CH-225 implement gatekeeper and ingress optimizations

applications/common/deploy/values.yaml

@@ -5,6 +5,9 @@ harness:
     auto: true
     port: 8080
     name: common
+  proxy:
+    gatekeeper:
+      replicas: 1
   deployment:
     auto: true
     name: common

applications/samples/deploy/values.yaml

@@ -17,6 +17,9 @@ harness:
       usenfs: false
     auto: true
     port: 8080
+  proxy:
+    gatekeeper:
+      replicas: 1
   uri_role_mapping:
     - uri: /
       white-listed: true

applications/volumemanager/deploy/values.yaml

@@ -1,6 +1,9 @@
 harness:
   name: volumemanager
   subdomain: volumemanager
+  proxy:
+    gatekeeper:
+      replicas: 1
   service:
     port: 8080
     auto: true

deployment-configuration/helm/templates/auto-gatekeepers.yaml

@@ -121,7 +121,7 @@ metadata:
   labels:
     app: "{{ .subdomain  }}-gk"
 spec:
-  replicas: 1
+  replicas: {{ .app.harness.proxy.gatekeeper.replicas | default .root.Values.proxy.gatekeeper.replicas | default 5 }}
   selector:
     matchLabels:
       app: "{{ .subdomain  }}-gk"
@@ -135,7 +135,7 @@ spec:
 {{ include "deploy_utils.etcHosts" .root | indent 6 }}
       containers:
       - name: {{ .app.harness.service.name | quote }}
-        image: "quay.io/gogatekeeper/gatekeeper:2.14.3"
+        image: {{ .app.harness.proxy.gatekeeper.image | default .root.Values.proxy.gatekeeper.image | default "quay.io/gogatekeeper/gatekeeper:2.14.3" }}
         imagePullPolicy: IfNotPresent
         {{ if .root.Values.local }}
         securityContext:
@@ -163,12 +163,7 @@ spec:
         - name: https
           containerPort: 8443
         resources:
-          requests:
-            memory: "32Mi"
-            cpu: "5m"
-          limits:
-            memory: "64Mi"
-            cpu: "100m"
+{{ .app.harness.proxy.gatekeeper.resources | default .root.Values.proxy.gatekeeper.resources | toYaml | nindent 10 }}
       volumes:
       - name: "{{ .subdomain  }}-gk-proxy-config"
         configMap:

deployment-configuration/helm/templates/ingress.yaml

@@ -1,15 +1,52 @@
 {{- define "deploy_utils.ingress.http" }}
   {{ $domain := .root.Values.domain }}
   {{ $secured_gatekeepers := and .root.Values.secured_gatekeepers }}
+  {{ $app := .app }}
     http:
       paths:
+{{- if and $app.harness.secured $secured_gatekeepers $app.harness.uri_role_mapping }}
+  {{- range $mapping := $app.harness.uri_role_mapping }}
+    {{- if and (hasKey $mapping "white-listed") (index $mapping "white-listed") }}
+      {{- $uri := $mapping.uri }}
+      {{- if eq $uri "/" }}
+      - path: /()
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: {{ $app.harness.service.name | quote }}
+            port:
+              number: {{ $app.harness.service.port | default 80 }}
+      {{- else if hasSuffix "/*" $uri }}
+        {{- $cleanPath := trimSuffix "/*" $uri }}
+        {{- $pathWithoutSlash := trimPrefix "/" $cleanPath }}
+      - path: {{ printf "/(%s/.*)" $pathWithoutSlash }}
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: {{ $app.harness.service.name | quote }}
+            port:
+              number: {{ $app.harness.service.port | default 80 }}
+      {{- else if not (contains "*" $uri) }}
+        {{- $pathWithoutSlash := trimPrefix "/" $uri }}
+      - path: {{ printf "/(%s)" $pathWithoutSlash }}
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: {{ $app.harness.service.name | quote }}
+            port:
+              number: {{ $app.harness.service.port | default 80 }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+{{- end }}
       - path: /(.*)
         pathType: ImplementationSpecific
         backend:
           service:
-            name: {{ if (and .app.harness.secured $secured_gatekeepers) }}{{ printf "%s-gk" .subdomain }}{{ else }}{{ .app.harness.service.name | quote }}{{ end }}
+            name: {{ if (and $app.harness.secured $secured_gatekeepers) }}{{ printf "%s-gk" .subdomain }}{{ else }}{{ $app.harness.service.name | quote }}{{ end }}
             port:
-              number: {{- if (and .app.harness.secured $secured_gatekeepers) }} 8080 {{- else }} {{ .app.harness.service.port | default 80  }}{{- end }}
+              number: {{- if (and $app.harness.secured $secured_gatekeepers) }} 8080 {{- else }} {{ $app.harness.service.port | default 80  }}{{- end }}
+
 {{- end }}
 {{- define "deploy_utils.ingress.service" }}
   {{ $domain := .root.Values.domain }}
@@ -40,6 +77,9 @@ metadata:
     nginx.ingress.kubernetes.io/ssl-redirect: {{ (and $tls .Values.ingress.ssl_redirect) | quote }}
     nginx.ingress.kubernetes.io/proxy-body-size: '{{ .Values.proxy.payload.max }}m'
     nginx.ingress.kubernetes.io/proxy-buffer-size: '128k'
+    nginx.ingress.kubernetes.io/proxy-buffering: "on"
+    nginx.ingress.kubernetes.io/proxy-buffers-number: "8"
+    nginx.ingress.kubernetes.io/proxy-max-temp-file-size: "1024m"
     nginx.ingress.kubernetes.io/from-to-www-redirect: 'true'
     nginx.ingress.kubernetes.io/rewrite-target: /$1
     nginx.ingress.kubernetes.io/auth-keepalive-timeout: {{ .Values.proxy.timeout.keepalive | quote }}

deployment-configuration/helm/values.yaml

@@ -76,3 +76,13 @@ proxy:
   payload:
     # -- Maximum size of payload in MB
     max: 250
+  gatekeeper:
+    # -- Default gatekeeper image
+    image: "quay.io/gogatekeeper/gatekeeper:2.14.3"
+    # -- Default number of gatekeeper replicas
+    replicas: 1
+    resources:
+      requests:
+        memory: "32Mi"
+      limits:
+        memory: "64Mi"

deployment-configuration/value-template.yaml

@@ -139,3 +139,13 @@ harness:
     payload:
       # -- Maximum size of payload in MB
       max:
+    gatekeeper:
+      # -- Default gatekeeper image
+      image: "quay.io/gogatekeeper/gatekeeper:2.14.3"
+      # -- Default number of gatekeeper replicas
+      replicas: 1
+      resources:
+        requests:
+          memory: "32Mi"
+        limits:
+          memory: "64Mi"

docs/model/GatekeeperConf.md

@@ -0,0 +1,31 @@
+# GatekeeperConf
+
+
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**image** | **str** |  | [optional] 
+**replicas** | **int** |  | [optional] 
+
+## Example
+
+```python
+from cloudharness_model.models.gatekeeper_conf import GatekeeperConf
+
+# TODO update the JSON string below
+json = "{}"
+# create an instance of GatekeeperConf from a JSON string
+gatekeeper_conf_instance = GatekeeperConf.from_json(json)
+# print the JSON string representation of the object
+print(GatekeeperConf.to_json())
+
+# convert the object into a dict
+gatekeeper_conf_dict = gatekeeper_conf_instance.to_dict()
+# create an instance of GatekeeperConf from a dict
+gatekeeper_conf_from_dict = GatekeeperConf.from_dict(gatekeeper_conf_dict)
+```
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+

docs/model/ProxyConf.md

@@ -9,6 +9,7 @@ Name | Type | Description | Notes
 **forwarded_headers** | **bool** |  | [optional] 
 **payload** | [**ProxyPayloadConf**](ProxyPayloadConf.md) |  | [optional] 
 **timeout** | [**ProxyTimeoutConf**](ProxyTimeoutConf.md) |  | [optional] 
+**gatekeeper** | [**GatekeeperConf**](GatekeeperConf.md) |  | [optional] 
 
 ## Example
 

libraries/models/README.md

@@ -87,6 +87,7 @@ Class | Method | HTTP request | Description
  - [DockerfileConfig](docs/DockerfileConfig.md)
  - [E2ETestsConfig](docs/E2ETestsConfig.md)
  - [FileResourcesConfig](docs/FileResourcesConfig.md)
+ - [GatekeeperConf](docs/GatekeeperConf.md)
  - [GitDependencyConfig](docs/GitDependencyConfig.md)
  - [HarnessMainConfig](docs/HarnessMainConfig.md)
  - [IngressConfig](docs/IngressConfig.md)