Skip to content

Commit

Permalink
feat(webserver): Add TLS configuration for WebServer (#371)
Browse files Browse the repository at this point in the history
* feat(webserver): Add TLS configuration for WebServer

* fix(repo): chart

* fix(repo): chart
  • Loading branch information
pedronauck authored Dec 28, 2024
1 parent 1ddc51c commit eff04e5
Show file tree
Hide file tree
Showing 7 changed files with 100 additions and 32 deletions.
2 changes: 1 addition & 1 deletion cluster/charts/fuel-streams/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: fuel-streams
version: 0.7.4
version: 0.8.8
dependencies:
- name: nats
version: 1.2.8
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{{- $consumer := .Values.consumer -}}
{{- if $consumer.enabled -}}
apiVersion: apps/v1
kind: StatefulSet
kind: Deployment
metadata:
{{- include "k8s.metadata" (dict "context" . "suffix" "-consumer") | nindent 2 }}
annotations:
Expand All @@ -10,7 +10,6 @@ metadata:
{{- include "fuel-streams.labels" (dict "name" "consumer" "context" .) | nindent 4 }}
{{- include "set-value" (dict "context" $consumer "path" "config.labels") | nindent 4 }}
spec:
serviceName: {{ include "fuel-streams.fullname" . }}-consumer
{{- if not $consumer.autoscaling.enabled }}
replicas: {{ $consumer.config.replicaCount }}
{{- end }}
Expand Down
71 changes: 71 additions & 0 deletions cluster/charts/fuel-streams/templates/webserver/certificate.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
{{- $webserver := .Values.webserver }}
{{- $service := $webserver.service }}
{{- $tls := $webserver.tls }}
{{- $certificate := $tls.certificate }}
{{- $ingress := $tls.ingress }}
{{- if and $webserver.enabled $service.host }}
{{- if $tls.enabled }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
{{- include "k8s.metadata" (dict "context" . "suffix" "-webserver-cert") | nindent 2 }}
annotations:
{{- include "set-value" (dict "context" $certificate "path" "annotations") | nindent 4 }}
labels:
{{- include "fuel-streams.labels" (dict "name" "webserver" "context" .) | nindent 4 }}
{{- include "set-value" (dict "context" $certificate "path" "labels") | nindent 4 }}
app.kubernetes.io/component: webserver
spec:
secretName: {{ include "fuel-streams.fullname" . }}-webserver-tls
duration: {{ $certificate.duration }}
renewBefore: {{ $certificate.renewBefore }}
dnsNames:
- {{ $service.host }}
issuerRef:
name: {{ $certificate.issuer }}
kind: ClusterIssuer
{{- end }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
{{- include "k8s.metadata" (dict "context" . "suffix" "-webserver-cert-validator") | nindent 2 }}
labels:
{{- include "fuel-streams.labels" (dict "name" "webserver" "context" .) | nindent 4 }}
{{- include "set-value" (dict "context" $ingress "path" "labels") | nindent 4 }}
app.kubernetes.io/component: webserver
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/websocket-services: {{ include "fuel-streams.fullname" . }}-webserver
external-dns.alpha.kubernetes.io/hostname: {{ $service.host }}
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
{{- if $tls.enabled }}
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
acme.cert-manager.io/http01-ingress-class: nginx
cert-manager.io/common-name: {{ $service.host }}
cert-manager.io/cluster-issuer: {{ $certificate.issuer }}
{{- end }}
{{- include "set-value" (dict "context" $ingress "path" "annotations") | nindent 4 }}
spec:
ingressClassName: nginx
{{- if $tls.enabled }}
tls:
- hosts:
- {{ $service.host }}
secretName: {{ include "fuel-streams.fullname" . }}-webserver-tls
{{- end }}
rules:
- host: {{ $service.host }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "fuel-streams.fullname" . }}-webserver
port:
number: {{ $service.port }}
{{- end }}
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{{- $webserver := .Values.webserver -}}
{{- $service := $webserver.service -}}
{{- $tls := $webserver.tls -}}
{{- if $webserver.enabled -}}
apiVersion: apps/v1
kind: Deployment
Expand Down
26 changes: 7 additions & 19 deletions cluster/charts/fuel-streams/templates/webserver/service.yaml
Original file line number Diff line number Diff line change
@@ -1,30 +1,18 @@
{{- $service := .Values.webserver.service }}
{{- if and .Values.webserver.enabled $service.enabled }}
{{- $webserver := .Values.webserver }}
{{- $service := $webserver.service }}
{{- if and $webserver.enabled $service.enabled }}
apiVersion: v1
kind: Service
metadata:
{{- include "k8s.metadata" (dict "context" . "suffix" "-webserver-nlb") | nindent 2 }}
{{- include "k8s.metadata" (dict "context" . "suffix" "-webserver") | nindent 2 }}
annotations:
{{- if $service.dns }}
external-dns.alpha.kubernetes.io/hostname: {{ $service.dns }}
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
{{- end }}
service.beta.kubernetes.io/aws-load-balancer-attributes: load_balancing.cross_zone.enabled=true
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true,stickiness.enabled=true,stickiness.type=source_ip,load_balancing.cross_zone.enabled=true
service.beta.kubernetes.io/aws-load-balancer-type: external
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "WebSocket=true"
{{- include "set-value" (dict "context" $service "path" "annotations") | nindent 2 }}
{{- include "set-value" (dict "context" $service "path" "annotations") | nindent 4 }}
labels:
{{- include "fuel-streams.labels" (dict "name" "webserver" "context" .) | nindent 4 }}
{{- include "set-value" (dict "context" $service "path" "labels") | nindent 4 }}
app.kubernetes.io/component: webserver
spec:
type: {{ $service.type }}
loadBalancerClass: service.k8s.aws/nlb
externalTrafficPolicy: Local
type: ClusterIP
ports:
- appProtocol: tcp
name: websocket
Expand All @@ -34,4 +22,4 @@ spec:
selector:
{{- include "fuel-streams.selectorLabels" (dict "name" "webserver" "context" .) | nindent 4 }}
app.kubernetes.io/component: webserver
{{- end }}
{{- end }}
18 changes: 11 additions & 7 deletions cluster/charts/fuel-streams/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -226,7 +226,7 @@ consumer:
# -------------------------------------------------------------------------------------------------

webserver:
enabled: false
enabled: true
network: mainnet
port: 9003

Expand All @@ -239,17 +239,21 @@ webserver:
enabled: true
port: 8080
type: LoadBalancer
dns: "stream-staging.fuel.network"
host: "stream-staging.fuel.network"
annotations: {}
labels: {}

tls:
enabled: true
issuer: "letsencrypt-prod"
duration: "2160h"
renewBefore: "360h"
annotations: {}
labels: {}
certificate:
issuer: "letsencrypt-prod"
duration: "2160h"
renewBefore: "360h"
annotations: {}
labels: {}
ingress:
annotations: {}
labels: {}

# You can override the env variables for the container here
# using a map or an array of key-value pairs
Expand Down
10 changes: 8 additions & 2 deletions examples/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,8 +1,14 @@
[package]
name = "fuel-streams-examples"
version = "0.0.15"
authors = { workspace = true }
keywords = { workspace = true }
edition = { workspace = true }
homepage = { workspace = true }
license = { workspace = true }
repository = { workspace = true }
version = { workspace = true }
rust-version = { workspace = true }
publish = false
edition = "2021"

[dependencies]
anyhow = { workspace = true }
Expand Down

0 comments on commit eff04e5

Please sign in to comment.