From e9ddb28622c5d95fce4238bcb85d43f7563f2878 Mon Sep 17 00:00:00 2001
From: Martin Weise <martin.weise@tuwien.ac.at>
Date: Sat, 19 Apr 2025 20:55:12 +0200
Subject: [PATCH] WIP
Signed-off-by: Martin Weise <martin.weise@tuwien.ac.at>
---
docker-compose.yml | 6 +-
helm/dbrepo/templates/gateway-configmap.yaml | 4 +-
.../templates/gateway-setup-configmap.yaml | 69 +++++++++++++++++++
helm/dbrepo/values.yaml | 10 ++-
4 files changed, 83 insertions(+), 6 deletions(-)
create mode 100644 helm/dbrepo/templates/gateway-setup-configmap.yaml
diff --git a/docker-compose.yml b/docker-compose.yml
index c8e30a217b..9d4224705f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -455,9 +455,9 @@ services:
ports:
- "80:8080"
volumes:
- - ./dbrepo-gateway-service/dbrepo.conf:/etc/nginx/conf.d/default.conf
+ - ./dbrepo-gateway-service/dbrepo.conf:/etc/nginx/conf.d/dbrepo.conf
healthcheck:
- test: lsof -i TCP:80 || exit 1
+ test: ps -p 1 | grep "nginx"
<<: *healthcheck-params
deploy:
<<: *resources-nano
@@ -705,7 +705,7 @@ services:
BASE_URL: "${BASE_URL:-http://localhost}"
# do not attempt to set it in the grafana.ini, hours wasted here: 7
GF_SERVER_ROOT_URL: http://dashboard-ui:3000/dashboard/
- GF_INSTALL_PLUGINS: "yesoreyeram-infinity-datasource"
+ GF_INSTALL_PLUGINS: "yesoreyeram-infinity-datasource,grafana-opensearch-datasource"
GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION: "true"
LDAP_ADMIN_USERNAME: "${IDENTITY_SERVICE_ADMIN_USERNAME:-admin}"
LDAP_ADMIN_PASSWORD: "${IDENTITY_SERVICE_ADMIN_PASSWORD:-admin}"
diff --git a/helm/dbrepo/templates/gateway-configmap.yaml b/helm/dbrepo/templates/gateway-configmap.yaml
index 37863f85c4..3f500f0d9b 100644
--- a/helm/dbrepo/templates/gateway-configmap.yaml
+++ b/helm/dbrepo/templates/gateway-configmap.yaml
@@ -2,10 +2,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
- name: gateway-service-setup
+ name: gateway-service-config
namespace: {{ include "common.names.namespace" . | quote }}
data:
- dbrepo.conf: |
+ dbrepo.conf: |-
# This is required to proxy Grafana Live WebSocket connections.
map $http_upgrade $connection_upgrade {
default upgrade;
diff --git a/helm/dbrepo/templates/gateway-setup-configmap.yaml b/helm/dbrepo/templates/gateway-setup-configmap.yaml
new file mode 100644
index 0000000000..0b830ba224
--- /dev/null
+++ b/helm/dbrepo/templates/gateway-setup-configmap.yaml
@@ -0,0 +1,69 @@
+{{- if .Values.gatewayservice.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: gateway-service-setup
+ namespace: {{ include "common.names.namespace" . | quote }}
+data:
+ nginx.conf: |-
+ # Based on https://www.nginx.com/resources/wiki/start/topics/examples/full/#nginx-conf
+ # user www www; ## Default: nobody
+
+ worker_processes auto;
+ error_log "/opt/bitnami/nginx/logs/error.log";
+ pid "/opt/bitnami/nginx/tmp/nginx.pid";
+
+ events {
+ worker_connections 1024;
+ }
+
+ http {
+ include mime.types;
+ default_type application/octet-stream;
+ log_format main '$remote_addr - $remote_user [$time_local] '
+ '"$request" $status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+ access_log "/opt/bitnami/nginx/logs/access.log" main;
+ add_header X-Frame-Options SAMEORIGIN;
+
+ client_body_temp_path "/opt/bitnami/nginx/tmp/client_body" 1 2;
+ proxy_temp_path "/opt/bitnami/nginx/tmp/proxy" 1 2;
+ fastcgi_temp_path "/opt/bitnami/nginx/tmp/fastcgi" 1 2;
+ scgi_temp_path "/opt/bitnami/nginx/tmp/scgi" 1 2;
+ uwsgi_temp_path "/opt/bitnami/nginx/tmp/uwsgi" 1 2;
+
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay off;
+ gzip on;
+ gzip_http_version 1.0;
+ gzip_comp_level 2;
+ gzip_proxied any;
+ gzip_types text/plain text/css application/javascript text/xml application/xml+rss;
+ keepalive_timeout 65;
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+ client_max_body_size 2G;
+ server_tokens off;
+
+ absolute_redirect off;
+ port_in_redirect off;
+
+ include "/opt/bitnami/nginx/conf/server_blocks/*.conf";
+
+ # HTTP Server
+ server {
+ # Port to listen on, can also be set in IP:PORT format
+ listen 8080;
+
+ include "/opt/bitnami/nginx/conf/bitnami/*.conf";
+
+ location /status {
+ stub_status on;
+ access_log off;
+ allow 127.0.0.1;
+ deny all;
+ }
+ }
+ }
+{{- end }}
\ No newline at end of file
diff --git a/helm/dbrepo/values.yaml b/helm/dbrepo/values.yaml
index 62ce16d3de..d50f79460f 100644
--- a/helm/dbrepo/values.yaml
+++ b/helm/dbrepo/values.yaml
@@ -1052,7 +1052,15 @@ gatewayservice:
## @param gatewayservice.metrics.enabled Enable the Prometheus metrics sidecar.
enabled: false
## @param gatewayservice.existingServerBlockConfigmap The extra configuration for the reverse proxy
- existingServerBlockConfigmap: gateway-service-setup
+ existingServerBlockConfigmap: gateway-service-config
+ extraVolumes:
+ - name: config-map
+ configMap:
+ name: gateway-service-setup
+ extraVolumeMounts:
+ - name: config-map
+ mountPath: /etc/nginx/conf.d/nginx.conf
+ subPath: nginx.conf
## @param gatewayservice.replicaCount The number of replicas.
replicaCount: 3
--
GitLab