diff --git a/kubernetes/report-ui/templates/refelx-grafana-ingress.yaml b/kubernetes/report-ui/templates/refelx-grafana-ingress.yaml new file mode 100644 index 00000000..9456bf3e --- /dev/null +++ b/kubernetes/report-ui/templates/refelx-grafana-ingress.yaml @@ -0,0 +1,136 @@ +{{- $basehref := .Values.backend.config.basehref | default "" -}} +{{- $grafana_enabled := false -}} +{{- if .Values.global }} + {{- if .Values.global.grafana }} + {{- $grafana_enabled = .Values.global.grafana.enabled }} + {{- end }} +{{- end }} + + +{{- if $grafana_enabled }} + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($arg_user) { + set $user $arg_user; + } + if ($arg_hostgroup) { + set $hostgroup $arg_hostgroup; + } + if ($arg_orgId) { + set $orgId $arg_orgId; + } + if ($arg_report) { + set $report $arg_report; + } + if ($user = "") { + return 401; + } + if ($hostgroup = "") { + return 401; + } + if ($orgId = "") { + return 401; + } + if ($report = "") { + return 401; + } + if ($http_referer ~ "^https://(.*)/grafana/d/(.*)orgId=([0-9]+)(.*)") { + set $referer_orgId $3; + set $cookie_valid 1; + } + if ($referer_orgId != $orgId) { + set $cookie_valid 0; + return 401; + } + if ($cookie_valid = 1) { + add_header Set-Cookie "ref_grafana_path=$http_referer; Path=/; HttpOnly; Secure; Samesite=Lax; Max-Age=86400"; + add_header Set-Cookie "ref_grafana_user=$user; Path=/; HttpOnly; Secure; Samesite=Lax; Max-Age=86400"; + add_header Set-Cookie "ref_grafana_hostgroup=$hostgroup; Path=/; HttpOnly; Secure; Samesite=Lax; Max-Age=86400"; + add_header Set-Cookie "ref_grafana_orgId=$orgId; Path=/; HttpOnly; Secure; Samesite=Lax; Max-Age=86400"; + add_header Set-Cookie "ref_grafana_report=$report; Path=/; HttpOnly; Secure; Samesite=Lax; Max-Age=86400"; + #ref_grafana_session already set from grafana ingress + set $redirect_url "$scheme://$host{{ $basehref }}/report/grafana/$report/"; + + return 302 $redirect_url; + } + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + name: grafana-redirect-report-ingress +spec: + ingressClassName: {{ .Release.Name }} + rules: + - http: + paths: + - backend: + service: + name: {{ .Chart.Name }}-frontend + port: + number: {{ .Values.frontend.service.port }} + path: "{{ $basehref }}/grafana-redirect-report-nmaa(/|$)(.*)" + pathType: Prefix + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/configuration-snippet: | + proxy_set_header X-GRAFANA-USER "$cookie_ref_grafana_user"; + proxy_set_header X-GRAFANA-HOSTGROUP "$cookie_ref_grafana_hostgroup"; + proxy_set_header X-GRAFANA-ORGID "$cookie_ref_grafana_orgId"; + if ($cookie_ref_grafana_session = "") { + return 401; + } + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/rewrite-target: /$1$2 + nginx.ingress.kubernetes.io/use-regex: "true" + name: report-be-grafana-ingress +spec: + ingressClassName: {{ .Release.Name }} + rules: + - http: + paths: + - backend: + service: + name: {{ .Chart.Name }}-backend + port: + number: {{ .Values.backend.service.port }} + path: "{{ $basehref }}/(_event|ping|_upload)(/.*)?$" + pathType: ImplementationSpecific + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/configuration-snippet: | + proxy_set_header X-GRAFANA-USER "$cookie_ref_grafana_user"; + proxy_set_header X-GRAFANA-HOSTGROUP "$cookie_ref_grafana_hostgroup"; + proxy_set_header X-GRAFANA-ORGID "$cookie_ref_grafana_orgId"; + if ($cookie_ref_grafana_session = "") { + return 401; + } + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/session-cookie-path: "{{ $basehref }}/report/grafana/" + nginx.ingress.kubernetes.io/use-regex: "true" + name: report-fe-grafana-ingress +spec: + ingressClassName: {{ .Release.Name }} + rules: + - http: + paths: + - backend: + service: + name: {{ .Chart.Name }}-frontend + port: + number: {{ .Values.frontend.service.port }} + path: "{{ $basehref }}/report/grafana/(.*)" + pathType: Prefix + +{{- end }} \ No newline at end of file