfd5b410e577c9 Mon Sep 17 00:00:00 2001 From: ypoplavs Date: Thu, 23 Nov 2023 10:53:06 +0200 Subject: [PATCH 5/8] fix --- charts/testkube-enterprise/values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/testkube-enterprise/values.yaml b/charts/testkube-enterprise/values.yaml index 962525ec1..89763f8af 100644 --- a/charts/testkube-enterprise/values.yaml +++ b/charts/testkube-enterprise/values.yaml @@ -207,7 +207,6 @@ testkube-cloud-ui: tlsSecretName: testkube-enterprise-ui-tls ingressRedirect: enabled: false - annotations: {} ## NATS chart parameter ## For more configuration parameters of NATS chart please look here: https://docs.nats.io/running-a-nats-service/nats-kubernetes/helm-charts From b39661d9e81058c052755622843cbe196f2f51b0 Mon Sep 17 00:00:00 2001 From: ypoplavs Date: Thu, 23 Nov 2023 13:08:31 +0200 Subject: [PATCH 6/8] add description --- charts/testkube-cloud-ui/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/testkube-cloud-ui/values.yaml b/charts/testkube-cloud-ui/values.yaml index 3a69773e7..313c7e421 100644 --- a/charts/testkube-cloud-ui/values.yaml +++ b/charts/testkube-cloud-ui/values.yaml @@ -94,6 +94,7 @@ ingress: provider: "cert-manager" # -- Hostname for which to create rules and TLS certificates host: "" +# -- new UI subdomain which gets prepended to the domain. Replaces uiSubdomain if enabled. ingressRedirect: enabled: false annotations: {} From ac61e9e8ab3ea4ced8f044359fda292170d36335 Mon Sep 17 00:00:00 2001 From: ypoplavs Date: Thu, 23 Nov 2023 13:31:32 +0200 Subject: [PATCH 7/8] update description --- charts/testkube-cloud-ui/values.yaml | 2 +- charts/testkube-enterprise/values.yaml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/testkube-cloud-ui/values.yaml b/charts/testkube-cloud-ui/values.yaml index 313c7e421..2993d67b0 100644 --- a/charts/testkube-cloud-ui/values.yaml +++ b/charts/testkube-cloud-ui/values.yaml @@ -9,7 +9,7 @@ global: domain: "" # -- UI subdomain which get prepended to the domain uiSubdomain: "cloud" - # -- new UI subdomain which get prepended to the domain. Replaces uiSubdomain. + # -- Different UI subdomain which get prepended to the domain. May be used for the redirect from your actual uiSubdomain endpoint. Works is ingressRedirect option is enabled. redirectSubdomain: "app" # -- TLS provider (possible values: "", "cert-manager") certificateProvider: "" diff --git a/charts/testkube-enterprise/values.yaml b/charts/testkube-enterprise/values.yaml index 89763f8af..57ba0edb5 100644 --- a/charts/testkube-enterprise/values.yaml +++ b/charts/testkube-enterprise/values.yaml @@ -17,6 +17,8 @@ global: domain: "" # -- UI subdomain which get prepended to the domain uiSubdomain: "dashboard" + # -- Different UI subdomain which get prepended to the domain. May be used for the redirect from your actual uiSubdomain endpoint. Works is ingressRedirect option is enabled. + redirectSubdomain: "app" # -- REST API subdomain which get prepended to the domain restApiSubdomain: "api" # -- gRPC API subdomain which get prepended to the domain @@ -205,6 +207,7 @@ testkube-cloud-ui: ingress: # -- Name of the TLS secret which contains the certificate files tlsSecretName: testkube-enterprise-ui-tls + # -- Toggle whether to enable redirect Ingress which allows having a different subdomain redirecting to the actual Dashboard UI Ingress URL ingressRedirect: enabled: false From 1d23376a7fe1db66125f43313c173529de51606d Mon Sep 17 00:00:00 2001 From: ypoplavs Date: Thu, 23 Nov 2023 13:32:57 +0200 Subject: [PATCH 8/8] fix typo --- charts/testkube-cloud-ui/values.yaml | 4 ++-- charts/testkube-enterprise/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/testkube-cloud-ui/values.yaml b/charts/testkube-cloud-ui/values.yaml index 2993d67b0..10856bff2 100644 --- a/charts/testkube-cloud-ui/values.yaml +++ b/charts/testkube-cloud-ui/values.yaml @@ -9,7 +9,7 @@ global: domain: "" # -- UI subdomain which get prepended to the domain uiSubdomain: "cloud" - # -- Different UI subdomain which get prepended to the domain. May be used for the redirect from your actual uiSubdomain endpoint. Works is ingressRedirect option is enabled. + # -- Different UI subdomain which gets prepended to the domain. May be used for the redirect from your actual uiSubdomain endpoint. Works is ingressRedirect option is enabled. redirectSubdomain: "app" # -- TLS provider (possible values: "", "cert-manager") certificateProvider: "" @@ -94,7 +94,7 @@ ingress: provider: "cert-manager" # -- Hostname for which to create rules and TLS certificates host: "" -# -- new UI subdomain which gets prepended to the domain. Replaces uiSubdomain if enabled. +# -- Toggle whether to enable redirect Ingress which allows having a different subdomain redirecting to the actual Dashboard UI Ingress URL ingressRedirect: enabled: false annotations: {} diff --git a/charts/testkube-enterprise/values.yaml b/charts/testkube-enterprise/values.yaml index 57ba0edb5..eecc3eaa5 100644 --- a/charts/testkube-enterprise/values.yaml +++ b/charts/testkube-enterprise/values.yaml @@ -17,7 +17,7 @@ global: domain: "" # -- UI subdomain which get prepended to the domain uiSubdomain: "dashboard" - # -- Different UI subdomain which get prepended to the domain. May be used for the redirect from your actual uiSubdomain endpoint. Works is ingressRedirect option is enabled. + # -- Different UI subdomain which gets prepended to the domain. May be used for the redirect from your actual uiSubdomain endpoint. Works is ingressRedirect option is enabled. redirectSubdomain: "app" # -- REST API subdomain which get prepended to the domain restApiSubdomain: "api"