From 81d7102183f617f8e163df371522342b795490cb Mon Sep 17 00:00:00 2001 From: Johannes Faltermeier Date: Mon, 17 Jun 2024 10:44:57 +0200 Subject: [PATCH] Add WebView Support eclipsesource/theia-cloud#296 (#57) * add additional information to AppDefinition for other hostnames that have to be exposed * adapt self-signed certificate generation to use a CA that can be imported as an authority in a browser * add additional wildcard rules when installing the instance ingress * adapt document regeneration documentation to always use latest image * optionally set tls secret name when using paths --- CHANGELOG.md | 5 +++++ README.md | 2 +- charts/theia-cloud-crds/Chart.yaml | 2 +- charts/theia-cloud-crds/README.md | 4 ++-- .../appdefinition-spec-resource.yaml | 4 ++++ charts/theia.cloud-base/Chart.yaml | 2 +- charts/theia.cloud-base/README.md | 4 +++- .../templates/clusterissuer-for-ca.yaml | 7 +++++++ .../templates/clusterissuer-selfsigned.yaml | 3 ++- .../templates/theia-cloud-ca-certificate.yaml | 14 +++++++++++++ charts/theia.cloud-base/values.yaml | 10 ++++++++- charts/theia.cloud/Chart.yaml | 2 +- charts/theia.cloud/README.md | 14 ++++++++++--- .../instances-ingress-path-based.yaml | 21 ++++++++++++++++++- .../templates/instances-ingress.yaml | 11 +++++++++- .../landing-page-ingress-path-based.yaml | 8 +++++++ .../templates/landing-page-ingress.yaml | 2 ++ .../templates/service-ingress-path-based.yaml | 11 ++++++++++ .../templates/service-ingress.yaml | 2 ++ .../templates/theia-appdefinition-spec.yaml | 4 +++- charts/theia.cloud/values.yaml | 16 ++++++++++++++ 21 files changed, 133 insertions(+), 15 deletions(-) create mode 100644 charts/theia.cloud-base/templates/clusterissuer-for-ca.yaml create mode 100644 charts/theia.cloud-base/templates/theia-cloud-ca-certificate.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index 0ac0ce7..1a1c19c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,11 @@ - [theia-cloud-crds] Add option field to CRDs and increase version to `Session.v1beta8`, `Workspace.v1beta5` and `AppDefinition.v1beta10` [#55](https://github.com/eclipsesource/theia-cloud-helm/pull/55) | [#293](https://github.com/eclipsesource/theia-cloud/pull/293) - [theia-cloud] Add configurable image preloading [#56](https://github.com/eclipsesource/theia-cloud-helm/pull/56) - [theia-cloud] Add landing page configuration options for logo file extension, loading text, user info title & text [#58](https://github.com/eclipsesource/theia-cloud-helm/pull/58) - contributed on behalf of STMicroelectronics +- [theia-cloud-base] Self signed certificates are now signed by a Theia Cloud certificate authority. The certificate of the authority may be exported and imported in your Browser for easier local testing [#57](https://github.com/eclipsesource/theia-cloud-helm/pull/57) +- [theia-cloud-crds] Add `ingressHostnamePrefixes` list to `AppDefinition.v1beta10` [#57](https://github.com/eclipsesource/theia-cloud-helm/pull/57) | [#298](https://github.com/eclipsesource/theia-cloud/pull/298) +- [theia-cloud] Add `allWildcardInstances` to values and create TLS entries for them in the instances-ingress [#57](https://github.com/eclipsesource/theia-cloud-helm/pull/57) +- [theia-cloud] Add `hosts.paths.tlsSecretName` to values which allows to optionally set the tls secretName on the ingress tls section when using paths [#57](https://github.com/eclipsesource/theia-cloud-helm/pull/57) +- [theia-cloud] Add `ingress.certManagerAnnotations` to values which allows to configure whether cert manager annotations will be added to the ingresses [#57](https://github.com/eclipsesource/theia-cloud-helm/pull/57) ## [0.10.0] - 2024-04-02 diff --git a/README.md b/README.md index 1d08ba1..ec402fe 100644 --- a/README.md +++ b/README.md @@ -44,5 +44,5 @@ Furthermore, the new version, together with a release estimation date, should be ## How to generate Chart READMEs ```bash -docker run --rm --volume "$(pwd)/charts:/helm-docs" -u $(id -u) jnorwood/helm-docs:latest +docker pull jnorwood/helm-docs:latest && docker run --rm --volume "$(pwd)/charts:/helm-docs" -u $(id -u) jnorwood/helm-docs:latest ``` diff --git a/charts/theia-cloud-crds/Chart.yaml b/charts/theia-cloud-crds/Chart.yaml index e62576c..a17e994 100644 --- a/charts/theia-cloud-crds/Chart.yaml +++ b/charts/theia-cloud-crds/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.11.0-next.1 +version: 0.11.0-next.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/theia-cloud-crds/README.md b/charts/theia-cloud-crds/README.md index 8682aac..8427da8 100644 --- a/charts/theia-cloud-crds/README.md +++ b/charts/theia-cloud-crds/README.md @@ -1,6 +1,6 @@ # theia-cloud-crds -![Version: 0.11.0-next.1](https://img.shields.io/badge/Version-0.11.0--next.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.11.0-next](https://img.shields.io/badge/AppVersion-0.11.0--next-informational?style=flat-square) +![Version: 0.11.0-next.2](https://img.shields.io/badge/Version-0.11.0--next.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.11.0-next](https://img.shields.io/badge/AppVersion-0.11.0--next-informational?style=flat-square) A Helm chart for the custom resource definitions (CRDs) of Theia Cloud @@ -13,4 +13,4 @@ A Helm chart for the custom resource definitions (CRDs) of Theia Cloud | conversion.image | string | `"theiacloud/theia-cloud-conversion-webhook:0.11.0-next"` | The image of the webhook container | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0) +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/charts/theia-cloud-crds/templates/appdefinition-spec-resource.yaml b/charts/theia-cloud-crds/templates/appdefinition-spec-resource.yaml index e63fb3d..5c22d36 100644 --- a/charts/theia-cloud-crds/templates/appdefinition-spec-resource.yaml +++ b/charts/theia-cloud-crds/templates/appdefinition-spec-resource.yaml @@ -51,6 +51,10 @@ spec: maximum: 65535 ingressname: type: string + ingressHostnamePrefixes: + type: array + items: + type: string minInstances: type: integer maxInstances: diff --git a/charts/theia.cloud-base/Chart.yaml b/charts/theia.cloud-base/Chart.yaml index b05b69f..4a9745c 100644 --- a/charts/theia.cloud-base/Chart.yaml +++ b/charts/theia.cloud-base/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.11.0-next.0 +version: 0.11.0-next.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/theia.cloud-base/README.md b/charts/theia.cloud-base/README.md index 07bcce4..d6cb602 100644 --- a/charts/theia.cloud-base/README.md +++ b/charts/theia.cloud-base/README.md @@ -1,6 +1,6 @@ # theia-cloud-base -![Version: 0.11.0-next.0](https://img.shields.io/badge/Version-0.11.0--next.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.11.0-next](https://img.shields.io/badge/AppVersion-0.11.0--next-informational?style=flat-square) +![Version: 0.11.0-next.1](https://img.shields.io/badge/Version-0.11.0--next.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.11.0-next](https://img.shields.io/badge/AppVersion-0.11.0--next-informational?style=flat-square) Theia-cloud base chart @@ -8,7 +8,9 @@ Theia-cloud base chart | Key | Type | Default | Description | |-----|------|---------|-------------| +| certmanager.namespace | string | `"cert-manager"` | the namespace where the cert-manager is installed | | issuer.email | string | `"mmorlock@example.com"` | email used to issue let's encrypt certificates | +| issuerca.name | string | `"theia-cloud-ca-certificate-signer"` | name for the issuer preparing a self signed CA certificate | | issuerprod.name | string | `"letsencrypt-prod"` | name for the let's encrypt production cluster issuer | | issuerstaging.name | string | `"theia-cloud-selfsigned-issuer"` | name for the self signed cluster issuer | | operatorrole.name | string | `"operator-api-access"` | name for the operator's cluster role | diff --git a/charts/theia.cloud-base/templates/clusterissuer-for-ca.yaml b/charts/theia.cloud-base/templates/clusterissuer-for-ca.yaml new file mode 100644 index 0000000..633cd23 --- /dev/null +++ b/charts/theia.cloud-base/templates/clusterissuer-for-ca.yaml @@ -0,0 +1,7 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: {{ .Values.issuerca.name }} +spec: + selfSigned: {} + \ No newline at end of file diff --git a/charts/theia.cloud-base/templates/clusterissuer-selfsigned.yaml b/charts/theia.cloud-base/templates/clusterissuer-selfsigned.yaml index 77907b7..bf6dff8 100644 --- a/charts/theia.cloud-base/templates/clusterissuer-selfsigned.yaml +++ b/charts/theia.cloud-base/templates/clusterissuer-selfsigned.yaml @@ -3,5 +3,6 @@ kind: ClusterIssuer metadata: name: {{ .Values.issuerstaging.name }} spec: - selfSigned: {} + ca: + secretName: theia-cloud-ca-key-pair \ No newline at end of file diff --git a/charts/theia.cloud-base/templates/theia-cloud-ca-certificate.yaml b/charts/theia.cloud-base/templates/theia-cloud-ca-certificate.yaml new file mode 100644 index 0000000..e8bb858 --- /dev/null +++ b/charts/theia.cloud-base/templates/theia-cloud-ca-certificate.yaml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: theia-cloud-ca-certificate + namespace: {{ .Values.certmanager.namespace }} +spec: + commonName: "Theia Cloud CA" + secretName: theia-cloud-ca-key-pair + isCA: true + issuerRef: + name: {{ .Values.issuerca.name }} + kind: ClusterIssuer + duration: 2160h + renewBefore: 360h \ No newline at end of file diff --git a/charts/theia.cloud-base/values.yaml b/charts/theia.cloud-base/values.yaml index cef8992..e4a2d19 100644 --- a/charts/theia.cloud-base/values.yaml +++ b/charts/theia.cloud-base/values.yaml @@ -1,3 +1,7 @@ +issuerca: + # -- name for the issuer preparing a self signed CA certificate + name: theia-cloud-ca-certificate-signer + issuerprod: # -- name for the let's encrypt production cluster issuer name: letsencrypt-prod @@ -16,4 +20,8 @@ operatorrole: servicerole: # -- name for the services' cluster role - name: service-api-access \ No newline at end of file + name: service-api-access + +certmanager: + # -- the namespace where the cert-manager is installed + namespace: cert-manager \ No newline at end of file diff --git a/charts/theia.cloud/Chart.yaml b/charts/theia.cloud/Chart.yaml index 13dc9c4..7f1a1f4 100644 --- a/charts/theia.cloud/Chart.yaml +++ b/charts/theia.cloud/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.11.0-next.2 +version: 0.11.0-next.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/theia.cloud/README.md b/charts/theia.cloud/README.md index 567c790..9ee409c 100644 --- a/charts/theia.cloud/README.md +++ b/charts/theia.cloud/README.md @@ -1,6 +1,6 @@ # theia-cloud -![Version: 0.11.0-next.0](https://img.shields.io/badge/Version-0.11.0--next.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.11.0-next](https://img.shields.io/badge/AppVersion-0.11.0--next-informational?style=flat-square) +![Version: 0.11.0-next.3](https://img.shields.io/badge/Version-0.11.0--next.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.11.0-next](https://img.shields.io/badge/AppVersion-0.11.0--next-informational?style=flat-square) A Helm chart for Theia.cloud @@ -12,6 +12,7 @@ A Helm chart for Theia.cloud | app.id | string | `"asdfghjkl"` | The app id which is used in the communication between website and REST-API as a spam migitation. This id is public. Please choose an random generated string. | | app.logo | string | `"logos/theiablueprint.svg"` | The logo of the application that should be displayed on the landing pages | | app.logoData | string | `nil` | set app.logoData=$(cat path/to/file.svg | base64 -w 0 -) Another way is to directly add the base64 string to the values file. | +| app.logoFileExtension | string | `"svg"` | The file extension of the logo. Must be set to match the logo respectively the logoData. This is required because browsers cannot show a binary image (e.g. png) with a svg ending and vice-versa. | | app.name | string | `"Theia Blueprint"` | The name of the application that should be displayed on the landing pages | | demoApplication | object | (see details below) | Information about the demo application to be installed | | demoApplication.imagePullPolicy | string | `nil` | Optional: Override the imagePullPolicy for the main application's docker image. If this is omitted or empty, the root at .Values.imagePullPolicy is used. | @@ -25,6 +26,7 @@ A Helm chart for Theia.cloud | demoApplication.pullSecret | string | `""` | the image pull secret. Leave empty if registry is public | | demoApplication.timeout | string | `"30"` | Limit in minutes | | hosts | object | (see details below) | You may adjust the hostname below. | +| hosts.allWildcardInstances | list | `["*.webview."]` | all additional wildcard hostnames that may be required in the launched Theia-applications, e.g. "*.webview." which leads to "*.webview.ws.192.168.39.173.nip.io" to expose webviews. Please note that this means that this usually means that all "ingressHostnamePrefixes" patterns from all app definitions need to be added. These are required to configure TLS (if enabled via hosts.tls == true) | | hosts.instance | string | `"ws.192.168.39.173.nip.io"` | hostname for the launched Theia-applications | | hosts.landing | string | `"theia.cloud.192.168.39.173.nip.io"` | hostname of the landing page | | hosts.paths | object | (see details below) | Only needed when usePaths == true. Contains the baseHost and paths for all services | @@ -32,6 +34,7 @@ A Helm chart for Theia.cloud | hosts.paths.instance | string | `"instances"` | path for deployed instances | | hosts.paths.landing | string | `"trynow"` | path of the landing page | | hosts.paths.service | string | `"servicex"` | path of the REST service | +| hosts.paths.tlsSecretName | bool | `false` | whether the default Theia Cloud tls secret names should be used. If false no tls secret name will be set on the ingress only needed when hosts.usePaths == true and hosts.tls == true | | hosts.service | string | `"service.192.168.39.173.nip.io"` | hostname of the REST-API | | hosts.servicePort | int | `8081` | service port (default: 8081) | | hosts.serviceProtocol | string | `"https"` | protocol of the REST-API | @@ -40,10 +43,11 @@ A Helm chart for Theia.cloud | hosts.useServicePortInHostname | bool | `false` | whether the service port needs to be part of the service URL (default: false) | | imagePullPolicy | string | `"Always"` | The default imagePullPolicy for containers of theia cloud. Can be overridden for individual components by specifying the imagePullPolicy variable there. Possible values: - Always - IfNotPresent - Never | | ingress | object | (see details below) | Values to influence the ingresses | -| ingress.clusterIssuer | string | `"letsencrypt-prod"` | The cluster issuer to use | +| ingress.certManagerAnnotations | bool | `true` | When set to true the cert-manager.io annotations will be set. When false certificate management is handled outside of Theia Cloud. | +| ingress.clusterIssuer | string | `"letsencrypt-prod"` | The cluster issuer to use Only needed when ingress.certManagerAnnotations is true | | ingress.instanceName | string | `"theia-cloud-demo-ws-ingress"` | The name of the ingress which will be updated to publish new theia application. If this is not existing it will be created. You may chose to set the ingress up yourself and point theia.cloud to the ingress via the name | | ingress.proxyBodySize | string | `"1m"` | Sets the maximum allowed size of the client request body inside the application (e.g. file uploads in Theia). Defaults to 1m. Setting size to 0 disables checking of client request body size. | -| ingress.theiaCloudCommonName | bool | `false` | When set to true the cert-manager.io/common-name annotation will be set. This is only required when the issued certificate by the cert-manager misses a common-name | +| ingress.theiaCloudCommonName | bool | `false` | When set to true the cert-manager.io/common-name annotation will be set. This is only required when the issued certificate by the cert-manager misses a common-name Only needed when ingress.certManagerAnnotations is true | | issuer | object | (see details below) | Values related to certificates/Cert-manager | | issuer.email | string | `"mmorlock@example.com"` | EMail address of the certificate issuer. | | keycloak | object | (see details below) | Values related to Keycloak | @@ -56,10 +60,14 @@ A Helm chart for Theia.cloud | landingPage | object | (see details below) | Values related to the landing page | | landingPage.additionalApps | string | `nil` | The page may show these additional apps in a drop down. This is a map. The key maps to the app definition name The value is the label that is supposed to be shown in the UI Example: different-app-definition: label: "Different App Definition" further-app-definition: label: "Further App Definition" | | landingPage.appDefinition | string | `"theia-cloud-demo"` | the app id to launch | +| landingPage.disableInfo | bool | `false` | Should showing info title and text below the launch button be disabled true hides the info title and text false shows the info title and text | | landingPage.ephemeralStorage | bool | `true` | If set to true no persisted storage is used when creating sessions on the landing page. Set to false if you want to use persisted storage. | | landingPage.image | string | `"theiacloud/theia-cloud-landing-page:0.11.0-next"` | the landing page image to use | | landingPage.imagePullPolicy | string | `nil` | Optional: Override the imagePullPolicy for the landing page's docker image. If this is omitted or empty, the root at .Values.imagePullPolicy is used. | | landingPage.imagePullSecret | string | `nil` | Optional: the image pull secret | +| landingPage.infoText | string | `nil` | Optional: If specified with a value, this overrides the info text shown on the landing page. Empty values are ignored. Use `disableInfo` to deactivate showing the info completely. | +| landingPage.infoTitle | string | `nil` | Optional: If specified with a value, this overrides the title of the info text shown on the landing page. Empty values are ignored. Use `disableInfo` to deactivate showing the info completely. | +| landingPage.loadingText | string | `nil` | Optional: If specified with a value, this overrides the message shown to the user while the session is started. Empty values are ignored and the default text is used. | | monitor | object | (see details below) | Values to influence the monitor initialization on the operator | | monitor.activityTracker | object | (see details below) | Values to influence the activityTracker module | | monitor.activityTracker.enable | bool | `true` | Should the activityTracker module be enabled | diff --git a/charts/theia.cloud/templates/instances-ingress-path-based.yaml b/charts/theia.cloud/templates/instances-ingress-path-based.yaml index 4b925fa..85e1370 100644 --- a/charts/theia.cloud/templates/instances-ingress-path-based.yaml +++ b/charts/theia.cloud/templates/instances-ingress-path-based.yaml @@ -13,17 +13,36 @@ metadata: nginx.ingress.kubernetes.io/configuration-snippet: | proxy_set_header 'X-Forwarded-Uri' $request_uri; nginx.ingress.kubernetes.io/proxy-body-size: {{ tpl (.Values.ingress.proxyBodySize | toString) . }} + {{- if .Values.hosts.paths.tlsSecretName }} + {{- if .Values.ingress.certManagerAnnotations }} + cert-manager.io/cluster-issuer: {{ tpl (.Values.ingress.clusterIssuer | toString) . }} + {{- if .Values.ingress.theiaCloudCommonName }} + cert-manager.io/common-name: "Theia.Cloud" + {{- end }} + acme.cert-manager.io/http01-ingress-class: nginx + {{- end }} + {{- end }} spec: ingressClassName: nginx {{- if .Values.hosts.tls }} tls: - hosts: - {{ tpl (.Values.hosts.paths.baseHost | toString) . }} + {{- range .Values.hosts.allWildcardInstances }} + - {{ printf "'%s%s'" . $.Values.hosts.paths.baseHost }} + {{- end }} + {{- if .Values.hosts.paths.tlsSecretName }} + secretName: ws-cert-secret + {{- end }} {{- end }} {{- if not (lookup "networking.k8s.io/v1" "Ingress" .Release.Namespace (tpl (.Values.ingress.instanceName | toString) .) ) }} rules: - host: {{ tpl (.Values.hosts.paths.baseHost | toString) . }} http: + {{- range .Values.hosts.allWildcardInstances }} + - host: {{ printf "'%s%s'" . $.Values.hosts.paths.baseHost }} + http: + {{- end }} {{- else }} rules: {{ range $rule := (lookup "networking.k8s.io/v1" "Ingress" .Release.Namespace (tpl (.Values.ingress.instanceName | toString) .)).spec.rules }} @@ -43,4 +62,4 @@ spec: {{ end }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/theia.cloud/templates/instances-ingress.yaml b/charts/theia.cloud/templates/instances-ingress.yaml index 16d6f91..f6da6cb 100644 --- a/charts/theia.cloud/templates/instances-ingress.yaml +++ b/charts/theia.cloud/templates/instances-ingress.yaml @@ -8,11 +8,13 @@ metadata: {{- if not .Values.hosts.tls }} nginx.ingress.kubernetes.io/ssl-redirect: "false" {{- end }} + {{- if .Values.ingress.certManagerAnnotations }} cert-manager.io/cluster-issuer: {{ tpl (.Values.ingress.clusterIssuer | toString) . }} {{- if .Values.ingress.theiaCloudCommonName }} cert-manager.io/common-name: "Theia.Cloud" {{- end }} acme.cert-manager.io/http01-ingress-class: nginx + {{- end }} nginx.ingress.kubernetes.io/proxy-buffer-size: "128k" nginx.ingress.kubernetes.io/rewrite-target: /$2 nginx.ingress.kubernetes.io/configuration-snippet: | @@ -24,12 +26,19 @@ spec: tls: - hosts: - {{ tpl (.Values.hosts.instance | toString) . }} + {{- range .Values.hosts.allWildcardInstances }} + - {{ printf "'%s%s'" . $.Values.hosts.instance }} + {{- end }} secretName: ws-cert-secret {{- end }} {{- if not (lookup "networking.k8s.io/v1" "Ingress" .Release.Namespace (tpl (.Values.ingress.instanceName | toString) .) ) }} rules: - host: {{ tpl (.Values.hosts.instance | toString) . }} http: + {{- range .Values.hosts.allWildcardInstances }} + - host: {{ printf "'%s%s'" . $.Values.hosts.instance }} + http: + {{- end }} {{- else }} rules: {{ range $rule := (lookup "networking.k8s.io/v1" "Ingress" .Release.Namespace (tpl (.Values.ingress.instanceName | toString) .)).spec.rules }} @@ -49,4 +58,4 @@ spec: {{ end }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/theia.cloud/templates/landing-page-ingress-path-based.yaml b/charts/theia.cloud/templates/landing-page-ingress-path-based.yaml index 0443409..75f0479 100644 --- a/charts/theia.cloud/templates/landing-page-ingress-path-based.yaml +++ b/charts/theia.cloud/templates/landing-page-ingress-path-based.yaml @@ -14,6 +14,11 @@ metadata: # This is necessary to correctly resolve relative paths (e.g. for css files) from the landing page. nginx.ingress.kubernetes.io/configuration-snippet: | rewrite ^([^.?]*[^/])$ $1/ redirect; + {{- if .Values.hosts.paths.tlsSecretName }} + {{- if .Values.ingress.certManagerAnnotations }} + cert-manager.io/cluster-issuer: {{ tpl (.Values.ingress.clusterIssuer | toString) . }} + {{- end }} + {{- end }} namespace: {{ .Release.Namespace }} spec: ingressClassName: nginx @@ -21,6 +26,9 @@ spec: tls: - hosts: - {{ tpl (.Values.hosts.paths.baseHost | toString) . }} + {{- if .Values.hosts.paths.tlsSecretName }} + secretName: landing-page-cert-secret + {{- end }} {{- end }} rules: - host: {{ tpl (.Values.hosts.paths.baseHost | toString) . }} diff --git a/charts/theia.cloud/templates/landing-page-ingress.yaml b/charts/theia.cloud/templates/landing-page-ingress.yaml index d89aa70..b7e929d 100644 --- a/charts/theia.cloud/templates/landing-page-ingress.yaml +++ b/charts/theia.cloud/templates/landing-page-ingress.yaml @@ -7,7 +7,9 @@ metadata: {{- if not .Values.hosts.tls }} nginx.ingress.kubernetes.io/ssl-redirect: "false" {{- end }} + {{- if .Values.ingress.certManagerAnnotations }} cert-manager.io/cluster-issuer: {{ tpl (.Values.ingress.clusterIssuer | toString) . }} + {{- end }} namespace: {{ .Release.Namespace }} spec: ingressClassName: nginx diff --git a/charts/theia.cloud/templates/service-ingress-path-based.yaml b/charts/theia.cloud/templates/service-ingress-path-based.yaml index 2af04b7..4840895 100644 --- a/charts/theia.cloud/templates/service-ingress-path-based.yaml +++ b/charts/theia.cloud/templates/service-ingress-path-based.yaml @@ -8,6 +8,14 @@ metadata: nginx.ingress.kubernetes.io/ssl-redirect: "false" {{- end }} nginx.ingress.kubernetes.io/rewrite-target: /service$1 + {{- if .Values.hosts.paths.tlsSecretName }} + {{- if .Values.ingress.certManagerAnnotations }} + cert-manager.io/cluster-issuer: {{ tpl (.Values.ingress.clusterIssuer | toString) . }} + {{- if .Values.ingress.theiaCloudCommonName }} + cert-manager.io/common-name: "Theia.Cloud" + {{- end }} + {{- end }} + {{- end }} namespace: {{ .Release.Namespace }} spec: ingressClassName: nginx @@ -15,6 +23,9 @@ spec: tls: - hosts: - {{ tpl (.Values.hosts.paths.baseHost | toString) . }} + {{- if .Values.hosts.paths.tlsSecretName }} + secretName: service-cert-secret + {{- end }} {{- end }} rules: - host: {{ tpl (.Values.hosts.paths.baseHost | toString) . }} diff --git a/charts/theia.cloud/templates/service-ingress.yaml b/charts/theia.cloud/templates/service-ingress.yaml index 295c37d..2cf8ebd 100644 --- a/charts/theia.cloud/templates/service-ingress.yaml +++ b/charts/theia.cloud/templates/service-ingress.yaml @@ -7,10 +7,12 @@ metadata: {{- if not .Values.hosts.tls }} nginx.ingress.kubernetes.io/ssl-redirect: "false" {{- end }} + {{- if .Values.ingress.certManagerAnnotations }} cert-manager.io/cluster-issuer: {{ tpl (.Values.ingress.clusterIssuer | toString) . }} {{- if .Values.ingress.theiaCloudCommonName }} cert-manager.io/common-name: "Theia.Cloud" {{- end }} + {{- end }} nginx.ingress.kubernetes.io/rewrite-target: /service$1 namespace: {{ .Release.Namespace }} spec: diff --git a/charts/theia.cloud/templates/theia-appdefinition-spec.yaml b/charts/theia.cloud/templates/theia-appdefinition-spec.yaml index d2bc388..3ddba8b 100644 --- a/charts/theia.cloud/templates/theia-appdefinition-spec.yaml +++ b/charts/theia.cloud/templates/theia-appdefinition-spec.yaml @@ -1,5 +1,5 @@ {{- if .Values.demoApplication.install }} -apiVersion: theia.cloud/v1beta9 +apiVersion: theia.cloud/v1beta10 kind: AppDefinition metadata: name: theia-cloud-demo @@ -11,6 +11,8 @@ spec: uid: 101 port: 3000 ingressname: {{ tpl (.Values.ingress.instanceName | toString) . }} + ingressHostnamePrefixes: + - "*.webview." minInstances: 0 maxInstances: 10 timeout: {{ tpl (.Values.demoApplication.timeout | toString) . }} diff --git a/charts/theia.cloud/values.yaml b/charts/theia.cloud/values.yaml index 68b3c31..68ae9d6 100644 --- a/charts/theia.cloud/values.yaml +++ b/charts/theia.cloud/values.yaml @@ -94,6 +94,9 @@ hosts: landing: trynow # -- path for deployed instances instance: instances + # -- whether the default Theia Cloud tls secret names should be used. If false no tls secret name will be set on the ingress + # only needed when hosts.usePaths == true and hosts.tls == true + tlsSecretName: false # -- hostname of the REST-API service: service.192.168.39.173.nip.io @@ -113,6 +116,13 @@ hosts: # -- hostname for the launched Theia-applications instance: ws.192.168.39.173.nip.io + # -- all additional wildcard hostnames that may be required in the launched Theia-applications, e.g. + # "*.webview." which leads to "*.webview.ws.192.168.39.173.nip.io" to expose webviews. + # Please note that this means that this usually means that all "ingressHostnamePrefixes" patterns from + # all app definitions need to be added. + # These are required to configure TLS (if enabled via hosts.tls == true) + allWildcardInstances: ["*.webview."] + # -- Values related to the landing page # @default -- (see details below) landingPage: @@ -304,12 +314,18 @@ ingress: # the name instanceName: "theia-cloud-demo-ws-ingress" + # -- When set to true the cert-manager.io annotations will be set. + # When false certificate management is handled outside of Theia Cloud. + certManagerAnnotations: true + # -- The cluster issuer to use + # Only needed when ingress.certManagerAnnotations is true clusterIssuer: letsencrypt-prod # -- When set to true the cert-manager.io/common-name annotation will be set. # This is only required when the issued certificate by the cert-manager misses a # common-name + # Only needed when ingress.certManagerAnnotations is true theiaCloudCommonName: false # -- Sets the maximum allowed size of the client request body inside the application (e.g. file uploads in Theia).