Migrate OSF pigeon to use cos-common library

osf-pigeon/Chart.yaml

@@ -1,15 +1,21 @@
-apiVersion: v1
+apiVersion: v2
 description: A Helm chart for Kubernetes
 name: osf-pigeon
-version: 0.1.0
+type: application
+version: 1.0.0
 sources:
   - https://github.com/CenterForOpenScience/osf-pigeon/
+dependencies:
+  - name: cos-common
+    version: 1.0.0
+    repository: https://centerforopenscience.github.io/helm-charts/
+  # - name: cos-common
+  #   version: 1.0.0
+  #   repository: "file://../cos-common"
 maintainers:
   - name: Matt Frazier
     email: matt@cos.io
     url: https://github.com/mfraezz
   - name: Matt Clark
     email: mattclark@cos.io
     url: https://github.com/mattclark
-engine: gotpl
-tillerVersion: '>=2.7.0'

osf-pigeon/files/nginx.conf

@@ -0,0 +1,117 @@
+user  nginx;
+worker_processes  {{ .Values.main.nginx.workerCount }};
+
+load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so;
+{{- if .Values.main.nginx.vts.enabled }}
+load_module /usr/lib/nginx/modules/ngx_http_geoip_module.so;
+load_module /usr/lib/nginx/modules/ngx_http_vhost_traffic_status_module.so;
+{{- end }}
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format main '$remote_addr - $upstream_cache_status $remote_user [$time_local] '
+                    '"$request" $status $body_bytes_sent '
+                    '"$http_referer" "$http_user_agent" "$http_x_forwarded_for" '
+                    'rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"';
+    access_log  /var/log/nginx/access.log  main;
+
+    real_ip_header {{ .Values.main.nginx.realIpHeader }};
+    real_ip_recursive {{ .Values.main.nginx.realIpRecursive }};
+    {{- range .Values.main.nginx.proxySourceRanges }}
+    set_real_ip_from {{ . }};
+    {{- end }}
+
+    {{- if .Values.main.nginx.vts.enabled }}
+    geoip_country       /etc/nginx/GeoIP.dat;
+    geoip_city          /etc/nginx/GeoLiteCity.dat;
+    geoip_proxy_recursive on;
+    {{- range .Values.main.nginx.proxySourceRanges }}
+    geoip_proxy {{ . }};
+    {{- end }}
+
+    vhost_traffic_status_zone shared:vhost_traffic_status:{{ .Values.main.nginx.vts.statusZoneSize }};
+    vhost_traffic_status_filter_by_set_key {{ .Values.main.nginx.vts.defaultFilterKey }};
+    {{- end }}
+
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 620s;
+    keepalive_requests 10000;
+    types_hash_max_size 2048;
+    server_tokens off;
+
+    gzip on;
+    gzip_proxied any;
+    gzip_disable "msie6";
+    gzip_min_length 1400;
+    gzip_vary on;
+    gzip_buffers 4 32k;
+    gzip_types text/plain text/css image/svg+xml application/javascript application/x-javascript text/xml text/javascript application/json application/vnd.api+json;
+
+    brotli on;
+    brotli_types text/plain text/css image/svg+xml application/javascript application/x-javascript text/xml text/javascript application/json application/vnd.api+json;
+
+    {{- if .Values.main.nginx.vts.enabled }}
+    server {
+        listen {{ .Values.main.nginx.vts.internalPort }};
+        server_name _;
+
+        location /healthz {
+            access_log off;
+            return 200;
+        }
+
+        location /nginx_status {
+            vhost_traffic_status_display;
+            vhost_traffic_status_display_format html;
+        }
+    }
+    {{- end }}
+
+    server {
+        listen {{ .Values.main.http.containers.nginx.internalPort }};
+        keepalive_timeout 620s;
+        client_max_body_size 25M;
+        server_name _;
+
+        if ($http_x_forwarded_proto = "http") {
+            return 301 https://$host$request_uri;
+        }
+
+        location = /healthz {
+            access_log off;
+            return 200;
+        }
+
+        location = /robots.txt {
+            alias /usr/share/nginx/html/robots.txt;
+        }
+
+        location / {
+            # Disable caching of application requests
+            add_header Cache-Control "no-cache, no-store, max-age=0, must-revalidate";
+            add_header Expires "-1";
+            add_header Pragma "no-cache";
+
+            # Mitigate HTTPoxy Vulnerability
+            # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
+            proxy_set_header Proxy                  "";
+
+            proxy_buffering off;
+            proxy_request_buffering off;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_pass http://127.0.0.1:{{ .Values.main.http.containers.nginx.externalPort }};
+        }
+    }
+}

osf-pigeon/templates/NOTES.txt

@@ -1,17 +1,24 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.hostname }}
-  http://{{- .Values.ingress.hostname }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "osf-pigeon.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ template "osf-pigeon.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "osf-pigeon.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP"  .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "osf-pigeon.fullname" . }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{ .Values.service.externalPort }}
+Component fullname: {{ include "cos-common.fullname" (dict "root" . "name" "" "values" .Values.main) }}
+
+{{- if and .Values.main.ingress.enabled (.Values.main.ingress.hosts) }}
+Ingress hosts:
+{{- $hosts := list }}
+{{- if and (kindIs "map" .Values.main.ingress.hosts) (or (hasKey .Values.main.ingress.hosts "primary") (hasKey .Values.main.ingress.hosts "additional")) }}
+  {{- range $h := (default (list) .Values.main.ingress.hosts.primary) }}
+    {{- $hosts = append $hosts $h }}
+  {{- end }}
+  {{- range $h := (default (list) .Values.main.ingress.hosts.additional) }}
+    {{- $hosts = append $hosts $h }}
+  {{- end }}
+{{- else }}
+  {{- range $h := .Values.main.ingress.hosts }}
+    {{- $hosts = append $hosts $h.host }}
+  {{- end }}
+{{- end }}
+{{- range $hosts }}
+ - {{ . }}
+{{- end }}
+{{- else }}
+Port-forward example:
+kubectl -n {{ .Release.Namespace }} port-forward svc/{{ include "cos-common.fullname" (dict "root" . "name" "" "values" .Values.main) }} 8080:{{ ( .Values.main.http.containers.nginx.internalPort ) }}
 {{- end }}