From 449169bcf12464ede6310d368b3b82008f1205ef Mon Sep 17 00:00:00 2001 From: Johannes Faltermeier Date: Thu, 18 Apr 2024 15:38:32 +0200 Subject: [PATCH] Add WebView Support eclipsesource/theia-cloud#296 * add additional information to AppDefinition for other hostnames that have to be exposed * adapt self-signed certificate generation to use a CA that can be imported as an authority in a browser * add additional wildcard rules when installing the instance ingress * adapt document regeneration documentation to always use latest image --- CHANGELOG.md | 3 +++ README.md | 2 +- charts/theia-cloud-crds/Chart.yaml | 2 +- charts/theia-cloud-crds/README.md | 2 +- .../templates/appdefinition-spec-resource.yaml | 4 ++++ charts/theia.cloud-base/Chart.yaml | 2 +- charts/theia.cloud-base/README.md | 2 ++ .../templates/clusterissuer-for-ca.yaml | 7 +++++++ .../templates/clusterissuer-selfsigned.yaml | 3 ++- .../templates/theia-cloud-ca-certificate.yaml | 14 ++++++++++++++ charts/theia.cloud-base/values.yaml | 10 +++++++++- charts/theia.cloud/Chart.yaml | 2 +- charts/theia.cloud/README.md | 3 ++- .../theia.cloud/templates/instances-ingress.yaml | 7 +++++++ .../templates/theia-appdefinition-spec.yaml | 4 +++- charts/theia.cloud/values.yaml | 5 +++++ 16 files changed, 63 insertions(+), 9 deletions(-) create mode 100644 charts/theia.cloud-base/templates/clusterissuer-for-ca.yaml create mode 100644 charts/theia.cloud-base/templates/theia-cloud-ca-certificate.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index 029549b..e438a72 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,9 @@ - [theia-cloud-crds] Add option field to CRDs and increase version to `Session.v1beta8`, `Workspace.v1beta5` and `AppDefinition.v1beta10` [#55](https://github.com/eclipsesource/theia-cloud-helm/pull/55) | [#293](https://github.com/eclipsesource/theia-cloud/pull/293) - [theia-cloud] Add configurable image preloading [#56](https://github.com/eclipsesource/theia-cloud-helm/pull/56) +- [theia-cloud-base] Self signed certificates are now signed by a Theia Cloud certificate authority. The certificate of the authority may be exported and imported in your Browser for easier local testing [#57](https://github.com/eclipsesource/theia-cloud-helm/pull/57) +- [theia-cloud-crds] Add `ingressHostnamePrefixes` list to `AppDefinition.v1beta10` [#57](https://github.com/eclipsesource/theia-cloud-helm/pull/57) | [#298](https://github.com/eclipsesource/theia-cloud/pull/298) +- [theia-cloud] Add `additionalWildcardInstances` to values and create TLS entries for them in the instances-ingress [#57](https://github.com/eclipsesource/theia-cloud-helm/pull/57) ## [0.10.0] - 2024-04-02 diff --git a/README.md b/README.md index 1d08ba1..ec402fe 100644 --- a/README.md +++ b/README.md @@ -44,5 +44,5 @@ Furthermore, the new version, together with a release estimation date, should be ## How to generate Chart READMEs ```bash -docker run --rm --volume "$(pwd)/charts:/helm-docs" -u $(id -u) jnorwood/helm-docs:latest +docker pull jnorwood/helm-docs:latest && docker run --rm --volume "$(pwd)/charts:/helm-docs" -u $(id -u) jnorwood/helm-docs:latest ``` diff --git a/charts/theia-cloud-crds/Chart.yaml b/charts/theia-cloud-crds/Chart.yaml index e62576c..a17e994 100644 --- a/charts/theia-cloud-crds/Chart.yaml +++ b/charts/theia-cloud-crds/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.11.0-next.1 +version: 0.11.0-next.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/theia-cloud-crds/README.md b/charts/theia-cloud-crds/README.md index 8682aac..06a5b79 100644 --- a/charts/theia-cloud-crds/README.md +++ b/charts/theia-cloud-crds/README.md @@ -13,4 +13,4 @@ A Helm chart for the custom resource definitions (CRDs) of Theia Cloud | conversion.image | string | `"theiacloud/theia-cloud-conversion-webhook:0.11.0-next"` | The image of the webhook container | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0) +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/charts/theia-cloud-crds/templates/appdefinition-spec-resource.yaml b/charts/theia-cloud-crds/templates/appdefinition-spec-resource.yaml index e63fb3d..5c22d36 100644 --- a/charts/theia-cloud-crds/templates/appdefinition-spec-resource.yaml +++ b/charts/theia-cloud-crds/templates/appdefinition-spec-resource.yaml @@ -51,6 +51,10 @@ spec: maximum: 65535 ingressname: type: string + ingressHostnamePrefixes: + type: array + items: + type: string minInstances: type: integer maxInstances: diff --git a/charts/theia.cloud-base/Chart.yaml b/charts/theia.cloud-base/Chart.yaml index b05b69f..4a9745c 100644 --- a/charts/theia.cloud-base/Chart.yaml +++ b/charts/theia.cloud-base/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.11.0-next.0 +version: 0.11.0-next.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/theia.cloud-base/README.md b/charts/theia.cloud-base/README.md index 07bcce4..4ce5ce7 100644 --- a/charts/theia.cloud-base/README.md +++ b/charts/theia.cloud-base/README.md @@ -8,7 +8,9 @@ Theia-cloud base chart | Key | Type | Default | Description | |-----|------|---------|-------------| +| certmanager.namespace | string | `"cert-manager"` | the namespace where the cert-manager is installed | | issuer.email | string | `"mmorlock@example.com"` | email used to issue let's encrypt certificates | +| issuerca.name | string | `"theia-cloud-ca-certificate-signer"` | name for the issuer preparing a self signed CA certificate | | issuerprod.name | string | `"letsencrypt-prod"` | name for the let's encrypt production cluster issuer | | issuerstaging.name | string | `"theia-cloud-selfsigned-issuer"` | name for the self signed cluster issuer | | operatorrole.name | string | `"operator-api-access"` | name for the operator's cluster role | diff --git a/charts/theia.cloud-base/templates/clusterissuer-for-ca.yaml b/charts/theia.cloud-base/templates/clusterissuer-for-ca.yaml new file mode 100644 index 0000000..633cd23 --- /dev/null +++ b/charts/theia.cloud-base/templates/clusterissuer-for-ca.yaml @@ -0,0 +1,7 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: {{ .Values.issuerca.name }} +spec: + selfSigned: {} + \ No newline at end of file diff --git a/charts/theia.cloud-base/templates/clusterissuer-selfsigned.yaml b/charts/theia.cloud-base/templates/clusterissuer-selfsigned.yaml index 77907b7..bf6dff8 100644 --- a/charts/theia.cloud-base/templates/clusterissuer-selfsigned.yaml +++ b/charts/theia.cloud-base/templates/clusterissuer-selfsigned.yaml @@ -3,5 +3,6 @@ kind: ClusterIssuer metadata: name: {{ .Values.issuerstaging.name }} spec: - selfSigned: {} + ca: + secretName: theia-cloud-ca-key-pair \ No newline at end of file diff --git a/charts/theia.cloud-base/templates/theia-cloud-ca-certificate.yaml b/charts/theia.cloud-base/templates/theia-cloud-ca-certificate.yaml new file mode 100644 index 0000000..e8bb858 --- /dev/null +++ b/charts/theia.cloud-base/templates/theia-cloud-ca-certificate.yaml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: theia-cloud-ca-certificate + namespace: {{ .Values.certmanager.namespace }} +spec: + commonName: "Theia Cloud CA" + secretName: theia-cloud-ca-key-pair + isCA: true + issuerRef: + name: {{ .Values.issuerca.name }} + kind: ClusterIssuer + duration: 2160h + renewBefore: 360h \ No newline at end of file diff --git a/charts/theia.cloud-base/values.yaml b/charts/theia.cloud-base/values.yaml index cef8992..e4a2d19 100644 --- a/charts/theia.cloud-base/values.yaml +++ b/charts/theia.cloud-base/values.yaml @@ -1,3 +1,7 @@ +issuerca: + # -- name for the issuer preparing a self signed CA certificate + name: theia-cloud-ca-certificate-signer + issuerprod: # -- name for the let's encrypt production cluster issuer name: letsencrypt-prod @@ -16,4 +20,8 @@ operatorrole: servicerole: # -- name for the services' cluster role - name: service-api-access \ No newline at end of file + name: service-api-access + +certmanager: + # -- the namespace where the cert-manager is installed + namespace: cert-manager \ No newline at end of file diff --git a/charts/theia.cloud/Chart.yaml b/charts/theia.cloud/Chart.yaml index a769b56..13dc9c4 100644 --- a/charts/theia.cloud/Chart.yaml +++ b/charts/theia.cloud/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.11.0-next.1 +version: 0.11.0-next.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/theia.cloud/README.md b/charts/theia.cloud/README.md index 567c790..20dd1f1 100644 --- a/charts/theia.cloud/README.md +++ b/charts/theia.cloud/README.md @@ -1,6 +1,6 @@ # theia-cloud -![Version: 0.11.0-next.0](https://img.shields.io/badge/Version-0.11.0--next.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.11.0-next](https://img.shields.io/badge/AppVersion-0.11.0--next-informational?style=flat-square) +![Version: 0.11.0-next.1](https://img.shields.io/badge/Version-0.11.0--next.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.11.0-next](https://img.shields.io/badge/AppVersion-0.11.0--next-informational?style=flat-square) A Helm chart for Theia.cloud @@ -25,6 +25,7 @@ A Helm chart for Theia.cloud | demoApplication.pullSecret | string | `""` | the image pull secret. Leave empty if registry is public | | demoApplication.timeout | string | `"30"` | Limit in minutes | | hosts | object | (see details below) | You may adjust the hostname below. | +| hosts.additionalWildcardInstances | list | `["*.webview."]` | additional wildcard hostnames that may be required in the launched Theia-applications, e.g. "*.webview." which leads to "*.webview.ws.192.168.39.173.nip.io" to expose webviews These are required to configure TLS (if enabled via hosts.tls == true) | | hosts.instance | string | `"ws.192.168.39.173.nip.io"` | hostname for the launched Theia-applications | | hosts.landing | string | `"theia.cloud.192.168.39.173.nip.io"` | hostname of the landing page | | hosts.paths | object | (see details below) | Only needed when usePaths == true. Contains the baseHost and paths for all services | diff --git a/charts/theia.cloud/templates/instances-ingress.yaml b/charts/theia.cloud/templates/instances-ingress.yaml index 16d6f91..43923b4 100644 --- a/charts/theia.cloud/templates/instances-ingress.yaml +++ b/charts/theia.cloud/templates/instances-ingress.yaml @@ -24,12 +24,19 @@ spec: tls: - hosts: - {{ tpl (.Values.hosts.instance | toString) . }} + {{- range .Values.hosts.additionalWildcardInstances }} + - {{ printf "'%s%s'" . $.Values.hosts.instance }} + {{- end }} secretName: ws-cert-secret {{- end }} {{- if not (lookup "networking.k8s.io/v1" "Ingress" .Release.Namespace (tpl (.Values.ingress.instanceName | toString) .) ) }} rules: - host: {{ tpl (.Values.hosts.instance | toString) . }} http: + {{- range .Values.hosts.additionalWildcardInstances }} + - host: {{ printf "'%s%s'" . $.Values.hosts.instance }} + http: + {{- end }} {{- else }} rules: {{ range $rule := (lookup "networking.k8s.io/v1" "Ingress" .Release.Namespace (tpl (.Values.ingress.instanceName | toString) .)).spec.rules }} diff --git a/charts/theia.cloud/templates/theia-appdefinition-spec.yaml b/charts/theia.cloud/templates/theia-appdefinition-spec.yaml index d2bc388..3ddba8b 100644 --- a/charts/theia.cloud/templates/theia-appdefinition-spec.yaml +++ b/charts/theia.cloud/templates/theia-appdefinition-spec.yaml @@ -1,5 +1,5 @@ {{- if .Values.demoApplication.install }} -apiVersion: theia.cloud/v1beta9 +apiVersion: theia.cloud/v1beta10 kind: AppDefinition metadata: name: theia-cloud-demo @@ -11,6 +11,8 @@ spec: uid: 101 port: 3000 ingressname: {{ tpl (.Values.ingress.instanceName | toString) . }} + ingressHostnamePrefixes: + - "*.webview." minInstances: 0 maxInstances: 10 timeout: {{ tpl (.Values.demoApplication.timeout | toString) . }} diff --git a/charts/theia.cloud/values.yaml b/charts/theia.cloud/values.yaml index dd02bc1..93a611d 100644 --- a/charts/theia.cloud/values.yaml +++ b/charts/theia.cloud/values.yaml @@ -108,6 +108,11 @@ hosts: # -- hostname for the launched Theia-applications instance: ws.192.168.39.173.nip.io + # -- additional wildcard hostnames that may be required in the launched Theia-applications, e.g. + # "*.webview." which leads to "*.webview.ws.192.168.39.173.nip.io" to expose webviews + # These are required to configure TLS (if enabled via hosts.tls == true) + additionalWildcardInstances: ["*.webview."] + # -- Values related to the landing page # @default -- (see details below) landingPage: