Skip to content

web/ingress: Support for multiple hosts

Antoine R. Dumont requested to merge support-for-multi-hosts-ingress into production

This should allow plugging the actual reverse proxy rp0.staging to hit the backend running in the elastic swh namespace. Without this, this currently returns 404.

This also decreases duplication some more.

This slightly impacts the configmap checksums due to the changes of position of configuration key. But the values are the same as per the following diff.

make swh-helm-diff
[swh] Comparing changes between branches production and support-for-multi-hosts-ingress (per environment)...
Switched to branch 'production'
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
Switched to branch 'support-for-multi-hosts-ingress'
[swh] Generate config in support-for-multi-hosts-ingress branch for environment staging...
[swh] Generate config in support-for-multi-hosts-ingress branch for environment staging...
[swh] Generate config in support-for-multi-hosts-ingress branch for environment staging...
Switched to branch 'production'
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
Switched to branch 'support-for-multi-hosts-ingress'
[swh] Generate config in support-for-multi-hosts-ingress branch for environment production...
[swh] Generate config in support-for-multi-hosts-ingress branch for environment production...
[swh] Generate config in support-for-multi-hosts-ingress branch for environment production...


------------- diff for environment staging namespace swh -------------

--- /tmp/swh-chart.swh.tFh5wraj/staging-swh.before      2023-10-18 16:53:38.501525945 +0200
+++ /tmp/swh-chart.swh.tFh5wraj/staging-swh.after       2023-10-18 16:53:39.185525504 +0200
@@ -4034,20 +4034,24 @@
     fi
 ---
 # Source: swh/templates/web/configmap.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   namespace: swh
   name: web-configuration-template
 data:
   config.yml.template: |
+    instance_name: webapp-postgresql.internal.staging.swh.network
+    allowed_hosts:
+      - webapp-postgresql.internal.staging.swh.network
+      - webapp.staging.swh.network
     storage:
       cls: remote
       url: http://storage1.internal.staging.swh.network:5002
     search:
       cls: remote
       url: http://search0.internal.staging.swh.network:5010
     scheduler:
       cls: remote
       url: http://scheduler.internal.staging.swh.network
     vault:
@@ -4096,29 +4100,25 @@
             default: 10/m
         swh_api_origin_visit_latest:
           limiter_rate:
             default: 700/m
         swh_save_origin:
           limiter_rate:
             POST: 10/h
             default: 120/h
     add_forge_now:
       email_address: add-forge-now@webapp.staging.swh.network
-    allowed_hosts:
-    - webapp-postgresql.internal.staging.swh.network
-    - webapp.staging.swh.network
     content_display_max_size: 5242880
     give:
       public_key: ${GIVE_PUBLIC_KEY}
       token: ${GIVE_PRIVATE_TOKEN}
     history_counters_url: http://counters0.internal.staging.swh.network:5011/counters_history/history.json
-    instance_name: webapp-postgresql.internal.staging.swh.network
     keycloak:
       realm_name: SoftwareHeritageStaging
       server_url: https://auth.softwareheritage.org/auth/
     matomo: {}
     search_config:
       metadata_backend: swh-search
     swh_extra_django_apps:
     - swh.web.add_forge_now
     - swh.web.archive_coverage
     - swh.web.badges
@@ -21467,21 +21467,21 @@
       app: web
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxSurge: 1
   template:
     metadata:
       labels:
         app: web
       annotations:
-        checksum/config: 347e9c16d281781165dcc057e689e20a4c3e56f9c73e10d7bfc9587ea6ce875f
+        checksum/config: 4e0c20f9cd7e53f1a2fcb9aa55e34270b3368a4c77d78b107c323ee753f0a2c8
     spec:
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - key: swh/web
                 operator: In
                 values:
                 - "true"
@@ -22171,23 +22171,51 @@
               number: 5004

       - path: /api/1/content/[^/]+/symbol/
         pathType: Prefix
         backend:
           service:
             name: web
             port:
               number: 5004

+  - host: webapp.staging.swh.network
+    http:
+      paths:
+      - path: /api/1/provenance/
+        pathType: Prefix
+        backend:
+          service:
+            name: web
+            port:
+              number: 5004
+
+      - path: /api/1/entity/
+        pathType: Prefix
+        backend:
+          service:
+            name: web
+            port:
+              number: 5004
+
+      - path: /api/1/content/[^/]+/symbol/
+        pathType: Prefix
+        backend:
+          service:
+            name: web
+            port:
+              number: 5004
+
   tls:
   - hosts:
     - webapp-postgresql.internal.staging.swh.network
+    - webapp.staging.swh.network
     secretName: swh-web-crt
 ---
 # Source: swh/templates/web/ingress.yaml
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   namespace: swh
   name: web-ingress-default
   annotations:
     nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.101.0/24,192.168.130.0/24,192.168.50.0/24
@@ -22212,23 +22240,43 @@
               number: 5004

       - path: /static
         pathType: Prefix
         backend:
           service:
             name: web
             port:
               number: 80

+  - host: webapp.staging.swh.network
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: web
+            port:
+              number: 5004
+
+      - path: /static
+        pathType: Prefix
+        backend:
+          service:
+            name: web
+            port:
+              number: 80
+
   tls:
   - hosts:
     - webapp-postgresql.internal.staging.swh.network
+    - webapp.staging.swh.network
     secretName: swh-web-crt
 ---
 # Source: swh/charts/keda/templates/metrics-server/apiservice.yaml
 apiVersion: apiregistration.k8s.io/v1
 kind: APIService
 metadata:
   annotations:
   labels:
     app.kubernetes.io/name: v1beta1.external.metrics.k8s.io
     helm.sh/chart: keda-2.11.0


------------- diff for environment staging namespace swh-cassandra -------------

--- /tmp/swh-chart.swh.tFh5wraj/staging-swh-cassandra.before    2023-10-18 16:53:38.733525796 +0200
+++ /tmp/swh-chart.swh.tFh5wraj/staging-swh-cassandra.after     2023-10-18 16:53:39.417525355 +0200
@@ -3877,20 +3877,23 @@
       port: 25
 ---
 # Source: swh/templates/web/configmap.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   namespace: swh-cassandra
   name: web-configuration-template
 data:
   config.yml.template: |
+    instance_name: webapp-cassandra.internal.staging.swh.network
+    allowed_hosts:
+      - webapp-cassandra.internal.staging.swh.network
     storage:
       cls: remote
       url: http://storage:5002
     search:
       cls: remote
       url: http://search0.internal.staging.swh.network:5010
     scheduler:
       cls: remote
       url: http://scheduler.internal.staging.swh.network
     vault:
@@ -3939,28 +3942,25 @@
             default: 10/m
         swh_api_origin_visit_latest:
           limiter_rate:
             default: 700/m
         swh_save_origin:
           limiter_rate:
             POST: 10/h
             default: 120/h
     add_forge_now:
       email_address: add-forge-now@webapp.staging.swh.network
-    allowed_hosts:
-    - webapp-cassandra.internal.staging.swh.network
     content_display_max_size: 5242880
     give:
       public_key: ${GIVE_PUBLIC_KEY}
       token: ${GIVE_PRIVATE_TOKEN}
     history_counters_url: http://counters0.internal.staging.swh.network:5011/counters_history/history.json
-    instance_name: webapp-cassandra.internal.staging.swh.network
     keycloak:
       realm_name: SoftwareHeritageStaging
       server_url: https://auth.softwareheritage.org/auth/
     matomo: {}
     search_config:
       metadata_backend: swh-search
     swh_extra_django_apps:
     - swh.web.add_forge_now
     - swh.web.archive_coverage
     - swh.web.badges
@@ -20527,21 +20527,21 @@
       app: web
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxSurge: 1
   template:
     metadata:
       labels:
         app: web
       annotations:
-        checksum/config: f37c90b3114aa2c0e791b10f1e2364410f7c78547c1ed4d7a04a53dd977312cd
+        checksum/config: 09a3336045d642f75d9eb60ab89121c0ab2e8ca3fbe8e85c832b805fb789da09
     spec:
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - key: swh/web
                 operator: In
                 values:
                 - "true"


------------- diff for environment staging namespace swh-cassandra-next-version -------------

--- /tmp/swh-chart.swh.tFh5wraj/staging-swh-cassandra-next-version.before       2023-10-18 16:53:38.945525659 +0200
+++ /tmp/swh-chart.swh.tFh5wraj/staging-swh-cassandra-next-version.after        2023-10-18 16:53:39.681525185 +0200
@@ -3877,20 +3877,23 @@
       port: 25
 ---
 # Source: swh/templates/web/configmap.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   namespace: swh-cassandra-next-version
   name: web-configuration-template
 data:
   config.yml.template: |
+    instance_name: webapp-cassandra-next-version.internal.staging.swh.network
+    allowed_hosts:
+      - webapp-cassandra-next-version.internal.staging.swh.network
     storage:
       cls: remote
       url: http://storage:5002
     search:
       cls: remote
       url: http://search0.internal.staging.swh.network:5010
     scheduler:
       cls: remote
       url: http://scheduler.internal.staging.swh.network
     vault:
@@ -3939,28 +3942,25 @@
             default: 10/m
         swh_api_origin_visit_latest:
           limiter_rate:
             default: 700/m
         swh_save_origin:
           limiter_rate:
             POST: 10/h
             default: 120/h
     add_forge_now:
       email_address: add-forge-now@webapp.staging.swh.network
-    allowed_hosts:
-    - webapp-cassandra-next-version.internal.staging.swh.network
     content_display_max_size: 5242880
     give:
       public_key: ${GIVE_PUBLIC_KEY}
       token: ${GIVE_PRIVATE_TOKEN}
     history_counters_url: http://counters0.internal.staging.swh.network:5011/counters_history/history.json
-    instance_name: webapp-cassandra-next-version.internal.staging.swh.network
     keycloak:
       realm_name: SoftwareHeritageStaging
       server_url: https://auth.softwareheritage.org/auth/
     matomo: {}
     search_config:
       metadata_backend: swh-search
     swh_extra_django_apps:
     - swh.web.add_forge_now
     - swh.web.archive_coverage
     - swh.web.badges
@@ -20527,21 +20527,21 @@
       app: web
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxSurge: 1
   template:
     metadata:
       labels:
         app: web
       annotations:
-        checksum/config: 9c0f76b0fb8148cd47c47e48e6f465e3b361e9c4b95c94900852eea345e150de
+        checksum/config: f63342dcc16ae9ec1d6c764d085678aac2fa8ba6597ae180517edaf75993353f
     spec:
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - key: swh/web
                 operator: In
                 values:
                 - "true"


------------- diff for environment production namespace swh -------------

No differences


------------- diff for environment production namespace swh-cassandra -------------

--- /tmp/swh-chart.swh.tFh5wraj/production-swh-cassandra.before 2023-10-18 16:53:40.097524918 +0200
+++ /tmp/swh-chart.swh.tFh5wraj/production-swh-cassandra.after  2023-10-18 16:53:40.533524637 +0200
@@ -1038,20 +1038,23 @@
     fi
 ---
 # Source: swh/templates/web/configmap.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   namespace: swh-cassandra
   name: web-configuration-template
 data:
   config.yml.template: |
+    instance_name: webapp-cassandra.internal.softwareheritage.org
+    allowed_hosts:
+      - webapp-cassandra.internal.softwareheritage.org
     storage:
       cls: remote
       url: http://storage:5002
     search:
       cls: remote
       url: http://moma.internal.softwareheritage.org:5010
     scheduler:
       cls: remote
       url: http://scheduler.internal.softwareheritage.org
     vault:
@@ -1127,29 +1130,26 @@
           limiter_rate:
             default: 10/m
         swh_api_origin_visit_latest:
           limiter_rate:
             default: 700/m
         swh_raw_object:
           limiter_rate:
             default: 120/h
     add_forge_now:
       email_address: add-forge-now@archive.softwareheritage.org
-    allowed_hosts:
-    - webapp-cassandra.internal.softwareheritage.org
     content_display_max_size: 5242880
     es_workers_index_url: http://esnode1.internal.softwareheritage.org:9200/swh_workers-*
     give:
       public_key: ${GIVE_PUBLIC_KEY}
       token: ${GIVE_PRIVATE_TOKEN}
     history_counters_url: http://counters1.internal.softwareheritage.org:5011/counters_history/history.json#
-    instance_name: webapp-cassandra.internal.softwareheritage.org
     keycloak:
       realm_name: SoftwareHeritage
       server_url: https://auth.softwareheritage.org/auth/
     search_config:
       metadata_backend: swh-search
     swh_extra_django_apps:
     - swh.web.add_forge_now
     - swh.web.archive_coverage
     - swh.web.badges
     - swh.web.banners
@@ -12816,21 +12816,21 @@
       app: web
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxSurge: 1
   template:
     metadata:
       labels:
         app: web
       annotations:
-        checksum/config: 3867d0bfc3325e144ba25c37c2683413e57d70d07abf880b66374dfe3896ad62
+        checksum/config: a3b31ddc881839bc2f0f13860ccb781fb5dc71f88dfa910831baf76607f90b83
     spec:
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
               - key: swh/web
                 operator: In
                 values:
                 - "true"

Refs. swh/infra/sysadm-environment#5095 (closed)

Edited by Antoine R. Dumont

Merge request reports