swh/ingresses: Fix 502 when services are redeployed
The nginx is not notified as soon a service endpoints are updated so it sends a couple of requests to a terminated pod. It's not a problem for idempotent request as nginx retry on another pod but it's not the case by default for POST requests.
The option is activated by default for all the ingresses because POST requests are used everywhere
Related to swh/infra/sysadm-environment#5210
helm diff
[swh] Comparing changes between branches production and fix_502 (per environment)...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
[swh] Generate config in fix_502 branch for environment staging...
[swh] Generate config in fix_502 branch for environment staging...
[swh] Generate config in fix_502 branch for environment staging...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
[swh] Generate config in fix_502 branch for environment production...
[swh] Generate config in fix_502 branch for environment production...
[swh] Generate config in fix_502 branch for environment production...
------------- diff for environment staging namespace swh -------------
--- /tmp/swh-chart.swh.Ow5cUgCY/staging-swh.before 2024-01-16 10:01:38.338099627 +0100
+++ /tmp/swh-chart.swh.Ow5cUgCY/staging-swh.after 2024-01-16 10:01:39.150102763 +0100
@@ -15071,20 +15071,21 @@
defaultMode: 0555
restartPolicy: OnFailure
---
# Source: swh/templates/graphql/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: graphql-postgresql-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/preserve-trailing-slash: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- host: webapp.staging.swh.network
http:
paths:
- path: /graphql/
@@ -15106,20 +15107,21 @@
port:
number: 5013
---
# Source: swh/templates/indexer-storage/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: indexer-storage-rpc-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-connect-timeout: "90"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
nginx.ingress.kubernetes.io/proxy-send-timeout: "90"
spec:
rules:
- host: indexer-storage-rpc-ingress
@@ -15133,20 +15135,21 @@
port:
number: 5007
---
# Source: swh/templates/scheduler/rpc-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: scheduler-rpc-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.100.29/32,192.168.130.0/24,192.168.50.0/24
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-connect-timeout: "90"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
nginx.ingress.kubernetes.io/proxy-send-timeout: "90"
spec:
rules:
- host: scheduler.internal.staging.swh.network
@@ -15160,20 +15163,21 @@
port:
number: 5008
---
# Source: swh/templates/scheduler/rpc-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: scheduler-rpc-ingress-read-only
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.100.29/32,192.168.101.0/24,192.168.130.0/24,192.168.50.0/24
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-connect-timeout: "90"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
nginx.ingress.kubernetes.io/proxy-send-timeout: "90"
spec:
rules:
- host: scheduler.internal.staging.swh.network
@@ -15187,20 +15191,21 @@
port:
number: 5008
---
# Source: swh/templates/search/rpc-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: search-rpc-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.100.29/32,192.168.130.0/24,192.168.50.0/24
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-connect-timeout: "90"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
nginx.ingress.kubernetes.io/proxy-send-timeout: "90"
spec:
rules:
- host: search-rpc-ingress
@@ -15225,20 +15230,21 @@
port:
number: 5010
---
# Source: swh/templates/search/rpc-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: search-rpc-ingress-read-only
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.100.29/32,192.168.101.0/24,192.168.130.0/24,192.168.50.0/24
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-connect-timeout: "90"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
nginx.ingress.kubernetes.io/proxy-send-timeout: "90"
spec:
rules:
- host: search-rpc-ingress
@@ -15311,20 +15317,21 @@
port:
number: 5010
---
# Source: swh/templates/storage/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: storage-postgresql-read-only-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.100.29/32,192.168.101.0/24,192.168.130.0/24,192.168.50.0/24
nginx.ingress.kubernetes.io/client-body-buffer-size: 128K
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-buffering: "on"
spec:
rules:
- host: storage-postgresql-read-only-rpc-ingress
http:
paths:
@@ -15347,20 +15354,21 @@
port:
number: 5002
---
# Source: swh/templates/storage/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: storage-postgresql-read-write-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.100.29/32,192.168.130.0/24,192.168.50.0/24
nginx.ingress.kubernetes.io/client-body-buffer-size: 128K
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-buffering: "on"
spec:
rules:
- host: storage-postgresql-read-write-rpc-ingress
http:
paths:
@@ -15372,20 +15380,21 @@
port:
number: 5002
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: web-postgresql-ingress-authenticated
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# an htpasswd file in the key auth within the secret
nginx.ingress.kubernetes.io/auth-secret-type: auth-file
# name of the secret that contains the user/password definitions
nginx.ingress.kubernetes.io/auth-secret: swh-cassandra/web-auth-secrets
@@ -15426,20 +15435,21 @@
- webapp-postgresql.internal.staging.swh.network
secretName: swh-web-crt
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: web-postgresql-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
rules:
- host: webapp-postgresql.internal.staging.swh.network
http:
paths:
@@ -15464,20 +15474,21 @@
- webapp-postgresql.internal.staging.swh.network
secretName: swh-web-crt
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: web-postgresql-ingress-webhooks
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 192.168.130.1,192.168.130.2
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
rules:
- host: webapp-postgresql.internal.staging.swh.network
http:
------------- diff for environment staging namespace swh-cassandra -------------
--- /tmp/swh-chart.swh.Ow5cUgCY/staging-swh-cassandra.before 2024-01-16 10:01:38.586100584 +0100
+++ /tmp/swh-chart.swh.Ow5cUgCY/staging-swh-cassandra.after 2024-01-16 10:01:39.314103396 +0100
@@ -13755,20 +13755,21 @@
restartPolicy: OnFailure
---
# Source: swh/templates/counters/rpc-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra
name: counters-rpc-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.100.29/32,192.168.101.0/24,192.168.130.0/24,192.168.50.0/24
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-connect-timeout: "90"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
nginx.ingress.kubernetes.io/proxy-send-timeout: "90"
spec:
rules:
- host: counters-rpc-ingress
@@ -13793,20 +13794,21 @@
port:
number: 5011
---
# Source: swh/templates/deposit/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra
name: deposit-ingress-authenticated
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
kubernetes.io/ingress.class: nginx
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# an htpasswd file in the key auth within the secret
nginx.ingress.kubernetes.io/auth-secret-type: auth-file
# name of the secret that contains the user/password definitions
nginx.ingress.kubernetes.io/auth-secret: swh-cassandra/deposit-auth-secrets
# message to display with an appropriate context why the authentication is required
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
@@ -13845,20 +13847,21 @@
port:
number: 5006
---
# Source: swh/templates/deposit/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra
name: deposit-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: deposit-rpc-ingress
http:
paths:
- path: /
pathType: Prefix
backend:
@@ -13913,20 +13916,21 @@
port:
number: 80
---
# Source: swh/templates/graphql/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra
name: graphql-cassandra-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.100.29/32,192.168.101.0/24,192.168.130.0/24,192.168.50.0/24
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: webapp-cassandra.internal.staging.swh.network
http:
paths:
- path: /graphql/
pathType: Prefix
@@ -13936,20 +13940,21 @@
port:
number: 5013
---
# Source: swh/templates/objstorage/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra
name: objstorage-read-only-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.100.29/32,192.168.101.0/24,192.168.130.0/24,192.168.50.0/24
nginx.ingress.kubernetes.io/client-body-buffer-size: 128K
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-buffering: "on"
spec:
ingressClassName: nginx
rules:
- host: objstorage-read-only-rpc-ingress
http:
@@ -13973,20 +13978,21 @@
port:
number: 5003
---
# Source: swh/templates/objstorage/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra
name: objstorage-read-write-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.100.29/32,192.168.130.0/24,192.168.50.0/24
nginx.ingress.kubernetes.io/client-body-buffer-size: 128K
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-buffering: "on"
spec:
ingressClassName: nginx
rules:
- host: objstorage-read-write-rpc-ingress
http:
@@ -13999,20 +14005,21 @@
port:
number: 5003
---
# Source: swh/templates/storage/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra
name: storage-cassandra-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.100.29/32,192.168.101.0/24,192.168.130.0/24,192.168.50.0/24
nginx.ingress.kubernetes.io/client-body-buffer-size: 128K
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-buffering: "on"
spec:
rules:
- host: storage-cassandra.internal.staging.swh.network
http:
paths:
@@ -14024,20 +14031,21 @@
port:
number: 5002
---
# Source: swh/templates/vault/rpc-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra
name: vault-rpc-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-connect-timeout: "90"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
nginx.ingress.kubernetes.io/proxy-send-timeout: "90"
spec:
rules:
- host: vault-rpc-ingress
@@ -14051,20 +14059,21 @@
port:
number: 5005
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra
name: web-cassandra-ingress-authenticated
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# an htpasswd file in the key auth within the secret
nginx.ingress.kubernetes.io/auth-secret-type: auth-file
# name of the secret that contains the user/password definitions
nginx.ingress.kubernetes.io/auth-secret: swh-cassandra/web-auth-secrets
@@ -14133,20 +14142,21 @@
- webapp-cassandra.internal.staging.swh.network
secretName: swh-web-crt
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra
name: web-cassandra-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
rules:
- host: webapp.staging.swh.network
http:
paths:
@@ -14191,20 +14201,21 @@
- webapp-cassandra.internal.staging.swh.network
secretName: swh-web-crt
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra
name: web-cassandra-ingress-webhooks
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 192.168.130.1,192.168.130.2
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
rules:
- host: webapp.staging.swh.network
http:
------------- diff for environment staging namespace swh-cassandra-next-version -------------
--- /tmp/swh-chart.swh.Ow5cUgCY/staging-swh-cassandra-next-version.before 2024-01-16 10:01:38.786101357 +0100
+++ /tmp/swh-chart.swh.Ow5cUgCY/staging-swh-cassandra-next-version.after 2024-01-16 10:01:39.530104230 +0100
@@ -11577,20 +11577,21 @@
path: "refresh-counters-cache.sh"
restartPolicy: OnFailure
---
# Source: swh/templates/counters/rpc-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra-next-version
name: counters-rpc-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.100.29/32,192.168.101.0/24,192.168.130.0/24,192.168.50.0/24
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-connect-timeout: "90"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
nginx.ingress.kubernetes.io/proxy-send-timeout: "90"
spec:
rules:
- host: counters-rpc-ingress
@@ -11615,20 +11616,21 @@
port:
number: 5011
---
# Source: swh/templates/graphql/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra-next-version
name: graphql-cassandra-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.100.29/32,192.168.101.0/24,192.168.130.0/24,192.168.50.0/24
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: webapp-cassandra-next-version.internal.staging.swh.network
http:
paths:
- path: /graphql/
pathType: Prefix
@@ -11638,20 +11640,21 @@
port:
number: 5013
---
# Source: swh/templates/storage/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra-next-version
name: storage-cassandra-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.100.29/32,192.168.101.0/24,192.168.130.0/24,192.168.50.0/24
nginx.ingress.kubernetes.io/client-body-buffer-size: 128K
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-buffering: "on"
spec:
rules:
- host: storage-cassandra-next-version.internal.staging.swh.network
http:
paths:
@@ -11663,20 +11666,21 @@
port:
number: 5002
---
# Source: swh/templates/vault/rpc-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra-next-version
name: vault-rpc-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-connect-timeout: "90"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
nginx.ingress.kubernetes.io/proxy-send-timeout: "90"
spec:
rules:
- host: vault-rpc-ingress-next-version
@@ -11690,20 +11694,21 @@
port:
number: 5005
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra-next-version
name: web-cassandra-ingress-authenticated
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.100.29/32,192.168.101.0/24,192.168.130.0/24,192.168.50.0/24
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# an htpasswd file in the key auth within the secret
nginx.ingress.kubernetes.io/auth-secret-type: auth-file
# name of the secret that contains the user/password definitions
@@ -11745,20 +11750,21 @@
- webapp-cassandra-next-version.internal.staging.swh.network
secretName: swh-web-crt
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra-next-version
name: web-cassandra-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.100.29/32,192.168.101.0/24,192.168.130.0/24,192.168.50.0/24
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
rules:
- host: webapp-cassandra-next-version.internal.staging.swh.network
http:
@@ -11784,20 +11790,21 @@
- webapp-cassandra-next-version.internal.staging.swh.network
secretName: swh-web-crt
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra-next-version
name: web-cassandra-ingress-webhooks
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,192.168.100.29/32,192.168.130.0/24,192.168.130.1,192.168.130.2,192.168.50.0/24
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
rules:
- host: webapp-cassandra-next-version.internal.staging.swh.network
http:
------------- diff for environment production namespace swh -------------
--- /tmp/swh-chart.swh.Ow5cUgCY/production-swh.before 2024-01-16 10:01:39.782105203 +0100
+++ /tmp/swh-chart.swh.Ow5cUgCY/production-swh.after 2024-01-16 10:01:40.210106854 +0100
@@ -20128,20 +20128,21 @@
restartPolicy: OnFailure
---
# Source: swh/templates/deposit/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: deposit-ingress-authenticated
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
kubernetes.io/ingress.class: nginx
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# an htpasswd file in the key auth within the secret
nginx.ingress.kubernetes.io/auth-secret-type: auth-file
# name of the secret that contains the user/password definitions
nginx.ingress.kubernetes.io/auth-secret: swh/deposit-auth-secrets
# message to display with an appropriate context why the authentication is required
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
@@ -20180,20 +20181,21 @@
port:
number: 5006
---
# Source: swh/templates/deposit/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: deposit-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: deposit-rpc-ingress
http:
paths:
- path: /
pathType: Prefix
backend:
@@ -20248,20 +20250,21 @@
port:
number: 80
---
# Source: swh/templates/graphql/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: graphql-archive-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: archive.softwareheritage.org
http:
paths:
- path: /graphql/
pathType: Prefix
backend:
@@ -20270,20 +20273,21 @@
port:
number: 5013
---
# Source: swh/templates/graphql/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: graphql-webapp1-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,127.0.0.0/8,192.168.100.0/24,192.168.101.0/24,192.168.200.0/22,192.168.50.0/24
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: webapp1.internal.softwareheritage.org
http:
paths:
- path: /graphql/
pathType: Prefix
@@ -20293,20 +20297,21 @@
port:
number: 5013
---
# Source: swh/templates/indexer-storage/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: indexer-storage-read-only-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-connect-timeout: "90"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
nginx.ingress.kubernetes.io/proxy-send-timeout: "90"
spec:
rules:
- host: indexer-storage-read-only-rpc-ingress
@@ -20320,20 +20325,21 @@
port:
number: 5007
---
# Source: swh/templates/objstorage/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: objstorage-read-only-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,127.0.0.0/8,192.168.100.0/24,192.168.101.0/24,192.168.200.0/22
nginx.ingress.kubernetes.io/client-body-buffer-size: 128K
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-buffering: "on"
spec:
ingressClassName: nginx
rules:
- host: objstorage-read-only-rpc-ingress
http:
@@ -20368,20 +20374,21 @@
port:
number: 5003
---
# Source: swh/templates/scheduler/rpc-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: scheduler-rpc-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,127.0.0.0/8,192.168.100.0/24,192.168.130.221,192.168.200.0/22
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-connect-timeout: "90"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
nginx.ingress.kubernetes.io/proxy-send-timeout: "90"
spec:
rules:
- host: scheduler.internal.softwareheritage.org
@@ -20395,20 +20402,21 @@
port:
number: 5008
---
# Source: swh/templates/scheduler/rpc-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: scheduler-rpc-ingress-read-only
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,127.0.0.0/8,192.168.100.0/24,192.168.101.0/24,192.168.200.0/22
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-connect-timeout: "90"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
nginx.ingress.kubernetes.io/proxy-send-timeout: "90"
spec:
rules:
- host: scheduler.internal.softwareheritage.org
@@ -20422,20 +20430,21 @@
port:
number: 5008
---
# Source: swh/templates/search/rpc-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: search-rpc-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-connect-timeout: "90"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
nginx.ingress.kubernetes.io/proxy-send-timeout: "90"
spec:
rules:
- host: search-rpc-ingress
@@ -20449,20 +20458,21 @@
port:
number: 5010
---
# Source: swh/templates/storage/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: storage-postgresql-azure-readonly-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,127.0.0.0/8,192.168.100.0/24,192.168.200.0/22
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-buffering: "on"
spec:
rules:
- host: storage-azure-read-only-rpc-ingress
http:
paths:
- path: /
@@ -20473,20 +20483,21 @@
port:
number: 5002
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: web-app1-ingress-authenticated
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# an htpasswd file in the key auth within the secret
nginx.ingress.kubernetes.io/auth-secret-type: auth-file
# name of the secret that contains the user/password definitions
nginx.ingress.kubernetes.io/auth-secret: swh/web-auth-secrets
@@ -20527,20 +20538,21 @@
- webapp1.internal.softwareheritage.org
secretName: swh-web-crt
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: web-app1-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
rules:
- host: webapp1.internal.softwareheritage.org
http:
paths:
@@ -20565,20 +20577,21 @@
- webapp1.internal.softwareheritage.org
secretName: swh-web-crt
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: web-archive-ingress-authenticated
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
kubernetes.io/ingress.class: nginx
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# an htpasswd file in the key auth within the secret
nginx.ingress.kubernetes.io/auth-secret-type: auth-file
# name of the secret that contains the user/password definitions
nginx.ingress.kubernetes.io/auth-secret: swh/web-auth-secrets
# message to display with an appropriate context why the authentication is required
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
@@ -20692,20 +20705,21 @@
port:
number: 5004
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh
name: web-archive-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: archive.softwareheritage.org
http:
paths:
- path: /
pathType: Prefix
backend:
------------- diff for environment production namespace swh-cassandra -------------
--- /tmp/swh-chart.swh.Ow5cUgCY/production-swh-cassandra.before 2024-01-16 10:01:39.910105697 +0100
+++ /tmp/swh-chart.swh.Ow5cUgCY/production-swh-cassandra.after 2024-01-16 10:01:40.342107363 +0100
@@ -5108,20 +5108,21 @@
type: Utilization
averageUtilization: 50
---
# Source: swh/templates/graphql/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra
name: graphql-cassandra-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,127.0.0.0/8,192.168.100.0/24,192.168.101.0/24,192.168.200.0/22,192.168.50.0/24
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: webapp-cassandra.internal.softwareheritage.org
http:
paths:
- path: /graphql/
pathType: Prefix
@@ -5131,20 +5132,21 @@
port:
number: 5013
---
# Source: swh/templates/storage/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra
name: storage-cassandra-readonly-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/client-body-buffer-size: 128K
nginx.ingress.kubernetes.io/proxy-body-size: 4G
nginx.ingress.kubernetes.io/proxy-buffering: "on"
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# an htpasswd file in the key auth within the secret
nginx.ingress.kubernetes.io/auth-secret-type: auth-file
# name of the secret that contains the user/password definitions
nginx.ingress.kubernetes.io/auth-secret: swh-cassandra/ingress-storage-cassandra-ro-auth-secrets
# message to display with an appropriate context why the authentication is required
@@ -5174,20 +5176,21 @@
port:
number: 5002
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra
name: web-cassandra-ingress-default
annotations:
+ nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.42.0.0/16,10.43.0.0/16,127.0.0.0/8,192.168.100.0/24,192.168.101.0/24,192.168.200.0/22,192.168.50.0/24
cert-manager.io/cluster-issuer: letsencrypt-production-gandi
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
rules:
- host: webapp-cassandra.internal.softwareheritage.org
http: