From 5fa349027cc7715a276e3e87409e7d24c151c97a Mon Sep 17 00:00:00 2001
From: Daniel Juarez <daniel.juarez.gonzalez@cern.ch>
Date: Tue, 22 Feb 2022 12:38:02 +0100
Subject: [PATCH] Give up with the helm nginx-redirect subchart
Helm upgrade will fail due to route restrictions so deploy by hand
---
.gitlab-ci.yml | 2 +-
README.md | 2 +-
chart/charts/nginx-redirect/.helmignore | 21 ---
chart/charts/nginx-redirect/Chart.yaml | 12 --
chart/charts/nginx-redirect/values.yaml | 2 -
...-redirect.yaml => nginx-redirect-prod.yaml | 6 +-
nginx-redirect-qa.yaml | 129 ++++++++++++++++++
7 files changed, 134 insertions(+), 40 deletions(-)
delete mode 100644 chart/charts/nginx-redirect/.helmignore
delete mode 100644 chart/charts/nginx-redirect/Chart.yaml
delete mode 100644 chart/charts/nginx-redirect/values.yaml
rename chart/charts/nginx-redirect/templates/nginx-redirect.yaml => nginx-redirect-prod.yaml (94%)
create mode 100644 nginx-redirect-qa.yaml
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d1cb4522b..1d343038d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -41,7 +41,7 @@ variables:
# This variable should hold a token of a ServiceAccount allowed to edit the OKD project (specified by $PROJECT variable)
oc login --token="${OKD_TOKEN}" --server="${OKD_SERVER}"
oc project "${PROJECT}"
- helm template "${RELEASE_NAME}" ./chart -f ./chart/values-override.yaml --set route.host=${PAAS_URL},global.nginx-redirect.legacyurl=${LEGACY_URL},global.nginx-redirect.paasurl=${PAAS_URL} | oc apply --prune-whitelist route.openshift.io/v1/Route --prune -l "app.kubernetes.io/instance=${RELEASE_NAME}" -f -
+ helm template "${RELEASE_NAME}" ./chart -f ./chart/values-override.yaml --set route.host=${PAAS_URL} | oc apply --prune-whitelist route.openshift.io/v1/Route --prune -l "app.kubernetes.io/instance=${RELEASE_NAME}" -f -
oc start-build "${RELEASE_NAME}-artifacts" --from-dir=public/
Build static site content:
diff --git a/README.md b/README.md
index 7cbefee85..57c5861d0 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@ This repo follows <https://how-to.docs.cern.ch>.
* `linux-qa` and uses the `linux-qa-paas` OKD4 project.
* We have a `CNAME` registered that we then use for a redirect, i.e. linux-qa.cern.ch -> linux-qa.web.cern.ch, to replicate the old website behaviour.
- * Redirection is done with a simple nginx redirection, deployed with the custom subchart `nginx-redirect`.
+ * Redirection is done with a simple nginx redirection, deployed with `oc create -f nginx-redirect-(qa/prod).yaml`.
* For <https://linux-qa.web.cern.ch> **and** <https://linux.web.cern.ch> we use [KB0006299](https://cern.service-now.com/service-portal?id=kb_article&n=KB0006299) solution for a Let's encrypt certificate.
diff --git a/chart/charts/nginx-redirect/.helmignore b/chart/charts/nginx-redirect/.helmignore
deleted file mode 100644
index f0c131944..000000000
--- a/chart/charts/nginx-redirect/.helmignore
+++ /dev/null
@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
diff --git a/chart/charts/nginx-redirect/Chart.yaml b/chart/charts/nginx-redirect/Chart.yaml
deleted file mode 100644
index 0192a0bb5..000000000
--- a/chart/charts/nginx-redirect/Chart.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v2
-appVersion: "1.0"
-description: A Helm chart to deploy a simple nginx redirect
-details: Deploys all the components for sample.cern.ch -> sample.web.cern.ch redirections
-name: nginx-redirect
-type: application
-version: 0.1.0
-keywords:
-- nginx-redirect
-maintainers:
-- name: CERN IT-CM-LCS
- email: linux-team@cern.ch
diff --git a/chart/charts/nginx-redirect/values.yaml b/chart/charts/nginx-redirect/values.yaml
deleted file mode 100644
index 00cee2a26..000000000
--- a/chart/charts/nginx-redirect/values.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-legacyurl: sample.cern.ch
-paasurl: sample.web.cern.ch
diff --git a/chart/charts/nginx-redirect/templates/nginx-redirect.yaml b/nginx-redirect-prod.yaml
similarity index 94%
rename from chart/charts/nginx-redirect/templates/nginx-redirect.yaml
rename to nginx-redirect-prod.yaml
index 5405a10d1..4336dd099 100644
--- a/chart/charts/nginx-redirect/templates/nginx-redirect.yaml
+++ b/nginx-redirect-prod.yaml
@@ -11,7 +11,7 @@ metadata:
app: nginx-redirection
name: nginx-redirection
spec:
- host: {{ .Values.legacyurl }}
+ host: linux.cern.ch
tls:
insecureEdgeTerminationPolicy: Redirect
termination: edge
@@ -27,7 +27,7 @@ apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
annotations:
- description: Redirects users from https://{{ .Values.legacyurl }} to https://{{ .Values.paasurl }}
+ description: Redirects users from https://linux.cern.ch to https://linux.web.cern.ch
labels:
app: nginx-redirection
name: nginx-redirection
@@ -109,7 +109,7 @@ data:
redirect.conf: |
server {
listen 8080 default_server;
- server_name {{ .Values.paasurl }};
+ server_name linux.web.cern.ch;
server_tokens off; ## Don't show the nginx version number, a security best practice
return 301 https://$server_name$request_uri; # Make sure we redirect to the servername we want and not the host header sent by the client
diff --git a/nginx-redirect-qa.yaml b/nginx-redirect-qa.yaml
new file mode 100644
index 000000000..dc37cf5ce
--- /dev/null
+++ b/nginx-redirect-qa.yaml
@@ -0,0 +1,129 @@
+
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+ annotations:
+ router.cern.ch/network-visibility: Internet
+ # Autogenerate cert with Let's encrypt: https://cern.service-now.com/service-portal?id=kb_article&n=KB0006299
+ kubernetes.io/tls-acme: 'true'
+ haproxy.router.openshift.io/ip_whitelist: ""
+ labels:
+ app: nginx-redirection
+ name: nginx-redirection
+spec:
+ host: linux-qa.cern.ch
+ tls:
+ insecureEdgeTerminationPolicy: Redirect
+ termination: edge
+ to:
+ kind: Service
+ name: nginx-redirection
+ weight: 100
+ wildcardPolicy: None
+
+---
+
+apiVersion: apps.openshift.io/v1
+kind: DeploymentConfig
+metadata:
+ annotations:
+ description: Redirects users from https://linux-qa.cern.ch to https://linux-qa.web.cern.ch
+ labels:
+ app: nginx-redirection
+ name: nginx-redirection
+spec:
+ replicas: 1
+ selector:
+ app: nginx-redirection
+ deploymentconfig: nginx-redirection
+ strategy:
+ type: Rolling
+ template:
+ metadata:
+ annotations:
+ openshift.io/container.nginx-redirection.image.entrypoint: '["nginx","-g","daemon
+ off;"]'
+ openshift.io/generated-by: OpenShiftNewApp
+ labels:
+ app: nginx-redirection
+ deploymentconfig: nginx-redirection
+ spec:
+ containers:
+ - image: nginx:stable-alpine
+ imagePullPolicy: Always
+ name: nginx-redirection
+ ports:
+ - containerPort: 8080
+ protocol: TCP
+ resources:
+ limits:
+ cpu: 100m
+ memory: 20Mi
+ requests:
+ cpu: 50m
+ memory: 10Mi
+ volumeMounts:
+ - mountPath: /etc/nginx/conf.d
+ name: config
+ - mountPath: /var/cache/nginx
+ name: volume-cache
+ - mountPath: /var/run
+ name: volume-run
+ restartPolicy: Always
+ volumes:
+ - configMap:
+ defaultMode: 420
+ name: nginx-redirection
+ name: config
+ - emptyDir: {}
+ name: volume-cache
+ - emptyDir: {}
+ name: volume-run
+ triggers:
+ - type: ConfigChange
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: nginx-redirection
+ name: nginx-redirection
+spec:
+ ports:
+ - name: 8080-tcp
+ port: 8080
+ protocol: TCP
+ targetPort: 8080
+ selector:
+ app: nginx-redirection
+ deploymentconfig: nginx-redirection
+ sessionAffinity: None
+ type: ClusterIP
+
+---
+
+apiVersion: v1
+data:
+ redirect.conf: |
+ server {
+ listen 8080 default_server;
+ server_name linux-qa.web.cern.ch;
+
+ server_tokens off; ## Don't show the nginx version number, a security best practice
+ return 301 https://$server_name$request_uri; # Make sure we redirect to the servername we want and not the host header sent by the client
+ access_log /dev/stdout;
+ error_log /dev/stdout;
+
+ # redirect server error pages to the static page /50x.html
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+ }
+kind: ConfigMap
+metadata:
+ labels:
+ app: gitlab
+ name: nginx-redirection
--
GitLab