Merge branch '2-add-configuration-for-configurable-http-proxy-tls-with-traefik' into 'master'

Resolve "Add configuration for configurable-http-proxy TLS with Traefik" Closes #2 See merge request !2

Merge branch '2-add-configuration-for-configurable-http-proxy-tls-with-traefik' into 'master'
ff04f6e1 · Benoît · d1d817cc · b229e8d6 · ff04f6e1 · ff04f6e1
Commit ff04f6e1 authored 1 year ago by Benoît
--- a/codehub/Chart.yaml
+++ b/codehub/Chart.yaml
@@ -42,4 +42,4 @@ sources:
  - https://github.com/bitnami/containers/tree/main/bitnami/jupyterhub
  - https://github.com/jupyterhub/jupyterhub
  - https://github.com/coder/code-server
-version: 5.0.2
+version: 5.1.0
--- a/codehub/templates/proxy/certificates.yaml
+++ b/codehub/templates/proxy/certificates.yaml
@@ -39,6 +39,7 @@ spec:
      - {{ .Values.tls.subject.countries }}
  dnsNames:
    - "{{ printf "%s-proxy-api" $serviceName }}"
+    - "{{ printf "%s-proxy-public" $serviceName }}"
    - "{{ printf "%s-proxy-api.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain }}"
    - "{{ printf "%s-proxy-public.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain }}"
    - "localhost"

--- a/codehub/templates/proxy/deployment.yaml
+++ b/codehub/templates/proxy/deployment.yaml
@@ -153,6 +153,9 @@ spec:
            httpGet:
              path: /_chp_healthz
              port: http
+              {{- if .Values.tls.enabled }}
+              scheme: HTTPS
+              {{- end }}
          {{- end }}
          {{- if .Values.proxy.customLivenessProbe }}
          livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.proxy.customLivenessProbe "context" $) | nindent 12 }}
@@ -161,6 +164,9 @@ spec:
            httpGet:
              path: /_chp_healthz
              port: http
+              {{- if .Values.tls.enabled }}
+              scheme: HTTPS
+              {{- end }}
          {{- end }}
          {{- if .Values.proxy.customReadinessProbe }}
          readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.proxy.customReadinessProbe "context" $) | nindent 12 }}
@@ -169,6 +175,9 @@ spec:
            httpGet:
              path: /_chp_healthz
              port: http
+              {{- if .Values.tls.enabled }}
+              scheme: HTTPS
+              {{- end }}
          {{- end }}
          {{- end }}
          volumeMounts:

--- a/codehub/templates/proxy/ingress.yaml
+++ b/codehub/templates/proxy/ingress.yaml
@@ -10,7 +10,7 @@ metadata:
    app.kubernetes.io/component: proxy
  namespace: {{ .Release.Namespace | quote }}
  annotations:
-    {{- if .Values.tls.enabled }}
+    {{- if and (eq .Values.proxy.ingress.ingressControllerType "nginx") .Values.tls.enabled }}
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
    {{- end }}
    {{- if .Values.proxy.ingress.annotations }}

--- a/codehub/templates/proxy/serverstransport.yaml
+++ b/codehub/templates/proxy/serverstransport.yaml
+{{- if and (eq .Values.proxy.ingress.ingressControllerType "traefik") .Values.tls.enabled }}
+{{- $releaseNamespace := .Release.Namespace }}
+{{- $clusterDomain := .Values.clusterDomain }}
+{{- $fullname := include "common.names.fullname" . }}
+{{- $serviceName := include "common.names.fullname" . }}
+apiVersion: traefik.io/v1alpha1
+kind: ServersTransport
+metadata:
+  name: {{ include "codehub.proxy.name" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/component: proxy
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  rootCAsSecrets:
+    - {{ include "common.names.fullname" . }}-proxy-crt
+  serverName: {{ printf "%s-proxy-public" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
+{{- end }}
\ No newline at end of file
--- a/codehub/templates/proxy/service-public.yaml
+++ b/codehub/templates/proxy/service-public.yaml
@@ -15,6 +15,10 @@ metadata:
    {{- if .Values.proxy.service.public.annotations }}
    {{- include "common.tplvalues.render" (dict "value" .Values.proxy.service.public.annotations "context" $) | nindent 4 }}
    {{- end }}
+    {{- if and (eq .Values.proxy.ingress.ingressControllerType "traefik") .Values.tls.enabled }}
+    traefik.ingress.kubernetes.io/service.serversscheme: https
+    traefik.ingress.kubernetes.io/service.serverstransport: "{{ .Release.Namespace }}-{{ include "codehub.proxy.name" . }}@kubernetescrd"
+    {{- end }}
 spec:
  type: {{ .Values.proxy.service.public.type }}
  {{- if and .Values.proxy.service.public.clusterIP (eq .Values.proxy.service.public.type "ClusterIP") }}

--- a/codehub/values.yaml
+++ b/codehub/values.yaml
@@ -1040,6 +1040,8 @@ proxy:
    ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
    ##
    ingressClassName: ""
+    ## @param proxy.ingress.ingressControllerType ingressControllerType that will be be used to implement the Ingress specific annotations (Ex. nginx or traefik)
+    ingressControllerType: "nginx"
    ## @param proxy.ingress.pathType Ingress path type
    ##
    pathType: ImplementationSpecific
@@ -1643,7 +1645,7 @@ tls:
  ## @param tls.algorithm Algorithm of the private key. Allowed values are either RSA,Ed25519 or ECDSA.
  algorithm: RSA
  ## @param tls.size Size is the key bit size of the corresponding private key for this certificate. If algorithm is set to RSA, valid values are 2048, 4096 or 8192, and will default to 2048 if not specified. If algorithm is set to ECDSA, valid values are 256, 384 or 521, and will default to 256 if not specified. If algorithm is set to Ed25519, Size is ignored. No other values are allowed. 
-  size: 2048
+  size: 4096

  ## @param tls.existingSecret Existing secret containing the certificates for Codehub
  ##