feat: add kurl proxy resources to AdminConsole helm chart #32
Conversation
templates/kotsadm-service.yaml
Outdated
| @@ -1,3 +1,4 @@ | |||
| {{ if not .Values.kurlProxy.enabled }} | |||
There was a problem hiding this comment.
could this break existing integrations that might rely on this admin-console service being in the cluster? as I understand it, kurl-proxy sits in front of the kotsadm service and proxies requests to it in-cluster, so we might need it either way
There was a problem hiding this comment.
Nothing besides embedded-cluster uses this helm chart, and we don't rely on that service existing
There was a problem hiding this comment.
I'll add a service.enabled field which to allow embedded-cluster to explicitly disable the service, and also remove this dependency.
There was a problem hiding this comment.
ah, this makes sense. i think i was mixing this service up with the internal kotsadm service.
| - name: NODE_PORT | ||
| value: "8800" | ||
| - name: UPSTREAM_ORIGIN | ||
| value: http://kotsadm:3000 |
There was a problem hiding this comment.
will kotsadm resolve to anything? the upstream service would be admin-console, which differs from the normal kotsadm service (not sure why)
There was a problem hiding this comment.
We fixed that thankfully! There is a kotsadm service here by default now
https://github.com/replicatedhq/kots-helm/blob/main/templates/kotsadm-internal-service.yaml
templates/kurl-proxy-deployment.yaml
Outdated
| - name: UPSTREAM_ORIGIN | ||
| value: http://kotsadm:3000 | ||
| - name: DEX_UPSTREAM_ORIGIN | ||
| value: http://kotsadm-dex:5556 |
There was a problem hiding this comment.
Similar question to the above. Also, dex is not even something that is shipped with this Helm chart, so i'm not sure this would ever come into play?
templates/kurl-proxy-deployment.yaml
Outdated
| imagePullPolicy: IfNotPresent | ||
| env: | ||
| - name: NODE_PORT | ||
| value: "8800" |
There was a problem hiding this comment.
does this need to be {{ .Values.kurlProxy.nodePort }}?
There was a problem hiding this comment.
Yes it does (if we don't want to make 8800 the nodeport, of course)
EDIT: actually it needs to be set to 8800! (or unset)
https://github.com/replicatedhq/kots/blob/6d660205e8f8cc8fc634f328ebf0c1b309b60c50/kurl_proxy/cmd/main.go#L123
There was a problem hiding this comment.
The variable name is misleading. It should be KURL_PROXY_TARGET_PORT or something similar. Its the port that kurl-proxy container listens to. I can add a values variable instead to better link it to its purpose, and in case, there is some rare occasion one would like to change it, they have a way to.
The kurl proxy allows generating self-signed certs and fronting Admin Console via an encrypted connection
Related to https://app.shortcut.com/replicated/story/94724