From b74452b8c92adbaf7bd8823b0a1b7bef65f06ba0 Mon Sep 17 00:00:00 2001
From: kaw67872 <kawtar.laariche@iais.fraunhofer.de>
Date: Thu, 26 Jun 2025 13:27:45 +0200
Subject: [PATCH] bug: fix backend api ingress config
---
.../kubernetes/consolidated-ingress.yaml | 64 +++++++++++-----
...e-double-prefix.yaml => dsce-ingress.yaml} | 19 ++++-
src/deployment/kubernetes/dsce-prefix.yaml | 21 -----
src/deployment/kubernetes/setup_ingress.sh | 76 +++++++++++++++++++
4 files changed, 134 insertions(+), 46 deletions(-)
rename src/deployment/kubernetes/{dsce-double-prefix.yaml => dsce-ingress.yaml} (62%)
delete mode 100644 src/deployment/kubernetes/dsce-prefix.yaml
create mode 100644 src/deployment/kubernetes/setup_ingress.sh
diff --git a/src/deployment/kubernetes/consolidated-ingress.yaml b/src/deployment/kubernetes/consolidated-ingress.yaml
index 1841aff..e60d7b0 100644
--- a/src/deployment/kubernetes/consolidated-ingress.yaml
+++ b/src/deployment/kubernetes/consolidated-ingress.yaml
@@ -1,3 +1,6 @@
+# ------------------------------------------------------------
+# 1. Everything except /api/v2/**
+# ------------------------------------------------------------
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@@ -10,7 +13,7 @@ metadata:
nginx.ingress.kubernetes.io/proxy-buffers-size: "256k"
nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "256k"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
- nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
+ nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, OPTIONS, PUT, DELETE"
@@ -20,32 +23,22 @@ metadata:
spec:
ingressClassName: nginx
tls:
- - hosts:
- - dev02.ki-lab.nrw
+ - hosts: [dev02.ki-lab.nrw]
secretName: ingress-cert
rules:
- host: dev02.ki-lab.nrw
http:
paths:
- # New UI API path
- - path: "/api/v2"
- pathType: Prefix
- backend:
- service:
- name: portal-be-service
- port:
- number: 8083
-
- # Old UI API path - goes to frontend
+ # OLD-UI gateway (Zuul)
- path: "/api"
pathType: Prefix
backend:
service:
name: portal-fe-service
- port:
+ port:
number: 8085
-
- # Public endpoints
+
+ # Public endpoints served directly by portal-be
- path: "/public"
pathType: Prefix
backend:
@@ -67,8 +60,8 @@ spec:
name: portal-be-service
port:
number: 8083
-
- # New Angular UI
+
+ # NEW Angular 17 front-end (static assets)
- path: "/v2"
pathType: Prefix
backend:
@@ -76,12 +69,41 @@ spec:
name: angular-frontend-service
port:
number: 80
-
- # Root path (for static assets and old UI)
+
+ # Root path – legacy AngularJS UI
- path: "/"
pathType: Prefix
backend:
service:
name: portal-fe-service
port:
- number: 8085
\ No newline at end of file
+ number: 8085
+---
+# ------------------------------------------------------------
+# 2. Regex rule for /api/v2/** → /** (strips the prefix)
+# ------------------------------------------------------------
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: api-v2-ingress
+ namespace: graphene
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ nginx.ingress.kubernetes.io/use-regex: "true"
+ nginx.ingress.kubernetes.io/rewrite-target: /$2
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts: [dev02.ki-lab.nrw]
+ secretName: ingress-cert
+ rules:
+ - host: dev02.ki-lab.nrw
+ http:
+ paths:
+ - path: /api/v2(/|$)(.*)
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: portal-be-service
+ port:
+ number: 8083
diff --git a/src/deployment/kubernetes/dsce-double-prefix.yaml b/src/deployment/kubernetes/dsce-ingress.yaml
similarity index 62%
rename from src/deployment/kubernetes/dsce-double-prefix.yaml
rename to src/deployment/kubernetes/dsce-ingress.yaml
index 11d763e..b9df5aa 100644
--- a/src/deployment/kubernetes/dsce-double-prefix.yaml
+++ b/src/deployment/kubernetes/dsce-ingress.yaml
@@ -1,23 +1,34 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
- name: dsce-double-prefix
+ name: dsce-ingress
namespace: graphene
annotations:
+ nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+ nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /dsce$1
- nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
- nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"
spec:
ingressClassName: nginx
+ tls:
+ - hosts: [dev02.ki-lab.nrw]
+ secretName: ingress-cert
rules:
- host: dev02.ki-lab.nrw
http:
paths:
- # /dsce/dsce/<anything> → /dsce/<anything>
+ # old UI calls /dsce/dsce/…
- path: /dsce/dsce(/.*)
pathType: ImplementationSpecific
+ backend:
+ service:
+ name: dsce-service
+ port:
+ number: 8088
+ # future UI (or API) can use the cleaner single prefix /dsce/…
+ - path: /dsce/
+ pathType: Prefix
backend:
service:
name: dsce-service
diff --git a/src/deployment/kubernetes/dsce-prefix.yaml b/src/deployment/kubernetes/dsce-prefix.yaml
deleted file mode 100644
index 3c53a8e..0000000
--- a/src/deployment/kubernetes/dsce-prefix.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: dsce-prefix
- namespace: graphene
- annotations:
- nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
- nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"
-spec:
- ingressClassName: nginx
- rules:
- - host: dev02.ki-lab.nrw
- http:
- paths:
- - path: /dsce/
- pathType: Prefix
- backend:
- service:
- name: dsce-service
- port:
- number: 8088
\ No newline at end of file
diff --git a/src/deployment/kubernetes/setup_ingress.sh b/src/deployment/kubernetes/setup_ingress.sh
new file mode 100644
index 0000000..4d4dd86
--- /dev/null
+++ b/src/deployment/kubernetes/setup_ingress.sh
@@ -0,0 +1,76 @@
+#!/bin/bash
+# ===============LICENSE_START=======================================================
+# Graphene Apache-2.0
+# ===================================================================================
+# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# ===================================================================================
+# This Graphene software file is distributed by AT&T
+# under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# This file is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ===============LICENSE_END=========================================================
+#
+# What this is: script to setup an Nginx-based ingress controller and related
+# ingress rules for the Graphene platform, as deployed under kubernetes. See
+# https://github.com/helm/charts/tree/master/stable/nginx-ingress for more
+# info.
+#
+# Prerequisites:
+# - Graphene core components through oneclick_deploy.sh
+#
+# Usage:
+# For k8s-based deployment, run this script on the AIO host or a workstation
+# connected to the k8s cluster via kubectl (e.g. via tools/setup_kubectl.sh)
+# $ bash setup_ingress.sh
+#
+# Openshift
+# oc login -u system:admin
+# oc project default
+# oc get -o yaml service/router dc/router clusterrolebinding/router-router-role serviceaccount/router > default-router-backup.yam
+# git clone https://github.com/nginxinc/nginx-openshift-router
+# cd nginx-openshift-router/src/nginx
+# docker build -t nginx-openshift-router:0.2 .
+# cd ~
+# oc delete -f default-router-backup.yaml
+# oc adm router router --images=nginx-openshift-router:0.2 --type=''
+
+function clean_ingress() {
+ trap 'fail' ERR
+ apps="cds kubernetes-client onboarding license-profile-editor playground-deployer federation dsce consolidated api-v2"
+ for app in $apps; do
+ if [[ $(kubectl get ingress -n $GRAPHENE_NAMESPACE $app-ingress) ]]; then
+ kubectl delete ingress -n $GRAPHENE_NAMESPACE $app-ingress
+ log "Ingress $app-ingress deleted"
+ fi
+ done
+}
+
+function setup_ingress() {
+ trap 'fail' ERR
+ log "Create ingress resources for services"
+ if [[ ! -d deploy ]]; then mkdir deploy; fi
+ cp templates/* deploy/.
+ replace_env deploy
+ ings=$(ls deploy)
+ for ing in $ings; do
+ kubectl create -f deploy/$ing
+ done
+}
+
+set -x
+trap 'fail' ERR
+WORK_DIR=$(pwd)
+cd $(dirname "$0")
+if [[ -z "$AIO_ROOT" ]]; then export AIO_ROOT="$(cd ..; pwd -P)"; fi
+source $AIO_ROOT/utils.sh
+source $AIO_ROOT/graphene_env.sh
+clean_ingress
+setup_ingress
+cd $WORK_DIR
--
GitLab