Support configurationSnippets via values (#76)

Support configurationSnippets via values
- Add `ingress.instances.configurationSnippets` to allow custom nginx configuration snippets.
- Move `ingress.instanceName` to `ingress.instances.name`.
- Move `ingress.proxyBodySize` to `ingress.instances.proxyBodySize`.
- Move `ingress.allWildcardSecretNames` to `ingress.instances.allWildcardSecretNames`.

Add formatter settings for json & yaml

Set settings for EOL to LF

Add task to regenerate READMEs

Co-authored-by: Lucas Koehler <[email protected]>

.prettierrc

@@ -0,0 +1,3 @@
+{
+  "endOfLine": "lf"
+}

.theia/settings.json

@@ -1,5 +1,15 @@
 {
-    "[markdown]": {
-        "editor.defaultFormatter": "esbenp.prettier-vscode"
-    }
-}
+  "[markdown]": {
+    "editor.defaultFormatter": "esbenp.prettier-vscode"
+  },
+  "[yaml]": {
+    "editor.defaultFormatter": "esbenp.prettier-vscode"
+  },
+  "[jsonc]": {
+    "editor.defaultFormatter": "esbenp.prettier-vscode"
+  },
+  "[json]": {
+    "editor.defaultFormatter": "esbenp.prettier-vscode"
+  },
+  "files.eol": "\n"
+}

.theia/tasks.json

@@ -0,0 +1,15 @@
+{
+  "version": "2.0.0",
+  "tasks": [
+    {
+      "label": "Rebuild READMEs",
+      "type": "shell",
+      "command": "docker pull jnorwood/helm-docs:latest && docker run --rm --volume \"$(pwd)/charts:/helm-docs\" -u $(id -u) jnorwood/helm-docs:latest",
+      "problemMatcher": [],
+      "group": {
+        "kind": "build",
+        "isDefault": true
+      }
+    }
+  ]
+}

CHANGELOG.md

@@ -2,6 +2,11 @@
 
 ## [0.12.0] - estimated 2024-10
 
+- [theia-cloud] move `ingress.instanceName` to `ingress.instances.name` [#76](https://github.com/eclipsesource/theia-cloud-helm/pull/76)
+- [theia-cloud] move `ingress.proxyBodySize` to `ingress.instances.proxyBodySize` [#76](https://github.com/eclipsesource/theia-cloud-helm/pull/76)
+- [theia-cloud] move `ingress.allWildcardSecretNames` to `ingress.instances.allWildcardSecretNames` [#76](https://github.com/eclipsesource/theia-cloud-helm/pull/76)
+- [theia-cloud] Add `ingress.instances.configurationSnippets` to values which allows to set nginx configurations via the `nginx.ingress.kubernetes.io/configuration-snippet` annotation [#76](https://github.com/eclipsesource/theia-cloud-helm/pull/76)
+
 ## [0.11.0] - 2024-07-23
 
 - [theia-cloud-crds] Add option field to CRDs and increase version to `Session.v1beta8`, `Workspace.v1beta5` and `AppDefinition.v1beta10` [#55](https://github.com/eclipsesource/theia-cloud-helm/pull/55) | [#293](https://github.com/eclipsesource/theia-cloud/pull/293)

README.md

@@ -4,18 +4,27 @@ This repository contains the helm charts for Theia Cloud.
 
 There are three charts:
 
-* `theia-cloud-base` installs cluster wide resources that may be used by multiple Theia Cloud installations
-* `theia-cloud-crds` installs the custom resource definitions
-* `theia-cloud` installs Theia Cloud itself and depends on `theia-cloud-base` and `theia-cloud-crds`
+- `theia-cloud-base` installs cluster wide resources that may be used by multiple Theia Cloud installations
+- `theia-cloud-crds` installs the custom resource definitions
+- `theia-cloud` installs Theia Cloud itself and depends on `theia-cloud-base` and `theia-cloud-crds`
 
 ## Cluster Prerequisites
+
 The charts depend on well-established software in the Kubernetes ecosystem. Please make sure to install the dependencies before releasing with _helm_.
 
-* **cert-manager.io** is used for certificate management, supports internal/testing issuers and supports Let's Encrypt certificates. Installation instructions can be found [here](https://cert-manager.io), a helm chart [here](https://cert-manager.io/docs/installation/helm/). 
+- **cert-manager.io** is used for certificate management, supports internal/testing issuers and supports Let's Encrypt certificates. Installation instructions can be found [here](https://cert-manager.io), a helm chart [here](https://cert-manager.io/docs/installation/helm/).
+
+- **ingress-nginx** is used to performantly assemble _nginx_ configuration files and synchronizes changes. Learn more about it [here](https://kubernetes.github.io/ingress-nginx/).
 
-* **ingress-nginx** is used to performantly assemble _nginx_ configuration files and synchronizes changes. Learn more about it [here](https://kubernetes.github.io/ingress-nginx/).
+**Note:** Since ingress-nginx version 1.10 , the annotation `nginx.ingress.kubernetes.io/configuration-snippet` is disabled by default and needs to be enabled.
+To enable this option, you need to set the flag `allow-snippet-annotations: "true"` in the ingress-nginx values.
 
-You can find more information in the official [Theia Cloud documentation](https://theia-cloud.io/documentation/setuptheiacloud/). 
+```sh
+kubectl -n ingress-nginx patch cm ingress-nginx-controller --patch '{"data":{"allow-snippet-annotations":"true"}}'
+kubectl -n ingress-nginx delete pod -l app.kubernetes.io/name=ingress-nginx
+```
+
+You can find more information in the official [Theia Cloud documentation](https://theia-cloud.io/documentation/setuptheiacloud/).
 
 ## Versioning
 
@@ -55,3 +64,5 @@ Furthermore, the new version, together with a release estimation date, should be
 ```bash
 docker pull jnorwood/helm-docs:latest && docker run --rm --volume "$(pwd)/charts:/helm-docs" -u $(id -u) jnorwood/helm-docs:latest
 ```
+
+or run the `Rebuild READMEs` task.

charts/theia-cloud-base/templates/operator-role.yaml

@@ -3,8 +3,7 @@ kind: ClusterRole
 metadata:
   name: {{ .Values.operatorrole.name }}
 rules:
-  -
-    apiGroups:
+  - apiGroups:
       - ""
       - apiextensions.k8s.io
       - theia.cloud
@@ -27,4 +26,3 @@ rules:
       - deployments
       - leases
     verbs: ["list", "create", "watch", "get", "patch", "delete", "update"]
-

charts/theia-cloud-base/templates/service-role.yaml

@@ -3,8 +3,7 @@ kind: ClusterRole
 metadata:
   name: {{ .Values.servicerole.name }}
 rules:
-  -
-    apiGroups:
+  - apiGroups:
       - ""
       - theia.cloud
     resources:
@@ -15,11 +14,9 @@ rules:
       - workspaces
       - workspaces/status
     verbs: ["list", "create", "watch", "get", "patch", "delete"]
-  -
-    apiGroups:
+  - apiGroups:
       - ""
       - metrics.k8s.io
     resources:
       - pods
     verbs: ["list", "get", "watch"]
-

charts/theia-cloud-base/templates/theia-cloud-ca-certificate.yaml

@@ -11,4 +11,4 @@ spec:
     name: {{ .Values.issuerca.name }}
     kind: ClusterIssuer
   duration: 2160h
-  renewBefore: 360h
+  renewBefore: 360h

charts/theia-cloud-base/values.yaml

@@ -28,4 +28,4 @@ servicerole:
 
 certmanager:
   # -- the namespace where the cert-manager is installed
-  namespace: cert-manager
+  namespace: cert-manager

charts/theia-cloud-crds/values.yaml

@@ -5,4 +5,4 @@ conversion:
   certMountPath: /etc/webhook/certs
 
 # -- The cluster issuer to use for the certificate
-clusterIssuer: theia-cloud-selfsigned-issuer
+clusterIssuer: theia-cloud-selfsigned-issuer

charts/theia-cloud/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.12.0-next.4
+version: 0.12.0-next.5
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/theia-cloud/README.md

@@ -1,6 +1,6 @@
 # theia-cloud
 
-![Version: 0.12.0-next.1](https://img.shields.io/badge/Version-0.12.0--next.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.12.0-next](https://img.shields.io/badge/AppVersion-0.12.0--next-informational?style=flat-square)
+![Version: 0.12.0-next.5](https://img.shields.io/badge/Version-0.12.0--next.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.12.0-next](https://img.shields.io/badge/AppVersion-0.12.0--next-informational?style=flat-square)
 
 A Helm chart for Theia Cloud
 
@@ -23,21 +23,23 @@ A Helm chart for Theia Cloud
 | demoApplication.pullSecret | string | `""` | the image pull secret. Leave empty if registry is public |
 | demoApplication.timeout | string | `"30"` | Limit in minutes |
 | hosts | object | (see details below) | You may adjust the hostname below. |
-| hosts.allWildcardInstances | list | `["*.webview."]` | all additional wildcard hostnames that may be required in the launched Theia-applications, e.g. "*.webview." which leads to "*.webview.ws.192.168.39.173.nip.io" to expose webviews.  Please note that this means that this usually means that all "ingressHostnamePrefixes" patterns from all app definitions need to be added. IMPORTANT: If this gets updated, the helm chart needs to be re-installed because helm upgrade will not properly update this at the moment. These are required to configure TLS (if enabled via ingress.tls == true) |
+| hosts.allWildcardInstances | list | `[]` | all additional wildcard hostnames that may be required in the launched Theia-applications, e.g. "*.webview." which leads to "*.webview.ws.192.168.39.173.nip.io" to expose webviews. Please note that this means that this usually means that all "ingressHostnamePrefixes" patterns from all app definitions need to be added. IMPORTANT: If this gets updated, the helm chart needs to be re-installed because helm upgrade will not properly update this at the moment. These are required to configure TLS (if enabled via ingress.tls == true) I.e. custom certificates or a cert-manager provider that can handle wildcard certificates need to be configured. |
 | hosts.configuration | object | (see details below) | Configuration for the hostnames. Contains the baseHost and afixes for all services |
-| hosts.configuration.baseHost | string | `"192.168.39.173.nip.io"` | baseHost configures the host for all services.  Depending on hosts.usePaths the services will be prepended as a subdomain or appended as a path |
+| hosts.configuration.baseHost | string | `"192.168.39.173.nip.io"` | baseHost configures the host for all services. Depending on hosts.usePaths the services will be prepended as a subdomain or appended as a path |
 | hosts.configuration.instance | string | `"instances"` | afix for deployed instances |
 | hosts.configuration.landing | string | `"trynow"` | afix of the landing page |
 | hosts.configuration.service | string | `"servicex"` | afix of the REST service |
 | hosts.usePaths | bool | `false` | Use paths configures that all services should run on the same host but on different paths. true uses paths false uses an explicit host for each service |
 | imagePullPolicy | string | `"Always"` | The default imagePullPolicy for containers of theia cloud. Can be overridden for individual components by specifying the imagePullPolicy variable there. Possible values: - Always - IfNotPresent - Never |
 | ingress | object | (see details below) | Values to influence the ingresses |
 | ingress.addTLSSecretName | bool | `true` | whether the default Theia Cloud tls secret names should be used. If false no tls secret name will be set on the ingress only needed when ingress.tls == true |
-| ingress.allWildcardSecretNames | object | `{}` | All additional wildcard hostnames and the respective TLS secret names. Use this for wildcard hostnames that should use a TLS certificate with a `secretName` different from the default one. Only accepts wildcard hostnames that are configured in `hosts.allWildcardInstances`. |
 | ingress.certManagerAnnotations | bool | `true` | When set to true the cert-manager.io annotations will be set. Only used when ingress.addTLSSecretName === true When false certificate management is handled outside of Theia Cloud. |
 | ingress.clusterIssuer | string | `"letsencrypt-prod"` | The cluster issuer to use Only needed when ingress.certManagerAnnotations is true |
-| ingress.instanceName | string | `"theia-cloud-demo-ws-ingress"` | The name of the ingress which will be updated to publish new theia application. If this is not existing it will be created. You may chose to set the ingress up yourself and point Theia Cloud to the ingress via the name |
-| ingress.proxyBodySize | string | `"1m"` | Sets the maximum allowed size of the client request body inside the application (e.g. file uploads in Theia). Defaults to 1m. Setting size to 0 disables checking of client request body size. |
+| ingress.instances | object | `{"allWildcardSecretNames":{},"configurationSnippets":["proxy_set_header 'X-Forwarded-Uri' $request_uri"],"name":"theia-cloud-demo-ws-ingress","proxyBodySize":"1m"}` | Values to influence the instances ingress |
+| ingress.instances.allWildcardSecretNames | object | `{}` | All additional wildcard hostnames and the respective TLS secret names. Use this for wildcard hostnames that should use a TLS certificate with a `secretName` different from the default one. Only accepts wildcard hostnames that are configured in `hosts.allWildcardInstances`. |
+| ingress.instances.configurationSnippets | list | `["proxy_set_header 'X-Forwarded-Uri' $request_uri"]` | Additional configuration to the ingress configuration via the `nginx.ingress.kubernetes.io/configuration-snippet` annotation. One entry in this array results in a line for the annotation. Do not add a semicolon at the end of the line here, it is automatically added. Note: Since ingress-nginx version 1.10 this annotation needs to be enabled. See [this README](../../README.md#cluster-prerequisites) for more information. |
+| ingress.instances.name | string | `"theia-cloud-demo-ws-ingress"` | The name of the ingress which will be updated to publish new theia application. If this is not existing it will be created. You may chose to set the ingress up yourself and point Theia Cloud to the ingress via the name |
+| ingress.instances.proxyBodySize | string | `"1m"` | Sets the maximum allowed size of the client request body inside the application (e.g. file uploads in Theia). Defaults to 1m. Setting size to 0 disables checking of client request body size. |
 | ingress.theiaCloudCommonName | bool | `false` | When set to true the cert-manager.io/common-name annotation will be set. This is only required when the issued certificate by the cert-manager misses a common-name Only needed when ingress.certManagerAnnotations is true |
 | ingress.tls | bool | `true` | Does Theia Cloud expect TLS connections (true) or is TLS terminated outside of Theia Cloud (e.g. via a Load Balancer) (false) |
 | issuer | object | (see details below) | Values related to certificates/Cert-manager |
@@ -80,7 +82,7 @@ A Helm chart for Theia Cloud
 | operator.logging | object | (see details below) | Allows to override the operator's log4j configuration |
 | operator.maxWatchIdleTime | string | `"3600000"` | Configures the timeout in milliseconds when a watcher for either AppDefinitions, Workspaces, or Sessions is assumed to be not working. When this is detected the operator instance will stop and a new operator will set up fresh watchers. |
 | operator.oAuth2ProxyVersion | string | `"v7.5.1"` | The version to use of the quay.io/oauth2-proxy/oauth2-proxy image |
-| operator.replicas | int | `2` | Number of operator instances to create |
+| operator.replicas | int | `1` | Number of operator instances to create |
 | operator.requestedStorage | string | `"250Mi"` | The amount of requested storage for each persistent volume claim (PVC) for workspaces. This is directly passed to created PVCs and must be a valid Kubernetes quantity. See https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/ |
 | operator.sessionsPerUser | string | `"1"` | Set the number of active sessions a single user can launch |
 | operator.storageClassName | string | `"default"` | The name of the storage class for persistent volume claims for workspaces. This storage class must be present on the cluster. Most cloud providers offer a default storage class without additional configuration. |

charts/theia-cloud/templates/instances-ingress-path-based.yaml

@@ -2,17 +2,21 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ tpl (.Values.ingress.instanceName | toString) . }}
+  name: {{ tpl (.Values.ingress.instances.name | toString) . }}
   namespace: {{ .Release.Namespace }}
   annotations:
     {{- if not .Values.ingress.tls }}
     nginx.ingress.kubernetes.io/ssl-redirect: "false"
     {{- end }}
     nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
     nginx.ingress.kubernetes.io/rewrite-target: /$2
+    {{- if .Values.ingress.instances.configurationSnippets }}
     nginx.ingress.kubernetes.io/configuration-snippet: |
-      proxy_set_header 'X-Forwarded-Uri' $request_uri;
-    nginx.ingress.kubernetes.io/proxy-body-size: {{ tpl (.Values.ingress.proxyBodySize | toString) . }}
+      {{- range .Values.ingress.instances.configurationSnippets }}
+      {{ . }};
+      {{- end }}
+    {{- end }}
+    nginx.ingress.kubernetes.io/proxy-body-size: {{ tpl (.Values.ingress.instances.proxyBodySize | toString) . }}
     {{- if .Values.ingress.addTLSSecretName }}
     {{- if .Values.ingress.certManagerAnnotations }}
     cert-manager.io/cluster-issuer: {{ tpl (.Values.ingress.clusterIssuer | toString) . }}
@@ -30,7 +34,7 @@ spec:
     - {{ tpl (.Values.hosts.configuration.baseHost | toString) . }}
     {{- if .Values.ingress.addTLSSecretName }}
     {{- range $wildcard := .Values.hosts.allWildcardInstances }}
-    {{- if (not (hasKey $.Values.ingress.allWildcardSecretNames $wildcard)) }}
+    {{- if (not (hasKey $.Values.ingress.instances.allWildcardSecretNames $wildcard)) }}
     - {{ printf "%s%s" (tpl . $) (tpl $.Values.hosts.configuration.baseHost $)| quote }}
     {{- end }}
     {{- end }}
@@ -39,14 +43,14 @@ spec:
   {{- end }}
 
   {{- range $wildcard := .Values.hosts.allWildcardInstances }}
-  {{- if hasKey $.Values.ingress.allWildcardSecretNames $wildcard }}
-  {{- $secretName := get $.Values.ingress.allWildcardSecretNames $wildcard }}
+  {{- if hasKey $.Values.ingress.instances.allWildcardSecretNames $wildcard }}
+  {{- $secretName := get $.Values.ingress.instances.allWildcardSecretNames $wildcard }}
   - hosts:
     - {{ printf "%s%s" (tpl $wildcard $) (tpl $.Values.hosts.configuration.baseHost $) | quote }}
     secretName: {{ tpl $secretName $ | quote }}
   {{- end }}
   {{- end }}
-  {{- if not (lookup "networking.k8s.io/v1" "Ingress" .Release.Namespace  (tpl (.Values.ingress.instanceName | toString) .) ) }}
+  {{- if not (lookup "networking.k8s.io/v1" "Ingress" .Release.Namespace  (tpl (.Values.ingress.instances.name | toString) .) ) }}
   rules:
     - host: {{ tpl (.Values.hosts.configuration.baseHost | toString) . }}
       http:
@@ -56,7 +60,7 @@ spec:
     {{- end }}
   {{- else }}
   rules:
-    {{ range $rule := (lookup "networking.k8s.io/v1" "Ingress" .Release.Namespace (tpl (.Values.ingress.instanceName | toString) .)).spec.rules }}
+    {{ range $rule := (lookup "networking.k8s.io/v1" "Ingress" .Release.Namespace (tpl (.Values.ingress.instances.name | toString) .)).spec.rules }}
     - host: {{ .host | quote }}
       {{ if .http }}
       http: