Give up with the helm nginx-redirect subchart

Helm upgrade will fail due to route restrictions so deploy by hand

Give up with the helm nginx-redirect subchart
5fa34902 · Daniel Juarez · 026d5ba1 · 5fa34902 · 5fa34902 · 026d5ba1
Commit 5fa34902 authored 3 years ago by Daniel Juarez
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -41,7 +41,7 @@ variables:
  # This variable should hold a token of a ServiceAccount allowed to edit the OKD project (specified by $PROJECT variable)
  oc login --token="${OKD_TOKEN}" --server="${OKD_SERVER}"
  oc project "${PROJECT}"
-  helm template "${RELEASE_NAME}" ./chart -f ./chart/values-override.yaml --set route.host=${PAAS_URL},global.nginx-redirect.legacyurl=${LEGACY_URL},global.nginx-redirect.paasurl=${PAAS_URL} | oc apply --prune-whitelist route.openshift.io/v1/Route --prune -l "app.kubernetes.io/instance=${RELEASE_NAME}" -f -
+  helm template "${RELEASE_NAME}" ./chart -f ./chart/values-override.yaml --set route.host=${PAAS_URL} | oc apply --prune-whitelist route.openshift.io/v1/Route --prune -l "app.kubernetes.io/instance=${RELEASE_NAME}" -f -
  oc start-build "${RELEASE_NAME}-artifacts" --from-dir=public/

 Build static site content:

--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@ This repo follows <https://how-to.docs.cern.ch>.
  * `linux-qa` and uses the `linux-qa-paas` OKD4 project.

 * We have a `CNAME` registered that we then use for a redirect, i.e. linux-qa.cern.ch -> linux-qa.web.cern.ch, to replicate the old website behaviour.
-  * Redirection is done with a simple nginx redirection, deployed with the custom subchart `nginx-redirect`.
+  * Redirection is done with a simple nginx redirection, deployed with `oc create -f nginx-redirect-(qa/prod).yaml`.

 * For <https://linux-qa.web.cern.ch> **and** <https://linux.web.cern.ch> we use [KB0006299](https://cern.service-now.com/service-portal?id=kb_article&n=KB0006299) solution for a Let's encrypt certificate.


--- a/chart/charts/nginx-redirect/.helmignore
+++ b/chart/charts/nginx-redirect/.helmignore
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
--- a/chart/charts/nginx-redirect/Chart.yaml
+++ b/chart/charts/nginx-redirect/Chart.yaml
-apiVersion: v2
-appVersion: "1.0"
-description: A Helm chart to deploy a simple nginx redirect
-details: Deploys all the components for sample.cern.ch -> sample.web.cern.ch redirections
-name: nginx-redirect
-type: application
-version: 0.1.0
-keywords:
- nginx-redirect
-maintainers:
- name: CERN IT-CM-LCS
-  email: linux-team@cern.ch
--- a/chart/charts/nginx-redirect/values.yaml
+++ b/chart/charts/nginx-redirect/values.yaml
-legacyurl: sample.cern.ch
-paasurl: sample.web.cern.ch
--- a/chart/charts/nginx-redirect/templates/nginx-redirect.yaml
+++ b/chart/charts/nginx-redirect/templates/nginx-redirect.yaml
@@ -11,7 +11,7 @@ metadata:
    app: nginx-redirection
  name: nginx-redirection
 spec:
-  host: {{ .Values.legacyurl }}
+  host: linux.cern.ch
  tls:
    insecureEdgeTerminationPolicy: Redirect
    termination: edge
@@ -27,7 +27,7 @@ apiVersion: apps.openshift.io/v1
 kind: DeploymentConfig
 metadata:
  annotations:
-    description: Redirects users from https://{{ .Values.legacyurl }} to https://{{ .Values.paasurl }}
+    description: Redirects users from https://linux.cern.ch to https://linux.web.cern.ch
  labels:
    app: nginx-redirection
  name: nginx-redirection
@@ -109,7 +109,7 @@ data:
  redirect.conf: |
    server {
        listen       8080 default_server;
-        server_name  {{ .Values.paasurl }};
+        server_name  linux.web.cern.ch;

        server_tokens off; ## Don't show the nginx version number, a security best practice
        return 301 https://$server_name$request_uri; # Make sure we redirect to the servername we want and not the host header sent by the client

--- a/nginx-redirect-qa.yaml
+++ b/nginx-redirect-qa.yaml
+
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  annotations:
+    router.cern.ch/network-visibility: Internet
+    # Autogenerate cert with Let's encrypt: https://cern.service-now.com/service-portal?id=kb_article&n=KB0006299
+    kubernetes.io/tls-acme: 'true'
+    haproxy.router.openshift.io/ip_whitelist: ""
+  labels:
+    app: nginx-redirection
+  name: nginx-redirection
+spec:
+  host: linux-qa.cern.ch
+  tls:
+    insecureEdgeTerminationPolicy: Redirect
+    termination: edge
+  to:
+    kind: Service
+    name: nginx-redirection
+    weight: 100
+  wildcardPolicy: None
+
+---
+
+apiVersion: apps.openshift.io/v1
+kind: DeploymentConfig
+metadata:
+  annotations:
+    description: Redirects users from https://linux-qa.cern.ch to https://linux-qa.web.cern.ch
+  labels:
+    app: nginx-redirection
+  name: nginx-redirection
+spec:
+  replicas: 1
+  selector:
+    app: nginx-redirection
+    deploymentconfig: nginx-redirection
+  strategy:
+    type: Rolling
+  template:
+    metadata:
+      annotations:
+        openshift.io/container.nginx-redirection.image.entrypoint: '["nginx","-g","daemon
+          off;"]'
+        openshift.io/generated-by: OpenShiftNewApp
+      labels:
+        app: nginx-redirection
+        deploymentconfig: nginx-redirection
+    spec:
+      containers:
+      - image: nginx:stable-alpine
+        imagePullPolicy: Always
+        name: nginx-redirection
+        ports:
+        - containerPort: 8080
+          protocol: TCP
+        resources:
+          limits:
+            cpu: 100m
+            memory: 20Mi
+          requests:
+            cpu: 50m
+            memory: 10Mi
+        volumeMounts:
+        - mountPath: /etc/nginx/conf.d
+          name: config
+        - mountPath: /var/cache/nginx
+          name: volume-cache
+        - mountPath: /var/run
+          name: volume-run
+      restartPolicy: Always
+      volumes:
+      - configMap:
+          defaultMode: 420
+          name: nginx-redirection
+        name: config
+      - emptyDir: {}
+        name: volume-cache
+      - emptyDir: {}
+        name: volume-run
+  triggers:
+  - type: ConfigChange
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: nginx-redirection
+  name: nginx-redirection
+spec:
+  ports:
+  - name: 8080-tcp
+    port: 8080
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: nginx-redirection
+    deploymentconfig: nginx-redirection
+  sessionAffinity: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+data:
+  redirect.conf: |
+    server {
+        listen       8080 default_server;
+        server_name  linux-qa.web.cern.ch;
+
+        server_tokens off; ## Don't show the nginx version number, a security best practice
+        return 301 https://$server_name$request_uri; # Make sure we redirect to the servername we want and not the host header sent by the client
+        access_log  /dev/stdout;
+        error_log   /dev/stdout;
+
+        # redirect server error pages to the static page /50x.html
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /usr/share/nginx/html;
+        }
+    }
+kind: ConfigMap
+metadata:
+  labels:
+    app: gitlab
+  name: nginx-redirection