From e0d9e8a8cc637541f89a716a89ddcedd36aeba43 Mon Sep 17 00:00:00 2001 From: Simon Graband Date: Fri, 18 Oct 2024 11:13:32 +0200 Subject: [PATCH] Support configurationSnippets via values (#76) Support configurationSnippets via values - Add `ingress.instances.configurationSnippets` to allow custom nginx configuration snippets. - Move `ingress.instanceName` to `ingress.instances.name`. - Move `ingress.proxyBodySize` to `ingress.instances.proxyBodySize`. - Move `ingress.allWildcardSecretNames` to `ingress.instances.allWildcardSecretNames`. Add formatter settings for json & yaml Set settings for EOL to LF Add task to regenerate READMEs Co-authored-by: Lucas Koehler --- .prettierrc | 3 ++ .theia/settings.json | 18 +++++-- .theia/tasks.json | 15 ++++++ CHANGELOG.md | 5 ++ README.md | 23 ++++++--- .../templates/operator-role.yaml | 4 +- .../templates/service-role.yaml | 7 +-- .../templates/theia-cloud-ca-certificate.yaml | 2 +- charts/theia-cloud-base/values.yaml | 2 +- charts/theia-cloud-crds/values.yaml | 2 +- charts/theia-cloud/Chart.yaml | 2 +- charts/theia-cloud/README.md | 16 +++--- .../instances-ingress-path-based.yaml | 20 +++++--- .../templates/instances-ingress.yaml | 20 +++++--- .../operator-api-service-account.yaml | 2 +- .../service-api-service-account.yaml | 2 +- .../theia-cloud/templates/service-role.yaml | 2 +- .../templates/theia-appdefinition-spec.yaml | 2 +- charts/theia-cloud/values.yaml | 49 +++++++++++-------- 19 files changed, 127 insertions(+), 69 deletions(-) create mode 100644 .prettierrc create mode 100644 .theia/tasks.json diff --git a/.prettierrc b/.prettierrc new file mode 100644 index 0000000..a598fca --- /dev/null +++ b/.prettierrc @@ -0,0 +1,3 @@ +{ + "endOfLine": "lf" +} diff --git a/.theia/settings.json b/.theia/settings.json index 6ee03a0..3c528cf 100644 --- a/.theia/settings.json +++ b/.theia/settings.json @@ -1,5 +1,15 @@ { - "[markdown]": { - "editor.defaultFormatter": "esbenp.prettier-vscode" - } -} \ No newline at end of file + "[markdown]": { + "editor.defaultFormatter": "esbenp.prettier-vscode" + }, + "[yaml]": { + "editor.defaultFormatter": "esbenp.prettier-vscode" + }, + "[jsonc]": { + "editor.defaultFormatter": "esbenp.prettier-vscode" + }, + "[json]": { + "editor.defaultFormatter": "esbenp.prettier-vscode" + }, + "files.eol": "\n" +} diff --git a/.theia/tasks.json b/.theia/tasks.json new file mode 100644 index 0000000..d12b3f5 --- /dev/null +++ b/.theia/tasks.json @@ -0,0 +1,15 @@ +{ + "version": "2.0.0", + "tasks": [ + { + "label": "Rebuild READMEs", + "type": "shell", + "command": "docker pull jnorwood/helm-docs:latest && docker run --rm --volume \"$(pwd)/charts:/helm-docs\" -u $(id -u) jnorwood/helm-docs:latest", + "problemMatcher": [], + "group": { + "kind": "build", + "isDefault": true + } + } + ] +} diff --git a/CHANGELOG.md b/CHANGELOG.md index bdba60d..122671a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ ## [0.12.0] - estimated 2024-10 +- [theia-cloud] move `ingress.instanceName` to `ingress.instances.name` [#76](https://github.com/eclipsesource/theia-cloud-helm/pull/76) +- [theia-cloud] move `ingress.proxyBodySize` to `ingress.instances.proxyBodySize` [#76](https://github.com/eclipsesource/theia-cloud-helm/pull/76) +- [theia-cloud] move `ingress.allWildcardSecretNames` to `ingress.instances.allWildcardSecretNames` [#76](https://github.com/eclipsesource/theia-cloud-helm/pull/76) +- [theia-cloud] Add `ingress.instances.configurationSnippets` to values which allows to set nginx configurations via the `nginx.ingress.kubernetes.io/configuration-snippet` annotation [#76](https://github.com/eclipsesource/theia-cloud-helm/pull/76) + ## [0.11.0] - 2024-07-23 - [theia-cloud-crds] Add option field to CRDs and increase version to `Session.v1beta8`, `Workspace.v1beta5` and `AppDefinition.v1beta10` [#55](https://github.com/eclipsesource/theia-cloud-helm/pull/55) | [#293](https://github.com/eclipsesource/theia-cloud/pull/293) diff --git a/README.md b/README.md index f2fbe96..0a4c949 100644 --- a/README.md +++ b/README.md @@ -4,18 +4,27 @@ This repository contains the helm charts for Theia Cloud. There are three charts: -* `theia-cloud-base` installs cluster wide resources that may be used by multiple Theia Cloud installations -* `theia-cloud-crds` installs the custom resource definitions -* `theia-cloud` installs Theia Cloud itself and depends on `theia-cloud-base` and `theia-cloud-crds` +- `theia-cloud-base` installs cluster wide resources that may be used by multiple Theia Cloud installations +- `theia-cloud-crds` installs the custom resource definitions +- `theia-cloud` installs Theia Cloud itself and depends on `theia-cloud-base` and `theia-cloud-crds` ## Cluster Prerequisites + The charts depend on well-established software in the Kubernetes ecosystem. Please make sure to install the dependencies before releasing with _helm_. -* **cert-manager.io** is used for certificate management, supports internal/testing issuers and supports Let's Encrypt certificates. Installation instructions can be found [here](https://cert-manager.io), a helm chart [here](https://cert-manager.io/docs/installation/helm/). +- **cert-manager.io** is used for certificate management, supports internal/testing issuers and supports Let's Encrypt certificates. Installation instructions can be found [here](https://cert-manager.io), a helm chart [here](https://cert-manager.io/docs/installation/helm/). + +- **ingress-nginx** is used to performantly assemble _nginx_ configuration files and synchronizes changes. Learn more about it [here](https://kubernetes.github.io/ingress-nginx/). -* **ingress-nginx** is used to performantly assemble _nginx_ configuration files and synchronizes changes. Learn more about it [here](https://kubernetes.github.io/ingress-nginx/). +**Note:** Since ingress-nginx version 1.10 , the annotation `nginx.ingress.kubernetes.io/configuration-snippet` is disabled by default and needs to be enabled. +To enable this option, you need to set the flag `allow-snippet-annotations: "true"` in the ingress-nginx values. -You can find more information in the official [Theia Cloud documentation](https://theia-cloud.io/documentation/setuptheiacloud/). +```sh +kubectl -n ingress-nginx patch cm ingress-nginx-controller --patch '{"data":{"allow-snippet-annotations":"true"}}' +kubectl -n ingress-nginx delete pod -l app.kubernetes.io/name=ingress-nginx +``` + +You can find more information in the official [Theia Cloud documentation](https://theia-cloud.io/documentation/setuptheiacloud/). ## Versioning @@ -55,3 +64,5 @@ Furthermore, the new version, together with a release estimation date, should be ```bash docker pull jnorwood/helm-docs:latest && docker run --rm --volume "$(pwd)/charts:/helm-docs" -u $(id -u) jnorwood/helm-docs:latest ``` + +or run the `Rebuild READMEs` task. diff --git a/charts/theia-cloud-base/templates/operator-role.yaml b/charts/theia-cloud-base/templates/operator-role.yaml index cab0291..d7bb834 100644 --- a/charts/theia-cloud-base/templates/operator-role.yaml +++ b/charts/theia-cloud-base/templates/operator-role.yaml @@ -3,8 +3,7 @@ kind: ClusterRole metadata: name: {{ .Values.operatorrole.name }} rules: - - - apiGroups: + - apiGroups: - "" - apiextensions.k8s.io - theia.cloud @@ -27,4 +26,3 @@ rules: - deployments - leases verbs: ["list", "create", "watch", "get", "patch", "delete", "update"] - \ No newline at end of file diff --git a/charts/theia-cloud-base/templates/service-role.yaml b/charts/theia-cloud-base/templates/service-role.yaml index 79ae68f..eb06a58 100644 --- a/charts/theia-cloud-base/templates/service-role.yaml +++ b/charts/theia-cloud-base/templates/service-role.yaml @@ -3,8 +3,7 @@ kind: ClusterRole metadata: name: {{ .Values.servicerole.name }} rules: - - - apiGroups: + - apiGroups: - "" - theia.cloud resources: @@ -15,11 +14,9 @@ rules: - workspaces - workspaces/status verbs: ["list", "create", "watch", "get", "patch", "delete"] - - - apiGroups: + - apiGroups: - "" - metrics.k8s.io resources: - pods verbs: ["list", "get", "watch"] - \ No newline at end of file diff --git a/charts/theia-cloud-base/templates/theia-cloud-ca-certificate.yaml b/charts/theia-cloud-base/templates/theia-cloud-ca-certificate.yaml index e8bb858..41cc3cd 100644 --- a/charts/theia-cloud-base/templates/theia-cloud-ca-certificate.yaml +++ b/charts/theia-cloud-base/templates/theia-cloud-ca-certificate.yaml @@ -11,4 +11,4 @@ spec: name: {{ .Values.issuerca.name }} kind: ClusterIssuer duration: 2160h - renewBefore: 360h \ No newline at end of file + renewBefore: 360h diff --git a/charts/theia-cloud-base/values.yaml b/charts/theia-cloud-base/values.yaml index aecc1d6..5b0efcd 100644 --- a/charts/theia-cloud-base/values.yaml +++ b/charts/theia-cloud-base/values.yaml @@ -28,4 +28,4 @@ servicerole: certmanager: # -- the namespace where the cert-manager is installed - namespace: cert-manager \ No newline at end of file + namespace: cert-manager diff --git a/charts/theia-cloud-crds/values.yaml b/charts/theia-cloud-crds/values.yaml index 203dbb3..a9a613a 100644 --- a/charts/theia-cloud-crds/values.yaml +++ b/charts/theia-cloud-crds/values.yaml @@ -5,4 +5,4 @@ conversion: certMountPath: /etc/webhook/certs # -- The cluster issuer to use for the certificate -clusterIssuer: theia-cloud-selfsigned-issuer \ No newline at end of file +clusterIssuer: theia-cloud-selfsigned-issuer diff --git a/charts/theia-cloud/Chart.yaml b/charts/theia-cloud/Chart.yaml index 8bbcbd8..553ad39 100644 --- a/charts/theia-cloud/Chart.yaml +++ b/charts/theia-cloud/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.12.0-next.4 +version: 0.12.0-next.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/theia-cloud/README.md b/charts/theia-cloud/README.md index a45dacd..6f43f7d 100644 --- a/charts/theia-cloud/README.md +++ b/charts/theia-cloud/README.md @@ -1,6 +1,6 @@ # theia-cloud -![Version: 0.12.0-next.1](https://img.shields.io/badge/Version-0.12.0--next.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.12.0-next](https://img.shields.io/badge/AppVersion-0.12.0--next-informational?style=flat-square) +![Version: 0.12.0-next.5](https://img.shields.io/badge/Version-0.12.0--next.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.12.0-next](https://img.shields.io/badge/AppVersion-0.12.0--next-informational?style=flat-square) A Helm chart for Theia Cloud @@ -23,9 +23,9 @@ A Helm chart for Theia Cloud | demoApplication.pullSecret | string | `""` | the image pull secret. Leave empty if registry is public | | demoApplication.timeout | string | `"30"` | Limit in minutes | | hosts | object | (see details below) | You may adjust the hostname below. | -| hosts.allWildcardInstances | list | `["*.webview."]` | all additional wildcard hostnames that may be required in the launched Theia-applications, e.g. "*.webview." which leads to "*.webview.ws.192.168.39.173.nip.io" to expose webviews. Please note that this means that this usually means that all "ingressHostnamePrefixes" patterns from all app definitions need to be added. IMPORTANT: If this gets updated, the helm chart needs to be re-installed because helm upgrade will not properly update this at the moment. These are required to configure TLS (if enabled via ingress.tls == true) | +| hosts.allWildcardInstances | list | `[]` | all additional wildcard hostnames that may be required in the launched Theia-applications, e.g. "*.webview." which leads to "*.webview.ws.192.168.39.173.nip.io" to expose webviews. Please note that this means that this usually means that all "ingressHostnamePrefixes" patterns from all app definitions need to be added. IMPORTANT: If this gets updated, the helm chart needs to be re-installed because helm upgrade will not properly update this at the moment. These are required to configure TLS (if enabled via ingress.tls == true) I.e. custom certificates or a cert-manager provider that can handle wildcard certificates need to be configured. | | hosts.configuration | object | (see details below) | Configuration for the hostnames. Contains the baseHost and afixes for all services | -| hosts.configuration.baseHost | string | `"192.168.39.173.nip.io"` | baseHost configures the host for all services. Depending on hosts.usePaths the services will be prepended as a subdomain or appended as a path | +| hosts.configuration.baseHost | string | `"192.168.39.173.nip.io"` | baseHost configures the host for all services. Depending on hosts.usePaths the services will be prepended as a subdomain or appended as a path | | hosts.configuration.instance | string | `"instances"` | afix for deployed instances | | hosts.configuration.landing | string | `"trynow"` | afix of the landing page | | hosts.configuration.service | string | `"servicex"` | afix of the REST service | @@ -33,11 +33,13 @@ A Helm chart for Theia Cloud | imagePullPolicy | string | `"Always"` | The default imagePullPolicy for containers of theia cloud. Can be overridden for individual components by specifying the imagePullPolicy variable there. Possible values: - Always - IfNotPresent - Never | | ingress | object | (see details below) | Values to influence the ingresses | | ingress.addTLSSecretName | bool | `true` | whether the default Theia Cloud tls secret names should be used. If false no tls secret name will be set on the ingress only needed when ingress.tls == true | -| ingress.allWildcardSecretNames | object | `{}` | All additional wildcard hostnames and the respective TLS secret names. Use this for wildcard hostnames that should use a TLS certificate with a `secretName` different from the default one. Only accepts wildcard hostnames that are configured in `hosts.allWildcardInstances`. | | ingress.certManagerAnnotations | bool | `true` | When set to true the cert-manager.io annotations will be set. Only used when ingress.addTLSSecretName === true When false certificate management is handled outside of Theia Cloud. | | ingress.clusterIssuer | string | `"letsencrypt-prod"` | The cluster issuer to use Only needed when ingress.certManagerAnnotations is true | -| ingress.instanceName | string | `"theia-cloud-demo-ws-ingress"` | The name of the ingress which will be updated to publish new theia application. If this is not existing it will be created. You may chose to set the ingress up yourself and point Theia Cloud to the ingress via the name | -| ingress.proxyBodySize | string | `"1m"` | Sets the maximum allowed size of the client request body inside the application (e.g. file uploads in Theia). Defaults to 1m. Setting size to 0 disables checking of client request body size. | +| ingress.instances | object | `{"allWildcardSecretNames":{},"configurationSnippets":["proxy_set_header 'X-Forwarded-Uri' $request_uri"],"name":"theia-cloud-demo-ws-ingress","proxyBodySize":"1m"}` | Values to influence the instances ingress | +| ingress.instances.allWildcardSecretNames | object | `{}` | All additional wildcard hostnames and the respective TLS secret names. Use this for wildcard hostnames that should use a TLS certificate with a `secretName` different from the default one. Only accepts wildcard hostnames that are configured in `hosts.allWildcardInstances`. | +| ingress.instances.configurationSnippets | list | `["proxy_set_header 'X-Forwarded-Uri' $request_uri"]` | Additional configuration to the ingress configuration via the `nginx.ingress.kubernetes.io/configuration-snippet` annotation. One entry in this array results in a line for the annotation. Do not add a semicolon at the end of the line here, it is automatically added. Note: Since ingress-nginx version 1.10 this annotation needs to be enabled. See [this README](../../README.md#cluster-prerequisites) for more information. | +| ingress.instances.name | string | `"theia-cloud-demo-ws-ingress"` | The name of the ingress which will be updated to publish new theia application. If this is not existing it will be created. You may chose to set the ingress up yourself and point Theia Cloud to the ingress via the name | +| ingress.instances.proxyBodySize | string | `"1m"` | Sets the maximum allowed size of the client request body inside the application (e.g. file uploads in Theia). Defaults to 1m. Setting size to 0 disables checking of client request body size. | | ingress.theiaCloudCommonName | bool | `false` | When set to true the cert-manager.io/common-name annotation will be set. This is only required when the issued certificate by the cert-manager misses a common-name Only needed when ingress.certManagerAnnotations is true | | ingress.tls | bool | `true` | Does Theia Cloud expect TLS connections (true) or is TLS terminated outside of Theia Cloud (e.g. via a Load Balancer) (false) | | issuer | object | (see details below) | Values related to certificates/Cert-manager | @@ -80,7 +82,7 @@ A Helm chart for Theia Cloud | operator.logging | object | (see details below) | Allows to override the operator's log4j configuration | | operator.maxWatchIdleTime | string | `"3600000"` | Configures the timeout in milliseconds when a watcher for either AppDefinitions, Workspaces, or Sessions is assumed to be not working. When this is detected the operator instance will stop and a new operator will set up fresh watchers. | | operator.oAuth2ProxyVersion | string | `"v7.5.1"` | The version to use of the quay.io/oauth2-proxy/oauth2-proxy image | -| operator.replicas | int | `2` | Number of operator instances to create | +| operator.replicas | int | `1` | Number of operator instances to create | | operator.requestedStorage | string | `"250Mi"` | The amount of requested storage for each persistent volume claim (PVC) for workspaces. This is directly passed to created PVCs and must be a valid Kubernetes quantity. See https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/ | | operator.sessionsPerUser | string | `"1"` | Set the number of active sessions a single user can launch | | operator.storageClassName | string | `"default"` | The name of the storage class for persistent volume claims for workspaces. This storage class must be present on the cluster. Most cloud providers offer a default storage class without additional configuration. | diff --git a/charts/theia-cloud/templates/instances-ingress-path-based.yaml b/charts/theia-cloud/templates/instances-ingress-path-based.yaml index 57d04d9..6314ace 100644 --- a/charts/theia-cloud/templates/instances-ingress-path-based.yaml +++ b/charts/theia-cloud/templates/instances-ingress-path-based.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ tpl (.Values.ingress.instanceName | toString) . }} + name: {{ tpl (.Values.ingress.instances.name | toString) . }} namespace: {{ .Release.Namespace }} annotations: {{- if not .Values.ingress.tls }} @@ -10,9 +10,13 @@ metadata: {{- end }} nginx.ingress.kubernetes.io/proxy-buffer-size: "128k" nginx.ingress.kubernetes.io/rewrite-target: /$2 + {{- if .Values.ingress.instances.configurationSnippets }} nginx.ingress.kubernetes.io/configuration-snippet: | - proxy_set_header 'X-Forwarded-Uri' $request_uri; - nginx.ingress.kubernetes.io/proxy-body-size: {{ tpl (.Values.ingress.proxyBodySize | toString) . }} + {{- range .Values.ingress.instances.configurationSnippets }} + {{ . }}; + {{- end }} + {{- end }} + nginx.ingress.kubernetes.io/proxy-body-size: {{ tpl (.Values.ingress.instances.proxyBodySize | toString) . }} {{- if .Values.ingress.addTLSSecretName }} {{- if .Values.ingress.certManagerAnnotations }} cert-manager.io/cluster-issuer: {{ tpl (.Values.ingress.clusterIssuer | toString) . }} @@ -30,7 +34,7 @@ spec: - {{ tpl (.Values.hosts.configuration.baseHost | toString) . }} {{- if .Values.ingress.addTLSSecretName }} {{- range $wildcard := .Values.hosts.allWildcardInstances }} - {{- if (not (hasKey $.Values.ingress.allWildcardSecretNames $wildcard)) }} + {{- if (not (hasKey $.Values.ingress.instances.allWildcardSecretNames $wildcard)) }} - {{ printf "%s%s" (tpl . $) (tpl $.Values.hosts.configuration.baseHost $)| quote }} {{- end }} {{- end }} @@ -39,14 +43,14 @@ spec: {{- end }} {{- range $wildcard := .Values.hosts.allWildcardInstances }} - {{- if hasKey $.Values.ingress.allWildcardSecretNames $wildcard }} - {{- $secretName := get $.Values.ingress.allWildcardSecretNames $wildcard }} + {{- if hasKey $.Values.ingress.instances.allWildcardSecretNames $wildcard }} + {{- $secretName := get $.Values.ingress.instances.allWildcardSecretNames $wildcard }} - hosts: - {{ printf "%s%s" (tpl $wildcard $) (tpl $.Values.hosts.configuration.baseHost $) | quote }} secretName: {{ tpl $secretName $ | quote }} {{- end }} {{- end }} - {{- if not (lookup "networking.k8s.io/v1" "Ingress" .Release.Namespace (tpl (.Values.ingress.instanceName | toString) .) ) }} + {{- if not (lookup "networking.k8s.io/v1" "Ingress" .Release.Namespace (tpl (.Values.ingress.instances.name | toString) .) ) }} rules: - host: {{ tpl (.Values.hosts.configuration.baseHost | toString) . }} http: @@ -56,7 +60,7 @@ spec: {{- end }} {{- else }} rules: - {{ range $rule := (lookup "networking.k8s.io/v1" "Ingress" .Release.Namespace (tpl (.Values.ingress.instanceName | toString) .)).spec.rules }} + {{ range $rule := (lookup "networking.k8s.io/v1" "Ingress" .Release.Namespace (tpl (.Values.ingress.instances.name | toString) .)).spec.rules }} - host: {{ .host | quote }} {{ if .http }} http: diff --git a/charts/theia-cloud/templates/instances-ingress.yaml b/charts/theia-cloud/templates/instances-ingress.yaml index 7590348..adbf95f 100644 --- a/charts/theia-cloud/templates/instances-ingress.yaml +++ b/charts/theia-cloud/templates/instances-ingress.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ tpl (.Values.ingress.instanceName | toString) . }} + name: {{ tpl (.Values.ingress.instances.name | toString) . }} namespace: {{ .Release.Namespace }} annotations: {{- if not .Values.ingress.tls }} @@ -19,9 +19,13 @@ metadata: {{- end }} nginx.ingress.kubernetes.io/proxy-buffer-size: "128k" nginx.ingress.kubernetes.io/rewrite-target: /$2 + {{- if .Values.ingress.instances.configurationSnippets }} nginx.ingress.kubernetes.io/configuration-snippet: | - proxy_set_header 'X-Forwarded-Uri' $request_uri; - nginx.ingress.kubernetes.io/proxy-body-size: {{ tpl (.Values.ingress.proxyBodySize | toString) . }} + {{- range .Values.ingress.instances.configurationSnippets }} + {{ . }}; + {{- end }} + {{- end }} + nginx.ingress.kubernetes.io/proxy-body-size: {{ tpl (.Values.ingress.instances.proxyBodySize | toString) . }} spec: ingressClassName: nginx {{- if .Values.ingress.tls }} @@ -30,7 +34,7 @@ spec: - {{ tpl (printf "%s.%s" .Values.hosts.configuration.instance .Values.hosts.configuration.baseHost | toString) . }} {{- if .Values.ingress.addTLSSecretName }} {{- range $wildcard := .Values.hosts.allWildcardInstances }} - {{- if (not (hasKey $.Values.ingress.allWildcardSecretNames $wildcard)) }} + {{- if (not (hasKey $.Values.ingress.instances.allWildcardSecretNames $wildcard)) }} - {{ printf "%s%s.%s" (tpl . $) (tpl $.Values.hosts.configuration.instance $) (tpl $.Values.hosts.configuration.baseHost $) | quote }} {{- end }} {{- end }} @@ -39,15 +43,15 @@ spec: {{- end }} {{- range $wildcard := .Values.hosts.allWildcardInstances }} - {{- if hasKey $.Values.ingress.allWildcardSecretNames $wildcard }} - {{- $secretName := get $.Values.ingress.allWildcardSecretNames $wildcard }} + {{- if hasKey $.Values.ingress.instances.allWildcardSecretNames $wildcard }} + {{- $secretName := get $.Values.ingress.instances.allWildcardSecretNames $wildcard }} - hosts: - {{ printf "%s%s.%s" (tpl $wildcard $) (tpl $.Values.hosts.configuration.instance $) (tpl $.Values.hosts.configuration.baseHost $) | quote }} secretName: {{ tpl $secretName $ | quote }} {{- end }} {{- end }} - {{- if not (lookup "networking.k8s.io/v1" "Ingress" .Release.Namespace (tpl (.Values.ingress.instanceName | toString) .) ) }} + {{- if not (lookup "networking.k8s.io/v1" "Ingress" .Release.Namespace (tpl (.Values.ingress.instances.name | toString) .) ) }} rules: - host: {{ printf "%s.%s" (tpl .Values.hosts.configuration.instance .) (tpl .Values.hosts.configuration.baseHost .) }} http: @@ -57,7 +61,7 @@ spec: {{- end }} {{- else }} rules: - {{ range $rule := (lookup "networking.k8s.io/v1" "Ingress" .Release.Namespace (tpl (.Values.ingress.instanceName | toString) .)).spec.rules }} + {{ range $rule := (lookup "networking.k8s.io/v1" "Ingress" .Release.Namespace (tpl (.Values.ingress.instances.name | toString) .)).spec.rules }} - host: {{ .host | quote }} {{ if .http }} http: diff --git a/charts/theia-cloud/templates/operator-api-service-account.yaml b/charts/theia-cloud/templates/operator-api-service-account.yaml index 7bf0dde..56c3716 100644 --- a/charts/theia-cloud/templates/operator-api-service-account.yaml +++ b/charts/theia-cloud/templates/operator-api-service-account.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: operator-api-service-account - namespace: {{ .Release.Namespace }} \ No newline at end of file + namespace: {{ .Release.Namespace }} diff --git a/charts/theia-cloud/templates/service-api-service-account.yaml b/charts/theia-cloud/templates/service-api-service-account.yaml index 28c879e..36c2661 100644 --- a/charts/theia-cloud/templates/service-api-service-account.yaml +++ b/charts/theia-cloud/templates/service-api-service-account.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: service-api-service-account - namespace: {{ .Release.Namespace }} \ No newline at end of file + namespace: {{ .Release.Namespace }} diff --git a/charts/theia-cloud/templates/service-role.yaml b/charts/theia-cloud/templates/service-role.yaml index 063d493..00eb01a 100644 --- a/charts/theia-cloud/templates/service-role.yaml +++ b/charts/theia-cloud/templates/service-role.yaml @@ -10,4 +10,4 @@ roleRef: subjects: - kind: ServiceAccount name: service-api-service-account - namespace: {{ .Release.Namespace }} \ No newline at end of file + namespace: {{ .Release.Namespace }} diff --git a/charts/theia-cloud/templates/theia-appdefinition-spec.yaml b/charts/theia-cloud/templates/theia-appdefinition-spec.yaml index 3ddba8b..71d2e66 100644 --- a/charts/theia-cloud/templates/theia-appdefinition-spec.yaml +++ b/charts/theia-cloud/templates/theia-appdefinition-spec.yaml @@ -10,7 +10,7 @@ spec: pullSecret: {{ tpl (.Values.demoApplication.pullSecret | toString) . }} uid: 101 port: 3000 - ingressname: {{ tpl (.Values.ingress.instanceName | toString) . }} + ingressname: {{ tpl (.Values.ingress.instances.name | toString) . }} ingressHostnamePrefixes: - "*.webview." minInstances: 0 diff --git a/charts/theia-cloud/values.yaml b/charts/theia-cloud/values.yaml index a30bb4d..b1d597d 100644 --- a/charts/theia-cloud/values.yaml +++ b/charts/theia-cloud/values.yaml @@ -46,7 +46,7 @@ demoApplication: # -- At which port the monitor extension is available # For the Theia extension take the same as the application port # For the VSCode extension take 8081 (default) or the port specified via the THEIACLOUD_MONITOR_PORT env variable - port: 3000 + port: 3000 # -- Values that are used by the activityTracker module # @default -- (see details below) activityTracker: @@ -67,7 +67,7 @@ hosts: # -- Configuration for the hostnames. Contains the baseHost and afixes for all services # @default -- (see details below) configuration: - # -- baseHost configures the host for all services. + # -- baseHost configures the host for all services. # Depending on hosts.usePaths the services will be prepended as a subdomain or appended as a path baseHost: 192.168.39.173.nip.io # -- afix of the REST service @@ -78,7 +78,7 @@ hosts: instance: instances # -- all additional wildcard hostnames that may be required in the launched Theia-applications, e.g. - # "*.webview." which leads to "*.webview.ws.192.168.39.173.nip.io" to expose webviews. + # "*.webview." which leads to "*.webview.ws.192.168.39.173.nip.io" to expose webviews. # Please note that this means that this usually means that all "ingressHostnamePrefixes" patterns from # all app definitions need to be added. # IMPORTANT: If this gets updated, the helm chart needs to be re-installed because @@ -150,7 +150,7 @@ landingPage: # -- The file extension of the logo. Must be set to match the logo respectively the logoData. # This is required because browsers cannot show a binary image (e.g. png) with a svg ending # and vice-versa. - logoFileExtension: 'svg' + logoFileExtension: "svg" # -- Values related to Keycloak # @default -- (see details below) @@ -228,7 +228,7 @@ operator: requestedStorage: "250Mi" # -- Number of operator instances to create - replicas: 2 + replicas: 1 # -- Options to influence the operator's leader election # @default -- (see details below) @@ -293,11 +293,30 @@ service: # -- Values to influence the ingresses # @default -- (see details below) ingress: - # -- The name of the ingress which will be updated to publish new theia application. - # If this is not existing it will be created. - # You may chose to set the ingress up yourself and point Theia Cloud to the ingress via - # the name - instanceName: "theia-cloud-demo-ws-ingress" + # -- Values to influence the instances ingress + instances: + # -- The name of the ingress which will be updated to publish new theia application. + # If this is not existing it will be created. + # You may chose to set the ingress up yourself and point Theia Cloud to the ingress via + # the name + name: "theia-cloud-demo-ws-ingress" + + # -- Sets the maximum allowed size of the client request body inside the application (e.g. file uploads in Theia). + # Defaults to 1m. Setting size to 0 disables checking of client request body size. + proxyBodySize: 1m + + # -- All additional wildcard hostnames and the respective TLS secret names. + # Use this for wildcard hostnames that should use a TLS certificate with a `secretName` different from the default one. + # Only accepts wildcard hostnames that are configured in `hosts.allWildcardInstances`. + allWildcardSecretNames: {} + # "*.webview.": webview-ws-cert-secret + + # -- Additional configuration to the ingress configuration via the `nginx.ingress.kubernetes.io/configuration-snippet` annotation. + # One entry in this array results in a line for the annotation. + # Do not add a semicolon at the end of the line here, it is automatically added. + # Note: Since ingress-nginx version 1.10 this annotation needs to be enabled. See [this README](../../README.md#cluster-prerequisites) for more information. + configurationSnippets: + - "proxy_set_header 'X-Forwarded-Uri' $request_uri" # -- When set to true the cert-manager.io annotations will be set. # Only used when ingress.addTLSSecretName === true @@ -314,10 +333,6 @@ ingress: # Only needed when ingress.certManagerAnnotations is true theiaCloudCommonName: false - # -- Sets the maximum allowed size of the client request body inside the application (e.g. file uploads in Theia). - # Defaults to 1m. Setting size to 0 disables checking of client request body size. - proxyBodySize: 1m - # -- Does Theia Cloud expect TLS connections (true) # or is TLS terminated outside of Theia Cloud (e.g. via a Load Balancer) (false) tls: true @@ -326,12 +341,6 @@ ingress: # only needed when ingress.tls == true addTLSSecretName: true - # -- All additional wildcard hostnames and the respective TLS secret names. - # Use this for wildcard hostnames that should use a TLS certificate with a `secretName` different from the default one. - # Only accepts wildcard hostnames that are configured in `hosts.allWildcardInstances`. - allWildcardSecretNames: {} - # "*.webview.": webview-ws-cert-secret - operatorrole: name: operator-api-access