Skip to content

Commit

Permalink
BC-5546 - add ingress ansible roles
Browse files Browse the repository at this point in the history
  • Loading branch information
mamutmk5 committed Oct 24, 2023
1 parent 88c6f4e commit 3e785f1
Show file tree
Hide file tree
Showing 6 changed files with 208 additions and 0 deletions.
25 changes: 25 additions & 0 deletions ansible/roles/schulcloud-server-core/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -58,20 +58,45 @@
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
template: deployment.yml.j2

- name: Ingress
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
template: ingress.yml.j2

- name: FileStorageDeployment
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
template: api-files-deployment.yml.j2

- name: FileStorageDeployment
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
template: api-files-deployment.yml.j2

- name: File Storage Ingress
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
template: api-files-ingress.yml.j2

- name: FwuLearningContentsDeployment
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
template: api-fwu-deployment.yml.j2
when: FEATURE_FWU_CONTENT_ENABLED is defined and FEATURE_FWU_CONTENT_ENABLED|bool

- name: Fwu Learning Contents Ingress
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
template: api-fwu-ingress.yml.j2
when: FEATURE_FWU_CONTENT_ENABLED is defined and FEATURE_FWU_CONTENT_ENABLED|bool

- name: Delete Files CronJob
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ NAMESPACE }}-api-files-ingress
namespace: {{ NAMESPACE }}
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}"
nginx.ingress.kubernetes.io/proxy-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m"
nginx.org/client-max-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m"
# The following properties added with BC-3606.
# The header size of the request is too big. For e.g. state and the permanent growing jwt.
# Nginx throws away the Location header, resulting in the 502 Bad Gateway.
nginx.ingress.kubernetes.io/client-header-buffer-size: 100k
nginx.ingress.kubernetes.io/http2-max-header-size: 96k
nginx.ingress.kubernetes.io/large-client-header-buffers: 4 100k
nginx.ingress.kubernetes.io/proxy-buffer-size: 96k
nginx.ingress.kubernetes.io/server-snippet: |
client_header_buffer_size 100k;
large_client_header_buffers 4 100k;
{% if CLUSTER_ISSUER is defined %}
cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }}
{% endif %}

spec:
ingressClassName: nginx
{% if CLUSTER_ISSUER is defined or (TLS_ENABELD is defined and TLS_ENABELD|bool) %}
tls:
- hosts:
- {{ DOMAIN }}
{% if CLUSTER_ISSUER is defined %}
secretName: {{ DOMAIN }}-tls
{% endif %}
{% endif %}
rules:
- host: {{ DOMAIN }}
http:
paths:
- path: /api/v3/file/
backend:
service:
name: api-files-svc
port:
number: {{ PORT_FILE_SERVICE }}
pathType: Prefix
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ NAMESPACE }}-api-fwu-ingress
namespace: {{ NAMESPACE }}
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}"
nginx.ingress.kubernetes.io/proxy-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m"
nginx.org/client-max-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m"
# The following properties added with BC-3606.
# The header size of the request is too big. For e.g. state and the permanent growing jwt.
# Nginx throws away the Location header, resulting in the 502 Bad Gateway.
nginx.ingress.kubernetes.io/client-header-buffer-size: 100k
nginx.ingress.kubernetes.io/http2-max-header-size: 96k
nginx.ingress.kubernetes.io/large-client-header-buffers: 4 100k
nginx.ingress.kubernetes.io/proxy-buffer-size: 96k
nginx.ingress.kubernetes.io/server-snippet: |
client_header_buffer_size 100k;
large_client_header_buffers 4 100k;
{% if CLUSTER_ISSUER is defined %}
cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }}
{% endif %}

spec:
ingressClassName: nginx
{% if CLUSTER_ISSUER is defined or (TLS_ENABELD is defined and TLS_ENABELD|bool) %}
tls:
- hosts:
- {{ DOMAIN }}
{% if CLUSTER_ISSUER is defined %}
secretName: {{ DOMAIN }}-tls
{% endif %}
{% endif %}
rules:
- host: {{ DOMAIN }}
http:
paths:
- path: /api/v3/fwu/
backend:
service:
name: api-fwu-svc
port:
number: {{ PORT_FWU_LEARNING_CONTENTS }}
pathType: Prefix
44 changes: 44 additions & 0 deletions ansible/roles/schulcloud-server-core/templates/ingress.yml.j2
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ NAMESPACE }}-api-ingress
namespace: {{ NAMESPACE }}
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}"
nginx.ingress.kubernetes.io/proxy-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m"
nginx.org/client-max-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m"
# The following properties added with BC-3606.
# The header size of the request is too big. For e.g. state and the permanent growing jwt.
# Nginx throws away the Location header, resulting in the 502 Bad Gateway.
nginx.ingress.kubernetes.io/client-header-buffer-size: 100k
nginx.ingress.kubernetes.io/http2-max-header-size: 96k
nginx.ingress.kubernetes.io/large-client-header-buffers: 4 100k
nginx.ingress.kubernetes.io/proxy-buffer-size: 96k
nginx.ingress.kubernetes.io/server-snippet: |
client_header_buffer_size 100k;
large_client_header_buffers 4 100k;
{% if CLUSTER_ISSUER is defined %}
cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }}
{% endif %}

spec:
ingressClassName: nginx
{% if CLUSTER_ISSUER is defined or (TLS_ENABELD is defined and TLS_ENABELD|bool) %}
tls:
- hosts:
- {{ DOMAIN }}
{% if CLUSTER_ISSUER is defined %}
secretName: {{ DOMAIN }}-tls
{% endif %}
{% endif %}
rules:
- host: {{ DOMAIN }}
http:
paths:
- path: /api/v3/
backend:
service:
name: api-svc
port:
number: {{ PORT_SERVER }}
pathType: Prefix
7 changes: 7 additions & 0 deletions ansible/roles/schulcloud-server-h5p/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,11 @@
namespace: "{{ NAMESPACE }}"
template: api-h5p-deployment.yml.j2
when: WITH_H5P_EDITOR is defined and WITH_H5P_EDITOR|bool

- name: H5p Editor Ingress
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
template: api-h5p-ingress.yml.j2
when: WITH_H5P_EDITOR is defined and WITH_H5P_EDITOR|bool

Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ NAMESPACE }}-api-h5p-ingress
namespace: {{ NAMESPACE }}
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "{{ TLS_ENABELD|default("false") }}"
nginx.ingress.kubernetes.io/proxy-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m"
nginx.org/client-max-body-size: "{{ INGRESS_MAX_BODY_SIZE|default("2560") }}m"
# The following properties added with BC-3606.
# The header size of the request is too big. For e.g. state and the permanent growing jwt.
# Nginx throws away the Location header, resulting in the 502 Bad Gateway.
nginx.ingress.kubernetes.io/client-header-buffer-size: 100k
nginx.ingress.kubernetes.io/http2-max-header-size: 96k
nginx.ingress.kubernetes.io/large-client-header-buffers: 4 100k
nginx.ingress.kubernetes.io/proxy-buffer-size: 96k
nginx.ingress.kubernetes.io/server-snippet: |
client_header_buffer_size 100k;
large_client_header_buffers 4 100k;
{% if CLUSTER_ISSUER is defined %}
cert-manager.io/cluster-issuer: {{ CLUSTER_ISSUER }}
{% endif %}

spec:
ingressClassName: nginx
{% if CLUSTER_ISSUER is defined or (TLS_ENABELD is defined and TLS_ENABELD|bool) %}
tls:
- hosts:
- {{ DOMAIN }}
{% if CLUSTER_ISSUER is defined %}
secretName: {{ DOMAIN }}-tls
{% endif %}
{% endif %}
rules:
- host: {{ DOMAIN }}
http:
paths:
- path: /api/v3/h5p-editor/
backend:
service:
name: api-h5p-svc
port:
number: 4448
pathType: Prefix

0 comments on commit 3e785f1

Please sign in to comment.