From e639f5032d5993dbc53eece6e30c7957e6e0af0c Mon Sep 17 00:00:00 2001 From: kurokobo <2920259+kurokobo@users.noreply.github.com> Date: Sat, 14 Oct 2023 20:45:26 +0900 Subject: [PATCH 1/2] fix: bring configmap for nginx back to customize nginx for ui --- roles/eda/templates/eda-ui.deployment.yaml.j2 | 12 ++++ roles/eda/templates/eda.configmap.yaml.j2 | 58 +++++++++++++++++++ 2 files changed, 70 insertions(+) diff --git a/roles/eda/templates/eda-ui.deployment.yaml.j2 b/roles/eda/templates/eda-ui.deployment.yaml.j2 index 56c8859a..b9a6dd4c 100644 --- a/roles/eda/templates/eda-ui.deployment.yaml.j2 +++ b/roles/eda/templates/eda-ui.deployment.yaml.j2 @@ -77,3 +77,15 @@ spec: {% if combined_ui.resource_requirements is defined %} resources: {{ combined_ui.resource_requirements }} {% endif %} + volumeMounts: + - name: {{ ansible_operator_meta.name }}-nginx-default-conf-template + mountPath: /etc/nginx/templates/default.conf.template + subPath: default.conf.template + readOnly: true + volumes: + - name: {{ ansible_operator_meta.name }}-nginx-default-conf-template + configMap: + name: '{{ ansible_operator_meta.name }}-{{ deployment_type }}-configmap' + items: + - key: nginx_default_conf_template + path: default.conf.template diff --git a/roles/eda/templates/eda.configmap.yaml.j2 b/roles/eda/templates/eda.configmap.yaml.j2 index b5f9b2f3..a326d1d0 100644 --- a/roles/eda/templates/eda.configmap.yaml.j2 +++ b/roles/eda/templates/eda.configmap.yaml.j2 @@ -28,3 +28,61 @@ data: {% for item in extra_settings | default([]) %} {{ item.setting | upper }}: "{{ item.value }}" {% endfor %} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: '{{ ansible_operator_meta.name }}-{{ deployment_type }}-configmap' + namespace: '{{ ansible_operator_meta.namespace }}' + labels: + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} +data: + nginx_default_conf_template: | + server { + listen 8080; + listen [::]:8080; + + server_name _; + server_tokens off; + + access_log off; + # error_log off; + + autoindex off; + + include mime.types; + types { + application/manifest+json webmanifest; + } + + sendfile on; + + root /usr/share/nginx/html; + + location ~ ^/api/eda/v[0-9]+/ { + proxy_pass $EDA_SERVER; + proxy_set_header Origin $EDA_SERVER; + } + + location ~ ^/api/eda/ws/[0-9a-z-]+ { + proxy_pass $EDA_SERVER; + proxy_set_header Origin $EDA_SERVER; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + } + + location ~* \.(json|woff|woff2|jpe?g|png|gif|ico|svg|css|js)$ { + add_header Cache-Control "public, max-age=31536000, s-maxage=31536000, immutable"; + try_files $uri =404; + gzip_static on; + } + + location / { + autoindex off; + expires off; + add_header Cache-Control "public, max-age=0, s-maxage=0, must-revalidate" always; + try_files $uri /index.html =404; + } + } From f2597ceb33cc5ea0c5f5701b2ff4a6982a194c20 Mon Sep 17 00:00:00 2001 From: kurokobo <2920259+kurokobo@users.noreply.github.com> Date: Sat, 14 Oct 2023 21:15:48 +0900 Subject: [PATCH 2/2] feat: allow disabling ipv6 listener on nginx --- config/crd/bases/eda.ansible.com_edas.yaml | 4 ++++ .../bases/eda-server-operator.clusterserviceversion.yaml | 5 +++++ roles/eda/defaults/main.yml | 3 +++ roles/eda/templates/eda.configmap.yaml.j2 | 2 ++ 4 files changed, 14 insertions(+) diff --git a/config/crd/bases/eda.ansible.com_edas.yaml b/config/crd/bases/eda.ansible.com_edas.yaml index 4256b9fa..cc77164a 100644 --- a/config/crd/bases/eda.ansible.com_edas.yaml +++ b/config/crd/bases/eda.ansible.com_edas.yaml @@ -2136,6 +2136,10 @@ spec: admin_password_secret: description: Secret where the admin password can be found. If not specified, one will be generated. type: string + ipv6_disabled: + description: Disable UI container's nginx ipv6 listener + type: boolean + default: false status: description: Status defines the observed state of EDA properties: diff --git a/config/manifests/bases/eda-server-operator.clusterserviceversion.yaml b/config/manifests/bases/eda-server-operator.clusterserviceversion.yaml index 81eefc50..ac45ec32 100644 --- a/config/manifests/bases/eda-server-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/eda-server-operator.clusterserviceversion.yaml @@ -201,6 +201,11 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:io.kubernetes:Secret + - displayName: Disable IPv6 listener? + path: ipv6_disabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - description: Name of the k8s secret the DB fields encryption key is stored in. displayName: DB Fields Encryption Key diff --git a/roles/eda/defaults/main.yml b/roles/eda/defaults/main.yml index 311d4d22..3d49091c 100644 --- a/roles/eda/defaults/main.yml +++ b/roles/eda/defaults/main.yml @@ -145,3 +145,6 @@ db_fields_encryption_secret: '' admin_user: admin admin_email: test@example.com admin_password_secret: '' + +# Disable UI container's nginx ipv6 listener +ipv6_disabled: false diff --git a/roles/eda/templates/eda.configmap.yaml.j2 b/roles/eda/templates/eda.configmap.yaml.j2 index a326d1d0..74101d1b 100644 --- a/roles/eda/templates/eda.configmap.yaml.j2 +++ b/roles/eda/templates/eda.configmap.yaml.j2 @@ -41,7 +41,9 @@ data: nginx_default_conf_template: | server { listen 8080; + {% if not ipv6_disabled %} listen [::]:8080; + {% endif %} server_name _; server_tokens off;