uc-cdis · andrzejgrzelak · Sep 26, 2023 · Sep 26, 2023 · Sep 27, 2023
diff --git a/helm/fence/templates/usersync-cron.yaml b/helm/fence/templates/usersync-cron.yaml
@@ -53,11 +53,6 @@ spec:
             - name: cred-volume
               secret:
                 secretName: aws-config-fence
-          initContainers:
-            - name: wait-for-fence
-              image: curlimages/curl:latest
-              command: ["/bin/sh","-c"]
-              args: ["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done"]
           containers:
           - name: usersync
             image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -101,6 +96,7 @@ spec:
               - "-c"
               # Script always succeeds if it runs (echo exits with 0)
               - |
+                while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done
                 echo 'options use-vc' >> /etc/resolv.conf
                 pip3 install SQLAlchemy==1.3.6
                 # can be removed once this is merged: https://github.com/uc-cdis/fence/pull/1096

diff --git a/helm/indexd/templates/pre-install.yaml b/helm/indexd/templates/pre-install.yaml
@@ -19,11 +19,6 @@ spec:
       volumes:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      initContainers:
-        - name: wait-for-indexd
-          image: curlimages/curl:latest
-          command: ["/bin/sh","-c"]
-          args: ["while [ $(curl -sw '%{http_code}' http://indexd-service/index -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for indexd...'; done"]
       containers:
         - name: indexd
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -82,6 +77,7 @@ spec:
             # Script always succeeds if it runs (echo exits with 0)
             # indexd image does not include jq, so use python 
             - |
+              while [ $(curl -sw '%{http_code}' http://indexd-service/index -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for indexd...'; done
               echo 'python /indexd/bin/index_admin.py create --username "fence" --password "${FENCE_PASS}'
               python /indexd/bin/index_admin.py create --username "fence" --password "${FENCE_PASS}"
               echo 'python /indexd/bin/index_admin.py create --username "sheepdog" --password "${SHEEPDOG_PASS}'

diff --git a/helm/revproxy/gen3.nginx.conf/indexd-service.conf b/helm/revproxy/gen3.nginx.conf/indexd-service.conf
@@ -1,4 +1,3 @@
-
           # GA4GH endpoint for DOS resolver and DRS server
           location /ga4gh/ {
               if ($csrf_check !~ ^ok-\S.+$) {
@@ -45,7 +44,7 @@
               set $proxy_service  "indexd";
               set $upstream http://indexd-service$des_domain;
               rewrite ^/index-admin/(.*) /$1 break;
-              proxy_set_header   Host $host;
+              proxy_set_header   Host indexd-service$des_domain;
               proxy_set_header   X-Forwarded-For "$realip";
               proxy_set_header   X-UserId "$userid";
               proxy_set_header   X-SessionId "$session_id";

diff --git a/helm/revproxy/gen3.nginx.conf/metadata-service.conf b/helm/revproxy/gen3.nginx.conf/metadata-service.conf
@@ -28,7 +28,7 @@
               set $proxy_service  "metadata-service";
               set $upstream http://metadata-service$des_domain;
               rewrite ^/mds-admin/(.*) /$1 break;
-              proxy_set_header   Host $host;
+              proxy_set_header   Host metadata-service$des_domain;
               proxy_set_header   X-Forwarded-For "$realip";
               proxy_set_header   X-UserId "$userid";
               proxy_set_header   X-SessionId "$session_id";

diff --git a/helm/revproxy/gen3.nginx.conf/peregrine-service.conf b/helm/revproxy/gen3.nginx.conf/peregrine-service.conf
@@ -2,10 +2,12 @@
           location /peregrine/_status {
               set $proxy_service  "peregrine";
               set $upstream http://peregrine-service.$namespace.svc.cluster.local/_status;
+              proxy_set_header   Host "peregrine-service.$namespace.svc.cluster.local";
               proxy_pass $upstream;
           }
           location /peregrine/_version {
               set $upstream http://peregrine-service.$namespace.svc.cluster.local/_version;
+              proxy_set_header   Host "peregrine-service.$namespace.svc.cluster.local";
               proxy_pass $upstream;
           }
           location /api/search {
@@ -15,7 +17,7 @@
 
               gzip off;
               proxy_next_upstream off;
-              proxy_set_header   Host $host;
+              proxy_set_header   Host "peregrine-service.$namespace.svc.cluster.local";
               proxy_set_header   Authorization "$access_token";
               proxy_set_header   X-Forwarded-For "$realip";
               proxy_set_header   X-UserId "$userid";
@@ -40,7 +42,7 @@
 
               gzip off;
               proxy_next_upstream off;
-              proxy_set_header   Host $host;
+              proxy_set_header   Host "peregrine-service.$namespace.svc.cluster.local";
               proxy_set_header   Authorization "$access_token";
               proxy_set_header   X-Forwarded-For "$realip";
               proxy_set_header   X-UserId "$userid";
@@ -65,6 +67,7 @@
               proxy_next_upstream off;
 
               set $proxy_service  "peregrine";
+              proxy_set_header   Host "peregrine-service.$namespace.svc.cluster.local";
               set $upstream http://peregrine-service.$namespace.svc.cluster.local/v0/submission/getschema;
               proxy_pass $upstream;
           }
diff --git a/helm/revproxy/gen3.nginx.conf/sheepdog-service.conf b/helm/revproxy/gen3.nginx.conf/sheepdog-service.conf
@@ -6,7 +6,7 @@ location /api/ {
   proxy_next_upstream off;
   # Forward the host and set Subdir header so api
   # knows the original request path for hmac signing
-  proxy_set_header   Host $host;
+  proxy_set_header   Host sheepdog-service.$namespace.svc.cluster.local;
   proxy_set_header   Subdir /api;
   proxy_set_header   Authorization "$access_token";
   proxy_set_header   X-Forwarded-For "$realip";

diff --git a/helm/revproxy/gen3.nginx.conf/workspace-token-service.conf b/helm/revproxy/gen3.nginx.conf/workspace-token-service.conf
@@ -5,7 +5,7 @@
 
               gzip off;
               proxy_next_upstream off;
-              proxy_set_header   Host $host;
+              proxy_set_header   Host workspace-token-service.$namespace.svc.cluster.local;
               proxy_set_header   Authorization "$access_token";
               proxy_set_header   X-Forwarded-For "$realip";
               proxy_set_header   X-UserId "$userid";

diff --git a/helm/revproxy/nginx/nginx.conf b/helm/revproxy/nginx/nginx.conf
@@ -165,11 +165,11 @@ http {
     server_tokens off;
     proxy_hide_header server;
     proxy_hide_header X-Powered-By;
+    proxy_http_version 1.1;
     add_header "X-Frame-Options" "SAMEORIGIN" always;
     add_header "X-Content-Type-Options" "nosniff" always;
     add_header "X-Xss-Protection" "1; mode=block" always;
 
-    if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; }
     #
     # Strict-Transport-Security only applys for https traffic - set after testing protocol
     #
@@ -259,7 +259,6 @@ http {
     #   not set headers ... http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header
     #
     proxy_set_header   Authorization "$access_token";
-    proxy_set_header   Host $host;
     proxy_set_header   X-Forwarded-For "$realip";
     proxy_set_header   X-UserId "$userid";
     # Can propagate this request id through downstream microservice requests for tracing

diff --git a/helm/wts/templates/wts-oidc.yaml b/helm/wts/templates/wts-oidc.yaml
@@ -16,11 +16,6 @@ spec:
             secretName: "fence-config"
         - name: shared-volume
           emptyDir: {}
-      initContainers:
-        - name: wait-for-fence
-          image: curlimages/curl:latest
-          command: ["/bin/sh","-c"]
-          args: ["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done"]
       containers:
         - name: fence-client
           # TODO: Make this configurable
@@ -32,6 +27,8 @@ spec:
           args:
             - "-c"
             - |
+              while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done
+
               export WTS_HOSTNAME={{ .Values.global.hostname }}
               echo "Trying to generate WTS client for hostname : $WTS_HOSTNAME..."