✨ Make Annotations and IngressClass configurable in the webapp-cp helm chart

[julialawrence]

Describe the feature request.

In order to enable modsec firewall in our Cloud Platform applications, we need to allow users to configure annotations and IngressClass values in our webapp-cp helm chart.

William Martin, in this support ticket, has provided a patch for the changes required so we can review those and implement them to enable this functionality.

Describe the context.

One of our apps hosted in Cloud Platform, BOLD, specifically, has a requirement to turn on modsec application firewall. They've done this manually via kubectl commands, but would like to have the option to configure it via the deployment jobs.

Value / Purpose

This will provide greater flexibility to app owners to enable security features if they're required or wish to do so.

User Types

Analytical Platform App Owners

[BrianEllwood]

Code changes implemented and pr here.

looking in to ways of testing without merging

[BrianEllwood]

PR ready to merge and could be deployed to test app
for testing purposes.

I have tried deploying the helm chart manually from within the dev container and although the dry run looked ok when i tried the apply as follows

` helm upgrade --install --reuse-values --debug --wait --timeout 10m0s --namespace data-platform-app-ap-rshiny-notesbook-dev ap-rshiny-notesbook-dev ./webapp-cp
--set AuthProxy.Env.Auth0Domain=$AUTH0_DOMAIN
--set AuthProxy.Env.Auth0Passwordless=$AUTH0_PASSWORDLESS
--set AuthProxy.Env.Auth0TokenAlg=$AUTH0_TOKEN_ALG
--set AuthProxy.Env.AuthenticationRequired=$AUTHENTICATION_REQUIRED
--set AuthProxy.Env.IPRanges=$process_ip_range
--set AuthProxy.Image.Repository=$ECR_REPO_AUTH0
--set AuthProxy.Image.Tag="latest"
--set Namespace=data-platform-app-ap-rshiny-notesbook-dev
--set Secrets.Auth0.ClientId=$AUTH0_CLIENT_ID
--set Secrets.Auth0.ClientSecret=$AUTH0_CLIENT_SECRET
--set Secrets.Auth0.CookieSecret=$COOKIE_SECRET
--set ServiceAccount.RoleARN=$APP_ROLE_ARN
--set WebApp.Image.Repository=$ECR_REPO_WEBAPP
--set WebApp.Image.Tag=$NEW_TAG_V
--set WebApp.Name=data-platform-app-ap-rshiny-notesbook-dev
--set Ingress.ModSec.enabled="false"

....
ready.go:281: [debug] Deployment is not ready: data-platform-app-ap-rshiny-notesbook-dev/data-platform-app-ap-rshiny-notesbook-dev. 0 out of 1 expected pods are ready
upgrade.go:467: [debug] warning: Upgrade "ap-rshiny-notesbook-dev" failed: context deadline exceeded
Error: UPGRADE FAILED: context deadline exceeded
helm.go:84: [debug] context deadline exceeded
UPGRADE FAILED`

[BrianEllwood]

I have been unable to manually deploy the helm chart into the test app can this wait until i return or does it need someone to get it over the line @julialawrence ?

[BrianEllwood]

continuing to try to run the helm chart manually to test

[BrianEllwood]

I have managed to manually deploy the helm chart (previous version 1.9.6)
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
ap-rshiny-notesbook-dev data-platform-app-ap-rshiny-notesbook-dev 51 2023-11-02 08:34:29.582507118 +0000 UTC deployed webapp-cp-1.9.7 1.0.0

Checking if there are any issues

[BrianEllwood]

the webapp log s contained the following
*** warning - no files are being watched ***
[2023-11-02T08:35:14.653] [INFO] shiny-server - Shiny Server v1.5.20.1002 (Node.js v16.18.1)
[2023-11-02T08:35:14.654] [INFO] shiny-server - Using config file "/etc/shiny-server/shiny-server.conf"
[2023-11-02T08:35:14.751] [INFO] shiny-server - Starting listener on http://[::]:9999
And i was unable to access the application so i rolled back to the original deployment

And the situation was the same

[BrianEllwood]

I have tried various methods deploy the helm chart manually none of which have worked slack thread here

[BrianEllwood]

I was unable to test this change by manually deploying the helm chart but senior engineers were happy for the change to go ahead slack thread

link to PR