andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/charts/kubecost/cost-analyzer/templates/cost-analyzer-frontend-conf...

288 lines
9.1 KiB
YAML
Raw Blame History

{{- if not .Values.agent }}
{{- $serviceName := include "cost-analyzer.serviceName" . -}}
{{- $nginxPort := .Values.service.targetPort | default 9090 -}}
{{- if .Values.saml.enabled }}
{{- if .Values.oidc.enabled }}
{{- fail "SAML and OIDC cannot both be enabled" }}
{{- end }}
{{- end }}
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-conf
labels:
{{ include "cost-analyzer.commonLabels" . | nindent 4 }}
data:
nginx.conf: |
gzip_static on;
# Enable gzip encoding for content of the provided types of 50kb and higher.
gzip on;
gzip_min_length 50000;
gzip_proxied expired no-cache no-store private auth;
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/vnd.ms-fontobject
application/wasm
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/bmp
image/svg+xml
text/cache-manifest
text/calendar
text/css
text/javascript
text/markdown
text/plain
text/xml
text/x-component
text/x-cross-domain-policy;
upstream api {
{{- if.Values.kubecostFrontend.api }}
{{- if.Values.kubecostFrontend.api.fqdn }}
server {{ .Values.kubecostFrontend.api.fqdn }};
{{- else }}
server {{ $serviceName }}.{{ .Release.Namespace }}:9001;
{{- end }}
{{- else }}
server {{ $serviceName }}.{{ .Release.Namespace }}:9001;
{{- end }}
}
upstream model {
{{- if.Values.kubecostFrontend.model }}
{{- if.Values.kubecostFrontend.model.fqdn }}
server {{ .Values.kubecostFrontend.model.fqdn }};
{{- else }}
server {{ $serviceName }}.{{ .Release.Namespace }}:9003;
{{- end }}
{{- else }}
server {{ $serviceName }}.{{ .Release.Namespace }}:9003;
{{- end }}
}
{{- if .Values.clusterController }}
{{- if .Values.clusterController.enabled }}
upstream clustercontroller {
{{- if .Values.clusterController.fqdn }}
server {{ .Values.clusterController.fqdn }};
{{- else }}
server {{ template "kubecost.clusterControllerName" . }}-service.{{ .Release.Namespace }}:9731;
{{- end }}
}
{{- end }}
{{- end }}
{{- if .Values.global.grafana.proxy }}
upstream grafana {
{{- if .Values.global.grafana.enabled }}
{{- if .Values.global.grafana.fqdn }}
server {{ .Values.global.grafana.fqdn }};
{{- else }}
server {{ .Release.Name }}-grafana.{{ .Release.Namespace }};
{{- end }}
{{- else }}
server {{.Values.global.grafana.domainName}};
{{- end }}
}
{{- end }}
server {
server_name _;
root /var/www;
index index.html;
large_client_header_buffers 4 32k;
add_header Cache-Control "must-revalidate";
error_page 504 /custom_504.html;
location = /custom_504.html {
internal;
}
{{- if or .Values.saml.enabled .Values.oidc.enabled }}
add_header Cache-Control "max-age=0";
location / {
auth_request /auth;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
error_page 401 = /login;
try_files $uri $uri/ /index.html;
}
{{- else }}
add_header Cache-Control "max-age=300";
location / {
try_files $uri $uri/ /index.html;
}
{{- end }}
{{- if .Values.imageVersion }}
add_header ETag "{{ $.Values.imageVersion }}";
{{- else }}
add_header ETag "{{ $.Chart.Version }}";
{{- end }}
{{- if .Values.kubecostFrontend.tls }}
{{- if .Values.kubecostFrontend.tls.enabled }}
{{- if .Values.kubecostFrontend.tls.specifyProtocols }}
ssl_protocols {{ $.Values.kubecostFrontend.tls.protocols }};
{{- end }}
ssl_certificate /etc/ssl/certs/kc.crt;
ssl_certificate_key /etc/ssl/certs/kc.key;
listen 443 ssl;
{{- if .Values.kubecostFrontend.ipv6.enabled }}
listen [::]:443 ssl;
{{- end }}
{{- else }}
listen {{ $nginxPort }};
{{- if .Values.kubecostFrontend.ipv6.enabled }}
listen [::]:{{ $nginxPort }};
{{- end }}
{{- end }}
{{- else }}
listen {{ $nginxPort }};
{{- if .Values.kubecostFrontend.ipv6.enabled }}
listen [::]:{{ $nginxPort }};
{{- end }}
{{- end }}
location /api/ {
{{- if or .Values.saml.enabled .Values.oidc.enabled }}
auth_request /auth;
{{- end }}
proxy_pass http://api/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /model/ {
proxy_connect_timeout 180;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_pass http://model/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ ^/(turndown|cluster)/ {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS' always;
{{- if .Values.clusterController }}
{{- if .Values.clusterController.enabled }}
{{- if or .Values.saml .Values.oidc }}
{{- if or .Values.saml.enabled .Values.oidc.enabled }}
auth_request /auth;
{{- else if .Values.saml.rbac.enabled}}
auth_request /authrbac;
{{- end }}
{{- end }}
rewrite ^/(?:turndown|cluster)/(.*)$ /$1 break;
proxy_pass http://clustercontroller;
proxy_connect_timeout 180;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
{{- else }}
return 404;
{{- end }}
{{- else }}
return 404;
{{- end }}
}
location /oidc/ {
proxy_connect_timeout 180;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_pass http://model/oidc/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /saml/ {
proxy_connect_timeout 180;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_pass http://model/saml/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /login {
proxy_connect_timeout 180;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_pass http://model/login;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /logout {
proxy_connect_timeout 180;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_pass http://model/logout;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
{{- if .Values.global.grafana.proxy }}
location /grafana/ {
{{- if .Values.saml.enabled }}
auth_request /auth;
{{- end }}
proxy_pass http://grafana/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
{{ end }}
{{- if or .Values.saml.enabled .Values.oidc.enabled }}
location /auth {
proxy_pass http://model/isAuthenticated;
}
{{- end }}
{{- if .Values.saml.rbac.enabled }}
location /authrbac {
proxy_pass http://model/isAdminAuthenticated;
}
{{- end }}
}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink