🔧(helm) add ingress collaboration api

We need to keep the stickyness between the
collaboration api and the ws server, to do so,
we will use "upstream-hash-by: $arg_room", meaning
that the stickyness will be based on the room query.
We need to ahve 2 ingress to handle the
"collaboration_auth", only the ws routes has to
use the "collaboration_auth" subrequest.

Author: AntoLC

src/helm/env.d/dev/values.impress.yaml.gotmpl

@@ -8,7 +8,7 @@ backend:
   envVars:
     COLLABORATION_API_URL: https://impress.127.0.0.1.nip.io/collaboration/api/
     COLLABORATION_SERVER_SECRET: my-secret
-    DJANGO_CSRF_TRUSTED_ORIGINS: https://impress.127.0.0.1.nip.io,http://impress.127.0.0.1.nip.io
+    DJANGO_CSRF_TRUSTED_ORIGINS: https://impress.127.0.0.1.nip.io
     DJANGO_CONFIGURATION: Feature
     DJANGO_ALLOWED_HOSTS: impress.127.0.0.1.nip.io
     DJANGO_SECRET_KEY: {{ .Values.djangoSecretKey }}
@@ -28,7 +28,9 @@ backend:
     OIDC_RP_CLIENT_ID: {{ .Values.oidc.clientId }}
     OIDC_RP_CLIENT_SECRET: {{ .Values.oidc.clientSecret }}
     OIDC_RP_SIGN_ALGO: RS256
-    OIDC_RP_SCOPES: "openid email"
+    OIDC_RP_SCOPES: "openid email given_name usual_name"
+    USER_OIDC_FIELD_TO_SHORTNAME: "given_name"
+    USER_OIDC_FIELDS_TO_FULLNAME: "given_name,usual_name"
     OIDC_REDIRECT_ALLOWED_HOSTS: https://impress.127.0.0.1.nip.io
     OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
     LOGIN_REDIRECT_URL: https://impress.127.0.0.1.nip.io
@@ -77,8 +79,6 @@ frontend:
   envVars:
     PORT: 8080
     NEXT_PUBLIC_API_ORIGIN: https://impress.127.0.0.1.nip.io
-    NEXT_PUBLIC_Y_PROVIDER_URL: wss://impress.127.0.0.1.nip.io/ws
-    NEXT_PUBLIC_MEDIA_URL: https://impress.127.0.0.1.nip.io
 
   replicas: 1
   command:
@@ -107,15 +107,16 @@ ingress:
   enabled: true
   host: impress.127.0.0.1.nip.io
 
-ingressWS:
+ingressCollaborationWS:
   enabled: true
   host: impress.127.0.0.1.nip.io
-
+  
   annotations:
-    nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, Can-Edit, User-Id"
     nginx.ingress.kubernetes.io/auth-url: https://impress.127.0.0.1.nip.io/api/v1.0/documents/collaboration-auth/
-    nginx.ingress.kubernetes.io/enable-websocket: "true"
-    nginx.ingress.kubernetes.io/upstream-hash-by: "$request_uri"
+
+ingressCollaborationApi:
+  enabled: true
+  host: impress.127.0.0.1.nip.io
 
 ingressAdmin:
   enabled: true

src/helm/impress/templates/ingress_collaboration_api.yaml

@@ -0,0 +1,72 @@
+{{- if .Values.ingressCollaborationApi.enabled -}}
+{{- $fullName := include "impress.fullname" . -}}
+{{- if and .Values.ingressCollaborationApi.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingressCollaborationApi.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingressCollaborationApi.annotations "kubernetes.io/ingress.class" .Values.ingressCollaborationApi.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-collaboration-api
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "impress.labels" . | nindent 4 }}
+  {{- with .Values.ingressCollaborationApi.annotations }}
+  annotations:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingressCollaborationApi.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingressCollaborationApi.className }}
+  {{- end }}
+  {{- if .Values.ingressCollaborationApi.tls.enabled }}
+  tls:
+    {{- if .Values.ingressCollaborationApi.host }}
+    - secretName: {{ $fullName }}-tls
+      hosts:
+        - {{ .Values.ingressCollaborationApi.host | quote }}
+    {{- end }}
+    {{- range .Values.ingressCollaborationApi.tls.additional }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- if .Values.ingressCollaborationApi.host }}
+    - host: {{ .Values.ingressCollaborationApi.host | quote }}
+      http:
+        paths:
+          - path: {{ .Values.ingressCollaborationApi.path | quote }}
+            {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
+            pathType: ImplementationSpecific
+            {{- end }}
+            backend:
+              service:
+                name: {{ include "impress.yProvider.fullname" . }}
+                port:
+                  number: {{ .Values.yProvider.service.port }}
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ include "impress.yProvider.fullname" . }}
+                port:
+                  number: {{ .Values.yProvider.service.port }}
+              {{- else }}
+              serviceName: {{ include "impress.yProvider.fullname" . }}
+              servicePort: {{ .Values.yProvider.service.port }}
+            {{- end }}
+          {{- with .Values.ingressCollaborationApi.customBackends }}
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+    {{- end }}
+{{- end }}
+

src/helm/impress/templates/ingress_ws.yaml renamed to src/helm/impress/templates/ingress_collaboration_ws.yaml

@@ -1,8 +1,8 @@
-{{- if .Values.ingressWS.enabled -}}
+{{- if .Values.ingressCollaborationWS.enabled -}}
 {{- $fullName := include "impress.fullname" . -}}
-{{- if and .Values.ingressWS.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
-  {{- if not (hasKey .Values.ingressWS.annotations "kubernetes.io/ingress.class") }}
-  {{- $_ := set .Values.ingressWS.annotations "kubernetes.io/ingress.class" .Values.ingressWS.className}}
+{{- if and .Values.ingressCollaborationWS.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingressCollaborationWS.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingressCollaborationWS.annotations "kubernetes.io/ingress.class" .Values.ingressCollaborationWS.className}}
   {{- end }}
 {{- end }}
 {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
@@ -18,22 +18,22 @@ metadata:
   namespace: {{ .Release.Namespace | quote }}
   labels:
     {{- include "impress.labels" . | nindent 4 }}
-  {{- with .Values.ingressWS.annotations }}
+  {{- with .Values.ingressCollaborationWS.annotations }}
   annotations:
   {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
-  {{- if and .Values.ingressWS.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
-  ingressClassName: {{ .Values.ingressWS.className }}
+  {{- if and .Values.ingressCollaborationWS.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingressCollaborationWS.className }}
   {{- end }}
-  {{- if .Values.ingressWS.tls.enabled }}
+  {{- if .Values.ingressCollaborationWS.tls.enabled }}
   tls:
-    {{- if .Values.ingressWS.host }}
+    {{- if .Values.ingressCollaborationWS.host }}
     - secretName: {{ $fullName }}-tls
       hosts:
-        - {{ .Values.ingressWS.host | quote }}
+        - {{ .Values.ingressCollaborationWS.host | quote }}
     {{- end }}
-    {{- range .Values.ingressWS.tls.additional }}
+    {{- range .Values.ingressCollaborationWS.tls.additional }}
     - hosts:
         {{- range .hosts }}
         - {{ . | quote }}
@@ -42,11 +42,11 @@ spec:
     {{- end }}
   {{- end }}
   rules:
-    {{- if .Values.ingressWS.host }}
-    - host: {{ .Values.ingressWS.host | quote }}
+    {{- if .Values.ingressCollaborationWS.host }}
+    - host: {{ .Values.ingressCollaborationWS.host | quote }}
       http:
         paths:
-          - path: {{ .Values.ingressWS.path | quote }}
+          - path: {{ .Values.ingressCollaborationWS.path | quote }}
             {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
             pathType: ImplementationSpecific
             {{- end }}
@@ -64,7 +64,7 @@ spec:
               serviceName: {{ include "impress.yProvider.fullname" . }}
               servicePort: {{ .Values.yProvider.service.port }}
             {{- end }}
-          {{- with .Values.ingressWS.customBackends }}
+          {{- with .Values.ingressCollaborationWS.customBackends }}
             {{- toYaml . | nindent 10 }}
           {{- end }}
     {{- end }}

src/helm/impress/values.yaml

@@ -48,34 +48,62 @@ ingress:
   ## @param ingress.customBackends Add custom backends to ingress
   customBackends: []
 
-## @param ingressWS.enabled whether to enable the Ingress or not
-## @param ingressWS.className IngressClass to use for the Ingress
-## @param ingressWS.host Host for the Ingress
-## @param ingressWS.path Path to use for the Ingress
-ingressWS:
+## @param ingressCollaborationWS.enabled whether to enable the Ingress or not
+## @param ingressCollaborationWS.className IngressClass to use for the Ingress
+## @param ingressCollaborationWS.host Host for the Ingress
+## @param ingressCollaborationWS.path Path to use for the Ingress
+ingressCollaborationWS:
   enabled: false
   className: null
   host: impress.example.com
-  path: /ws
+  path: /collaboration/ws/
   ## @param ingress.hosts Additional host to configure for the Ingress
   hosts: []
   #  - chart-example.local
-  ## @param ingressWS.tls.enabled Wether to enable TLS for the Ingress
-  ## @skip ingressWS.tls.additional
-  ## @extra ingressWS.tls.additional[].secretName Secret name for additional TLS config
-  ## @extra ingressWS.tls.additional[].hosts[] Hosts for additional TLS config
+  ## @param ingressCollaborationWS.tls.enabled Wether to enable TLS for the Ingress
+  ## @skip ingressCollaborationWS.tls.additional
+  ## @extra ingressCollaborationWS.tls.additional[].secretName Secret name for additional TLS config
+  ## @extra ingressCollaborationWS.tls.additional[].hosts[] Hosts for additional TLS config
   tls:
     enabled: true
     additional: []
 
-  ## @param ingressWS.customBackends Add custom backends to ingress
+  ## @param ingressCollaborationWS.customBackends Add custom backends to ingress
   customBackends: []
 
   annotations: 
+    nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Can-Edit, X-User-Id"
     nginx.ingress.kubernetes.io/auth-url: https://impress.example.com/api/v1.0/documents/collaboration-auth/
-    nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, Can-Edit, User-Id"
     nginx.ingress.kubernetes.io/enable-websocket: "true" 
-    nginx.ingress.kubernetes.io/upstream-hash-by: "$request_uri"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "86400"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "86400"
+    nginx.ingress.kubernetes.io/upstream-hash-by: $arg_room
+
+## @param ingressCollaborationApi.enabled whether to enable the Ingress or not
+## @param ingressCollaborationApi.className IngressClass to use for the Ingress
+## @param ingressCollaborationApi.host Host for the Ingress
+## @param ingressCollaborationApi.path Path to use for the Ingress
+ingressCollaborationApi:
+  enabled: false
+  className: null
+  host: impress.example.com
+  path: /collaboration/api/
+  ## @param ingress.hosts Additional host to configure for the Ingress
+  hosts: []
+  #  - chart-example.local
+  ## @param ingressCollaborationApi.tls.enabled Wether to enable TLS for the Ingress
+  ## @skip ingressCollaborationApi.tls.additional
+  ## @extra ingressCollaborationApi.tls.additional[].secretName Secret name for additional TLS config
+  ## @extra ingressCollaborationApi.tls.additional[].hosts[] Hosts for additional TLS config
+  tls:
+    enabled: true
+    additional: []
+
+  ## @param ingressCollaborationApi.customBackends Add custom backends to ingress
+  customBackends: []
+
+  annotations: 
+    nginx.ingress.kubernetes.io/upstream-hash-by: $arg_room
 
 ## @param ingressAdmin.enabled whether to enable the Ingress or not
 ## @param ingressAdmin.className IngressClass to use for the Ingress