Skip to content

Commit

Permalink
Merge pull request #58 from opensrp/add-default-nginx-ingress-headers
Browse files Browse the repository at this point in the history
  • Loading branch information
@machariamuguku
machariamuguku authored Jul 7, 2022
2 parents 06b0eb9 + 8db6ab9 commit cc6be30
Show file tree
Hide file tree
Showing 5 changed files with 79 additions and 6 deletions.
2 changes: 1 addition & 1 deletion charts/opensrp-web/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.6.0
version: 0.7.0

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
Expand Down
26 changes: 24 additions & 2 deletions charts/opensrp-web/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,7 @@ The following table lists the configurable parameters of the Opensrp-web chart a
| `containerEnvironmentVariables.EXPRESS_KEYCLOAK_LOGOUT_URL` | | `"https://{{ .Values.sharedVars.keycloakUrl }}/auth/realms/{{ .Values.sharedVars.keycloakRealm }}/protocol/openid-connect/logout"` |
| `containerEnvironmentVariables.EXPRESS_REDIS_STAND_ALONE_URL` | this env is only injected if .Values.express.redisStandAloneUrl is defined. Not injected by default | |
| `containerEnvironmentVariables.EXPRESS_REDIS_SENTINEL_CONFIG` | this env is only injected if .Values.express.redisSentinelConfig is defined. Not injected by default | |
| `containerEnvironmentVariables.EXPRESS_CONTENT_SECURITY_POLICY_CONFIG`| | `"(.Values.express.csp \| toJson)"` |
| `reactEnvironmentVariables.REACT_APP_DOMAIN_NAME` | | `"https://{{ .sharedVars.appDomainName }}"` |
| `reactEnvironmentVariables.REACT_APP_EXPRESS_OAUTH_GET_STATE_URL` | | `"https://{{ .sharedVars.appDomainName }}/oauth/state"` |
| `reactEnvironmentVariables.REACT_APP_EXPRESS_OAUTH_LOGOUT_URL` | | `"https://{{ .sharedVars.appDomainName }}/logout"` |
Expand Down Expand Up @@ -179,7 +180,6 @@ The following table lists the configurable parameters of the Opensrp-web chart a
| `reactEnvironmentVariables.REACT_APP_DEFAULT_PLAN_ID` | | `"27362060-0309-411a-910c-64f55ede3758"` |
| `reactEnvironmentVariables.SKIP_PREFLIGHT_CHECK` | | `"true"` |
| `reactEnvironmentVariables.REACT_APP_PLAN_ASSIGNMENT_AT_GEO_LEVEL` | | `"0"` |
| `reactEnvironmentVariables.REACT_APP_SENTRY_DSN` | | `""` |
| `reactEnvironmentVariables.REACT_APP_DEFAULT_PLAN_VERSION` | | `"1"` |
| `reactEnvironmentVariables.REACT_APP_TASK_GENERATION_STATUS` | | `"False"` |
| `reactEnvironmentVariables.REACT_APP_PROJECT_LANGUAGE_CODE` | | `"core"` |
Expand Down Expand Up @@ -211,9 +211,31 @@ The following table lists the configurable parameters of the Opensrp-web chart a
| `express.nodeEnv` | | `"production"` |
| `express.redisStandAloneUrl` | Redis connection string for a stand alone redis instance. see <https://github.com/luin/ioredis#connect-to-redis> | |
| `express.redisSentinelConfig` | Redis connection config object for a redis sentinel instance. see <https://github.com/luin/ioredis#sentinel> | |
| `sentry.dsn` | | `""` |
| `express.expressHeaders` | Additional configurable response headers that the express server should return, templates help with re-formatting `report-to`, others will be passed to express as is | `"{report-to: []}"` |
| `express.cspHeaderConfig` | | `"{}"` |
| `sentry.environment` | | `"staging"` |
| `sentry.tags` | | `{}` |
| `sentry.domain` | | `""` |
| `sentry.projectId` | id of the associated project on the sentry server | `""` |
| `sentry.sentryKey` | public client key that for the associated sentry project | `sentryKey` |

## Express Headers
The express application response headers can be configured from the envs via the `expressHeaders` config. This config is a map whose keys represents an actual header key.

This chart comes with a bit of support for the `report-to` header, whilst you can define the different reporting endpoints configs as a json array, its further formatted into a comma delimited string, however all other envs are passed to the environment as they are.

### examples

```yaml
express:
expressHeaders:
report-to:
- group: "csp-endpoint"
max_age: 10886400
endpoints:
- url: "https://example.com/csp-reporting"
cache-control: "max-age=604800"
```

## Session Storage

Expand Down
33 changes: 32 additions & 1 deletion charts/opensrp-web/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,15 +82,46 @@ REACT_APP_SENTRY_CONFIG_JSON: {{ (include "opensrp-web.sentryConfig" $scope ) |
Get opensrp-webs sentry tags
*/}}
{{- define "opensrp-web.sentryConfig" }}
{{- $sentryMap := omit .Values.sentry "tags" -}}
{{- $sentryMap := pick .Values.sentry "environment" -}}
{{- $tagsMap := pick .Values.sentry "tags" -}}
{{- $_ := set $tagsMap "release-name" (.Release.Name) -}}
{{- $_ := set $tagsMap "release-namespace" (.Release.Namespace) -}}
{{- if and .Values.sentry.sentryKey .Values.sentry.domain .Values.sentry.projectId -}}
{{- $_ := set $sentryMap "dsn" (printf "https://%s@%s/%s" .Values.sentry.sentryKey .Values.sentry.domain .Values.sentry.projectId) -}}
{{- end -}}
{{- $sentryConfigs := merge $sentryMap $tagsMap -}}
{{- $_ := set $sentryConfigs "release" .Values.image.tag -}}
{{- $sentryConfigs | toJson -}}
{{- end }}

{{/*
Define express headers config, helps with reformatting where needed.
*/}}
{{- define "opensrp-web.expressResponseHeaders" -}}
{{- $scope := . -}}
{{- $expressHeaderConfig := get .Values.express "expressHeaders" -}}
{{- $reportTo := get $expressHeaderConfig "report-to" -}}
{{- $otherHeaders := omit $expressHeaderConfig "report-to" -}}
{{- if $reportTo -}}
{{- $stringified := "" -}}
{{- range $index, $reportEndpoint := $reportTo }}
{{- $stringified = print $stringified ", " (tpl ($reportEndpoint | toJson) $scope) -}}
{{- end -}}
{{- $_ := set $otherHeaders "report-to" $stringified -}}
{{- end -}}
{{ $otherHeaders | toJson | quote }}
{{- end -}}


{{/*
Dynamically add express environment variables
*/}}
{{- define "opensrp-web.expressResponseHeadersConfig" -}}
{{- $scope := . -}}
- name: "EXPRESS_RESPONSE_HEADERS"
value: {{ include "opensrp-web.expressResponseHeaders" $scope }}
{{- end -}}

{{/*
Populate the pod annotations
*/}}
Expand Down
1 change: 1 addition & 0 deletions charts/opensrp-web/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ spec:
mountPath: /etc/confd/templates/config.js.tmpl
subPath: config.js.tpl
env:
{{- include "opensrp-web.expressResponseHeadersConfig" . | nindent 12 }}
{{- include "opensrp-web.optionalRedisEnvironmentVariables" . | nindent 12 }}
{{- $scope := . -}}
{{- range $key, $value := .Values.containerEnvironmentVariables }}
Expand Down
23 changes: 21 additions & 2 deletions charts/opensrp-web/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@ containerEnvironmentVariables:
EXPRESS_SESSION_NAME: "express-server-session"
EXPRESS_SESSION_PATH: "{{ .Values.express.sessionPath }}"
EXPRESS_SESSION_SECRET: "{{ .Values.express.sessionSecret }}"
EXPRESS_CONTENT_SECURITY_POLICY_CONFIG: "{{ (tpl (.Values.express.cspHeaderConfig | toJson) .) }}"
NODE_ENV: "{{ .Values.express.nodeEnv }}"

# The react app environment variables
Expand Down Expand Up @@ -168,7 +169,6 @@ reactEnvironmentVariables:
REACT_APP_ENABLE_REPORTS: "false"
REACT_APP_ENABLE_FHIR_GROUP: "false"


sharedVars:
keycloakUrl: "keycloakUrl"
appDomainName: "appDomainName"
Expand All @@ -186,6 +186,23 @@ express:
sessionPath: "/"
reactBuildPath: "/usr/src/web"
nodeEnv: "production"
expressHeaders:
report-to: []
cspHeaderConfig:
default-src:
- "'self'"
script-src:
- "'self'"
- "'unsafe-inline'"
img-src:
- "'self'"
- "https://github.com/OpenSRP/"
- "https://*.githubusercontent.com/OpenSRP/"
connect-src:
- "'self'"
- "{{ if .Values.sentry.domain }}{{ .Values.sentry.domain }}{{ end }}"
- "https://{{ .Values.sharedVars.keycloakUrl }}"
- "https://{{ .Values.sharedVars.opensrpServer }}"

vpa:
enabled: true
Expand All @@ -194,9 +211,11 @@ vpa:
resourcePolicy: {}

sentry:
dsn: ""
environment: "staging"
tags: {}
domain: ""
projectId: ""
sentryKey: "sentryKey"

pdb:
enabled: false
Expand Down

0 comments on commit cc6be30

Please sign in to comment.