Merge pull request #14 from energywebfoundation/add-nginx-as-dependency

feat: add nginx dependency
energywebfoundation · May 11, 2022 · df22197 · df22197
2 parents 9ca4541 + 3a17e3c
commit df22197
Show file tree

Hide file tree

Showing 4 changed files with 88 additions and 34 deletions.
diff --git a/Chart.yaml b/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.12
+version: 0.1.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -28,3 +28,6 @@ dependencies:
   - name: redis
     version: 16.4.0
     repository: https://charts.bitnami.com/bitnami
+  - name: nginx
+    version: 10.2.1
+    repository: https://charts.bitnami.com/bitnami
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # did-auth-proxy-helm
 
-![Version: 0.0.12](https://img.shields.io/badge/Version-0.0.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.11](https://img.shields.io/badge/AppVersion-0.0.11-informational?style=flat-square)
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.11](https://img.shields.io/badge/AppVersion-0.0.11-informational?style=flat-square)
 
 A Helm chart for DID auth proxy
 
@@ -10,6 +10,7 @@ A Helm chart for DID auth proxy
 
 | Repository | Name | Version |
 |------------|------|---------|
+| https://charts.bitnami.com/bitnami | nginx | 10.2.1 |
 | https://charts.bitnami.com/bitnami | redis | 16.4.0 |
 
 ## Values
@@ -34,23 +35,32 @@ A Helm chart for DID auth proxy
 | image.tag | string | `"latest"` |  |
 | imagePullSecrets[0].name | string | `"regcred"` |  |
 | ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` |  |
-| ingress.annotations."nginx.ingress.kubernetes.io/server-snippet" | string | `"location ~ / {\n    auth_request /token_introspection;\n    proxy_pass http://backend-nginx-influxdb.did.svc.cluster.local:8086;\n}\nlocation = /token_introspection {\n      internal;\n      proxy_method      GET;\n      proxy_set_header  Authorization \"$http_authorization\";\n      proxy_set_header  Content-Length \"\";\n      proxy_pass        http://did-auth-proxy-helm.did.svc.cluster.local/auth/token-introspection;\n}\n"` |  |
 | ingress.className | string | `""` |  |
-| ingress.enabled | bool | `true` |  |
+| ingress.enabled | bool | `false` |  |
 | ingress.hosts[0].host | string | `"did-auth-proxy-sandbox.energyweb.org"` |  |
-| ingress.hosts[0].paths[0].path | string | `"/auth"` |  |
+| ingress.hosts[0].paths[0].path | string | `"/"` |  |
 | ingress.hosts[0].paths[0].pathType | string | `"Prefix"` |  |
-| ingress.hosts[0].paths[1].path | string | `"/auth/login"` |  |
-| ingress.hosts[0].paths[1].pathType | string | `"Prefix"` |  |
-| ingress.hosts[0].paths[2].path | string | `"/auth/refresh-token"` |  |
-| ingress.hosts[0].paths[2].pathType | string | `"Prefix"` |  |
-| ingress.hosts[0].paths[3].path | string | `"/auth/token-introspection"` |  |
-| ingress.hosts[0].paths[3].pathType | string | `"Prefix"` |  |
-| ingress.hosts[0].paths[4].path | string | `"/"` |  |
-| ingress.hosts[0].paths[4].pathType | string | `"Prefix"` |  |
 | ingress.tls[0].hosts[0] | string | `"did-auth-proxy-sandbox.energyweb.org"` |  |
 | ingress.tls[0].secretName | string | `"did-auth-proxy-secret"` |  |
 | nameOverride | string | `"did-auth-proxy-helm"` |  |
+| nginx.customLivenessProbe.httpGet.path | string | `"/auth"` |  |
+| nginx.customLivenessProbe.httpGet.port | string | `"http"` |  |
+| nginx.customReadinessProbe.httpGet.path | string | `"/auth"` |  |
+| nginx.customReadinessProbe.httpGet.port | string | `"http"` |  |
+| nginx.fullnameOverride | string | `"did-auth-proxy-nginx"` |  |
+| nginx.ingress.annotations."appgw.ingress.kubernetes.io/ssl-redirect" | string | `"true"` |  |
+| nginx.ingress.annotations."kubernetes.io/ingress.class" | string | `"azure/application-gateway"` |  |
+| nginx.ingress.enabled | bool | `false` |  |
+| nginx.ingress.extraTls[0].hosts[0] | string | `"ddhub-dev.energyweb.org"` |  |
+| nginx.ingress.extraTls[0].secretName | string | `"dsb-tls-secret"` |  |
+| nginx.ingress.hostname | string | `"ddhub-dev.energyweb.org"` |  |
+| nginx.ingress.path | string | `"/"` |  |
+| nginx.ingress.pathType | string | `"Prefix"` |  |
+| nginx.ingress.tls | bool | `false` |  |
+| nginx.livenessProbe.enabled | bool | `false` |  |
+| nginx.readinessProbe.enabled | bool | `false` |  |
+| nginx.serverBlock | string | `"server {\n  listen 0.0.0.0:8080;\n  server_name  _;\n  location ~ ^/(backend-docs|backend-health) {\n      proxy_pass http://backend-server.namespace.svc.cluster.local;\n  }\n  location ~ ^/auth {\n      proxy_pass http://did-auth-proxy-helm.namespace.svc.cluster.local;\n  }\n  location ~ / {\n      auth_request /token_introspection;\n      proxy_pass http://backend-server.namespace.svc.cluster.local;\n  }\n  location = /token_introspection {\n        internal;\n        proxy_method      GET;\n        proxy_set_header  Authorization \"$http_authorization\";\n        proxy_set_header  Content-Length \"\";\n        proxy_pass        http://did-auth-proxy-helm.namespace.svc.cluster.local/auth/token-introspection;\n  }\n}"` |  |
+| nginx.service.type | string | `"ClusterIP"` |  |
 | nodeSelector | object | `{}` |  |
 | opsValues.CACHE_SERVER_URL | string | `"https://identitycache-dev.energyweb.org/v1"` |  |
 | opsValues.REDIS_HOST | string | `"did-auth-proxy-helm-redis-master.did.svc.cluster.local"` |  |

diff --git a/charts/nginx-10.2.1.tgz b/charts/nginx-10.2.1.tgz
diff --git a/values.yaml b/values.yaml
@@ -44,33 +44,13 @@ service:
 #example with influx as a backend service
 
 ingress:
-  enabled: true
+  enabled: false
   className: ""
   annotations:
     kubernetes.io/ingress.class: nginx
-    nginx.ingress.kubernetes.io/server-snippet: |
-      location ~ / {
-          auth_request /token_introspection;
-          proxy_pass http://backend-nginx-influxdb.did.svc.cluster.local:8086;
-      }
-      location = /token_introspection {
-            internal;
-            proxy_method      GET;
-            proxy_set_header  Authorization "$http_authorization";
-            proxy_set_header  Content-Length "";
-            proxy_pass        http://did-auth-proxy-helm.did.svc.cluster.local/auth/token-introspection;
-      }
   hosts:
     - host: did-auth-proxy-sandbox.energyweb.org
       paths:
-      - path: /auth
-        pathType: Prefix
-      - path: /auth/login
-        pathType: Prefix
-      - path: /auth/refresh-token
-        pathType: Prefix
-      - path: /auth/token-introspection
-        pathType: Prefix
       - path: /
         pathType: Prefix
 
@@ -133,3 +113,64 @@ sealedSecret:
 redis:
   auth:
     password: redis
+
+########
+# nginx
+
+nginx:
+  fullnameOverride: "did-auth-proxy-nginx"
+  service:
+    type: ClusterIP
+  # ngxin config for ngxin service
+  serverBlock: |-
+    server {
+      listen 0.0.0.0:8080;
+      server_name  _;
+      location ~ ^/(backend-docs|backend-health) {
+          proxy_pass http://backend-server.namespace.svc.cluster.local;
+      }
+      location ~ ^/auth {
+          proxy_pass http://did-auth-proxy-helm.namespace.svc.cluster.local;
+      }
+      location ~ / {
+          auth_request /token_introspection;
+          proxy_pass http://backend-server.namespace.svc.cluster.local;
+      }
+      location = /token_introspection {
+            internal;
+            proxy_method      GET;
+            proxy_set_header  Authorization "$http_authorization";
+            proxy_set_header  Content-Length "";
+            proxy_pass        http://did-auth-proxy-helm.namespace.svc.cluster.local/auth/token-introspection;
+      }
+    }
+
+  ingress:
+    enabled: false
+    annotations: 
+      kubernetes.io/ingress.class: azure/application-gateway
+      appgw.ingress.kubernetes.io/ssl-redirect: "true"
+    hostname: ddhub-dev.energyweb.org
+    pathType: Prefix
+    path: /
+    tls: false
+    extraTls:
+      - hosts:
+        - ddhub-dev.energyweb.org
+        secretName: dsb-tls-secret
+
+  livenessProbe:
+    enabled: false
+
+  readinessProbe:
+    enabled: false
+
+  customLivenessProbe:
+    httpGet:
+      path: /auth
+      port: http
+
+  customReadinessProbe:
+    httpGet:
+      path: /auth
+      port: http