SS 693 ingress does not care if app is public or private #101
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…settings removes auth-url
sandstromviktor
commented
Nov 16, 2023
Comment on lines
-214
to
-218
| try: | ||
| print("Ingress v1beta1: {}".format(settings.INGRESS_V1BETA1)) | ||
| parameters["ingress"]["v1beta1"] = settings.INGRESS_V1BETA1 | ||
| except: # noqa E722 TODO: Add exception | ||
| pass |
There was a problem hiding this comment.
This fails always, so i've removed it.
sandstromviktor
commented
Nov 16, 2023
| @@ -203,19 +203,14 @@ def deploy_resource(instance_pk, action="create"): | |||
| app_instance = AppInstance.objects.select_for_update().get(pk=instance_pk) | |||
| status = AppStatus(appinstance=app_instance) | |||
|
|
|||
| if action == "create": | |||
| if (action == "create") or (action == "update"): | |||
There was a problem hiding this comment.
Adding update action that actually updates the app parameters. This was not done before some some odd reason.
sandstromviktor
commented
Nov 16, 2023
Comment on lines
+9
to
+12
| {{ if ne .Values.permission "public" }} | ||
| nginx.ingress.kubernetes.io/auth-url: "{{ .Values.global.protocol }}://{{ .Values.global.auth_domain }}:8080/auth/?release={{ .Values.release }}" | ||
| nginx.ingress.kubernetes.io/auth-signin: "https://{{ .Values.global.domain }}/accounts/login/?next=$scheme%3A%2F%2F$host" | ||
| #nginx.ingress.kubernetes.io/auth-response-headers: X-Forwarded-Host | ||
| {{- end }} |
There was a problem hiding this comment.
This is added to ingress files for dash, shiny, custom app etc.
churnikov
reviewed
Nov 16, 2023
Yes i've tried that, using multiple browsers and even curl |
churnikov
approved these changes
Nov 16, 2023
sandstromviktor
deleted the
SS-693-ingress-does-not-care-if-app-is-public-or-private
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Bug description:
Creating a public app means that Django makes it public in the UI, but accessing the app without being logged in is blocked by ingress.
Fix
There are probably a better permanent solution, but me and Hamza thought that this will do for now.
This is how the fix works.
{"permission": "public"}yamlfile has anifstatement, so if permission is public, then we do not require login.In order to fix this, i have
ifstatement to all apps that can be made public (Shiny, dash, custom app etc)In addition to this, i have removed a bunch of unnecessary
v1betastatements in ingress. These are never used.Checklist
If you're unsure about any of the items below, don't hesitate to ask. We're here to help!
This is simply a reminder of what we are going to look for before merging your code.