Merge branch 'main' of https://github.com/NorskHelsenett/ror-webapp

charts/ror-webapp/templates/configmap.yaml

@@ -1,13 +1,13 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: ror-web-cm-config
+  name: {{ include "ror-webapp.fullname" . }}-cm-config
 data:
   config.json: |
     {
       "auth": {
           "issuer": "{{ .Values.web.authUrl }}",
-          "clientId": "ror.sky.test.nhn.no",
+          "clientId": "{{ .Values.web.authClientId}}",
           "redirectUri": "/auth/callback",
           "scope": "profile email groups",
           "response_type": "id_token token",
@@ -26,33 +26,3 @@ data:
         "timeout": 30000
       }
     }
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: ror-web-cm-config2
-data:
-  config.json: |
-    {
-      "auth": {
-          "issuer": "{{ .Values.web.authUrl }}",
-          "clientId": "ror.nhn.no",
-          "redirectUri": "/auth/callback",
-          "scope": "profile email groups",
-          "response_type": "id_token token",
-          "requireHttps": true,
-          "strictDiscoveryDocumentValidation": true
-      },
-      "regex": {
-          "forms": "^[@()\\/:?\\r\\n.,a-zA-Z æøåÆØÅ0-9_-]+$"
-      },
-      "rowsPerPage": [10, 25, 50, 75, 100],
-      "rows": 25,
-      "rorApi": "{{ .Values.web.apiUrl2 }}",
-      "sse": {
-        "postfixUrl": "/v1/events/listen",
-        "method": "GET",
-        "timeout": 30000
-      }
-    }

charts/ror-webapp/templates/deployment.yaml

@@ -38,6 +38,11 @@ spec:
             - mountPath: /app/assets/config/config.json
               name: json-configmap-volume
               subPath: config.json
+              {{- if .Values.web.nginxCM }}
+            - mountPath: /etc/nginx/conf.d/default.conf
+              name: nginx-cm
+              subPath: {{ .Values.web.nginxCM.subPath | default "default.conf"}}
+              {{- end }}
             - mountPath: /tmp
               name: tmp-volume
           ports:
@@ -69,6 +74,11 @@ spec:
       volumes:
         - name: json-configmap-volume
           configMap:
-            name: ror-web-cm-config2
+            name: {{ include "ror-webapp.fullname" . }}-cm-config
+        {{- if .Values.web.nginxCM }}
+        - name: nginx-cm
+          configMap:
+            name: {{ .Values.web.nginxCM.name | default "nginx-cm" }}
+        {{- end }}
         - name: tmp-volume
           emptyDir: {}

charts/ror-webapp/templates/ingress-helsenett.yaml

@@ -3,62 +3,28 @@ kind: Ingress
 metadata:
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-prod
-  name: {{ include "ror-webapp.fullname" . }}helm-ingress
+  name: {{ include "ror-webapp.fullname" . }}-ingress
 spec:
   ingressClassName: avi-ingress-class-helsenett
   rules:
-  - host: {{ .Values.web.host }}
-    http:
-      paths:
-      - backend:
-          service:
-            name: {{ include "ror-webapp.fullname" . }}
-            port:
-              number: {{ .Values.service.port }}
-        path: {{ .Values.ingress.path }}
-        pathType: {{ .Values.ingress.pathType }}
-  - host: {{ .Values.web.host2 }}
-    http:
-      paths:
-      - backend:
-          service:
-            name: {{ include "ror-webapp.fullname" . }}
-            port:
-              number: {{ .Values.service.port }}
-        path: {{ .Values.ingress.path }}
-        pathType: {{ .Values.ingress.pathType }}
+  {{- $outer := . -}}
+  {{- range $idx, $host := .Values.web.hosts }}
+  {{- with $outer }}
+    - host: {{ $host }}
+      http:
+        paths:
+        - backend:
+            service:
+              name: {{ include "ror-webapp.fullname" . }}
+              port:
+                number: {{ .Values.service.port }}
+          path: {{ .Values.ingress.path }}
+          pathType: {{ .Values.ingress.pathType }}
+  {{- end }}    
+  {{- end }}   
   tls:
-  - hosts:
-    - {{ .Values.web.host }}
-    secretName: nhn-ror-webapp-tls
-  - hosts:
-    - {{ .Values.web.host2 }}
-    secretName: nhn-ror-webapp-tls
-
----
-apiVersion: ako.vmware.com/v1alpha1
-kind: HostRule
-metadata:
-  name: admin-allow-dcn-paw
-  namespace: {{ .Release.namespace}}
-spec:
-  virtualhost:
-    datascripts:
-    - expose-nhn-office-isp
-    - expose-nhn-office-client
-    - expose-nhn-office-devops
-    - expose-nsg-amk-paws
-    - expose-nhn-dc-any
-    - expose-nsg-cloud-paws
-    - expose-nsg-container-paws
-    - expose-nsg-soc-paws
-    - expose-nsg-mon-paws
-    - expose-nhn-office-devops
-    - expose-nsg-esm-paws
-    - bottom-deny-rule
-    fqdn:  ror.sky.test.nhn.no
-    analyticsProfile: NHN-System-Analytics-Profile
-    analyticsPolicy:
-        fullClientLogs:
-          enabled: false
-          throttle: DISABLED
+    - hosts:  
+  {{- range $idx, $host := .Values.web.hosts }}
+      - {{ $host }}
+  {{- end }}  
+      secretName: {{ include "ror-webapp.fullname" . }}-tls

charts/ror-webapp/values.yaml

@@ -3,11 +3,20 @@
 # Declare variables to be passed into your templates.
 enabled: true
 web:
-  host: ror.sky.test.nhn.no
-  host2: ror.nhn.no
-  apiUrl: https://api.ror.sky.test.nhn.no
-  apiUrl2: https://api.ror.nhn.no
-  authUrl: https://auth.sky.nhn.no/dex
+  # hosts is a list of hosts that the webapp should be available on
+  hosts: 
+    - host.ror.io
+  # apiUrl is the url of the ror api
+  apiUrl: https://api.ror.io
+  # authUrl is the url of the auth server
+  authUrl: https://auth.ror.io/dex
+  # authClientId is the client id of the application registered in the auth server
+  authClientId: clientId
+  # ConfigMap for nginx
+  # nginxCM:
+  #   name: nginx-cm
+  #   subPath: default.conf
+  nginxCM: []
 replicaCount: 3
 image:
   repository: ghcr.io/norskhelsenett/ror-webapp

nginx/http_prod.conf

@@ -44,7 +44,6 @@ server {
 
     add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
     add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
-    add_header Expect-CT "max-age=86400, enforce, report-uri=\"https://ror.sky.test.nhn.no\"" always;
     add_header Referrer-Policy 'same-origin';
     add_header X-Content-Type-Options "nosniff" always;
     add_header X-XSS-Protection "0" always;