Merge pull request #10 from toddaheath/fix/urls-cors-config

fix: wire correct URLs and CORS for dev and prod environments

Author: toddaheath

.github/workflows/deploy-dev.yml

@@ -88,6 +88,7 @@ jobs:
         run: |
           helm upgrade --install shed-builder deploy/helm/shed-builder \
             --namespace dev --create-namespace \
+            -f deploy/helm/shed-builder/values-dev.yaml \
             --set api.image.repository=${{ vars.ACR_LOGIN_SERVER }}/shed-builder-api \
             --set api.image.tag=${{ needs.build-and-push.outputs.image-tag }} \
             --set ui.image.repository=${{ vars.ACR_LOGIN_SERVER }}/shed-builder-ui \

.github/workflows/deploy-prod.yml

@@ -93,11 +93,10 @@ jobs:
         run: |
           helm upgrade --install shed-builder deploy/helm/shed-builder \
             --namespace production --create-namespace \
+            -f deploy/helm/shed-builder/values-prod.yaml \
             --set api.image.repository=${{ env.REGISTRY }}/${{ github.repository_owner }}/shed-builder-api \
             --set api.image.tag=${{ needs.build-and-push.outputs.image-tag }} \
             --set ui.image.repository=${{ env.REGISTRY }}/${{ github.repository_owner }}/shed-builder-ui \
             --set ui.image.tag=${{ needs.build-and-push.outputs.image-tag }} \
             --set postgres.password=${{ secrets.DB_PASSWORD }} \
-            --set ingress.enabled=true \
-            --set ingress.host=${{ vars.PRODUCTION_HOST }} \
             --wait --timeout 5m

deploy/helm/shed-builder/templates/api-deployment.yaml

@@ -35,6 +35,8 @@ spec:
               value: "Host={{ include "shed-builder.fullname" . }}-postgres;Database={{ .Values.postgres.database }};Username={{ .Values.postgres.username }};Password=$(DB_PASSWORD)"
             - name: ASPNETCORE_ENVIRONMENT
               value: Production
+            - name: Cors__AllowedOrigins
+              value: {{ .Values.api.corsAllowedOrigins | quote }}
           resources:
             {{- toYaml .Values.api.resources | nindent 12 }}
           livenessProbe:

deploy/helm/shed-builder/templates/ingress.yaml

@@ -5,19 +5,30 @@ metadata:
   name: {{ include "shed-builder.fullname" . }}
   labels:
     {{- include "shed-builder.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   ingressClassName: {{ .Values.ingress.className }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- toYaml .Values.ingress.tls | nindent 4 }}
+  {{- end }}
   rules:
-    - host: {{ .Values.ingress.host }}
+    - host: {{ .Values.ingress.apiHost }}
       http:
         paths:
-          - path: /api
+          - path: /
             pathType: Prefix
             backend:
               service:
                 name: {{ include "shed-builder.fullname" . }}-api
                 port:
                   number: {{ .Values.api.port }}
+    - host: {{ .Values.ingress.uiHost }}
+      http:
+        paths:
           - path: /
             pathType: Prefix
             backend:

deploy/helm/shed-builder/templates/ui-deployment.yaml

@@ -27,3 +27,11 @@ spec:
             - containerPort: {{ .Values.ui.port }}
           resources:
             {{- toYaml .Values.ui.resources | nindent 12 }}
+          volumeMounts:
+            - name: nginx-config
+              mountPath: /etc/nginx/conf.d/default.conf
+              subPath: default.conf
+      volumes:
+        - name: nginx-config
+          configMap:
+            name: {{ include "shed-builder.fullname" . }}-nginx

deploy/helm/shed-builder/templates/ui-nginx-configmap.yaml

@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "shed-builder.fullname" . }}-nginx
+  labels:
+    {{- include "shed-builder.labels" . | nindent 4 }}
+data:
+  default.conf: |
+    server {
+        listen 80;
+        root /usr/share/nginx/html;
+        index index.html;
+
+        location /api/ {
+            proxy_pass http://{{ include "shed-builder.fullname" . }}-api:{{ .Values.api.port }}/api/;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+        }
+
+        location / {
+            try_files $uri $uri/ /index.html;
+        }
+    }

deploy/helm/shed-builder/values-dev.yaml

@@ -0,0 +1,7 @@
+api:
+  corsAllowedOrigins: "https://ballistics-calc.dev.heathrobotics.io"
+
+ingress:
+  enabled: true
+  apiHost: shed-builder-api.dev.heathrobotics.io
+  uiHost: ballistics-calc.dev.heathrobotics.io

deploy/helm/shed-builder/values-prod.yaml

@@ -0,0 +1,7 @@
+api:
+  corsAllowedOrigins: "https://shed-builder.heathrobotics.io"
+
+ingress:
+  enabled: true
+  apiHost: shed-builder-api.heathrobotics.io
+  uiHost: shed-builder.heathrobotics.io

deploy/helm/shed-builder/values.yaml

@@ -5,6 +5,7 @@ api:
     pullPolicy: IfNotPresent
   replicas: 1
   port: 8080
+  corsAllowedOrigins: ""
   resources:
     requests:
       cpu: 100m
@@ -49,4 +50,7 @@ autoscaling:
 ingress:
   enabled: false
   className: nginx
-  host: shed-builder.local
+  annotations: {}
+  apiHost: shed-builder-api.local
+  uiHost: shed-builder.local
+  tls: []

src/ShedBuilder.Api/Program.cs

@@ -33,13 +33,26 @@
 
 QuestPDF.Settings.License = QuestPDF.Infrastructure.LicenseType.Community;
 
+var corsOrigins = builder.Configuration["Cors:AllowedOrigins"]
+    ?.Split(',', StringSplitOptions.TrimEntries | StringSplitOptions.RemoveEmptyEntries)
+    ?? [];
+
 builder.Services.AddCors(options =>
 {
     options.AddDefaultPolicy(policy =>
     {
-        policy.AllowAnyOrigin()
-              .AllowAnyHeader()
-              .AllowAnyMethod();
+        if (corsOrigins.Length > 0)
+        {
+            policy.WithOrigins(corsOrigins)
+                  .AllowAnyHeader()
+                  .AllowAnyMethod();
+        }
+        else
+        {
+            policy.AllowAnyOrigin()
+                  .AllowAnyHeader()
+                  .AllowAnyMethod();
+        }
     });
 });