feat: handle cors (#461)

To handle CORS properly, nginx ingress configuration is updated. In addition, annotationsNoTls is removed as it is not necessary. In order to disable tls, removing tls block in ingress.yaml files is enough. Thus, the configuration is cleaned up.
cisco-open · Nov 17, 2023 · b9d8e29 · b9d8e29
1 parent 8534bbc
commit b9d8e29
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 21 deletions.
diff --git a/fiab/helm-chart/control/templates/apiserver-ingress.yaml b/fiab/helm-chart/control/templates/apiserver-ingress.yaml
@@ -21,16 +21,16 @@ metadata:
     namespace: {{ .Release.Namespace }}
     {{- if .Values.ingress.annotations }}
     annotations:
-      {{- range $key, $value := .Values.ingress.annotationsNoTls }}
+      {{- range $key, $value := .Values.ingress.annotations }}
       {{ $key }}: {{ tpl $value $ | quote }}
       {{- end }}
     {{- end }}
 spec:
     ingressClassName: {{ .Values.ingress.ingressClassName }}
-    tls:
-    - hosts:
-      - {{ .Values.frontDoorUrl.apiserver }}
-      secretName: {{ .Release.Name }}-apiserver-tls
+    # tls:
+    # - hosts:
+    #   - {{ .Values.frontDoorUrl.apiserver }}
+    #   secretName: {{ .Release.Name }}-apiserver-tls
     rules:
     - host: {{ .Values.frontDoorUrl.apiserver }}
       http:

diff --git a/fiab/helm-chart/control/templates/dashboard-configmap.yaml b/fiab/helm-chart/control/templates/dashboard-configmap.yaml
@@ -23,5 +23,5 @@ metadata:
 data:
   api-config.js: |
     window.env = {};
-    window.env.REACT_APP_API_URL="http://{{ .Release.Name }}-apiserver:{{ .Values.servicePort.apiserver }}";
-    window.env.REACT_APP_MLFLOW_URL="http://{{ .Release.Name }}-mlflow:{{ .Values.mlflow.servicePort }}/ajax-api/2.0/mlflow";
+    window.env.REACT_APP_API_URL="http://{{ .Values.frontDoorUrl.apiserver }}";
+    window.env.REACT_APP_MLFLOW_URL="http://{{ .Values.frontDoorUrl.mlflow }}/ajax-api/2.0/mlflow";
diff --git a/fiab/helm-chart/control/templates/dashboard-ingress.yaml b/fiab/helm-chart/control/templates/dashboard-ingress.yaml
@@ -21,12 +21,16 @@ metadata:
     namespace: {{ .Release.Namespace }}
     {{- if .Values.ingress.annotations }}
     annotations:
-      {{- range $key, $value := .Values.ingress.annotationsNoTls }}
+      {{- range $key, $value := .Values.ingress.annotations }}
       {{ $key }}: {{ tpl $value $ | quote }}
       {{- end }}
     {{- end }}
 spec:
     ingressClassName: {{ .Values.ingress.ingressClassName }}
+    # tls:
+    # - hosts:
+    #   - {{ .Values.frontDoorUrl.dashboard }}
+    #   secretName: {{ .Release.Name }}-dashboard-tls
     rules:
     - host: {{ .Values.frontDoorUrl.dashboard }}
       http:
@@ -44,4 +48,4 @@ spec:
             serviceName: {{ .Release.Name }}-dashboard
             servicePort: {{ .Values.servicePort.dashboard }}
           path: /
-        {{ end }}
+        {{ end }}
diff --git a/fiab/helm-chart/control/templates/mlflow-ingress.yaml b/fiab/helm-chart/control/templates/mlflow-ingress.yaml
@@ -21,7 +21,7 @@ metadata:
     namespace: {{ .Release.Namespace }}
     {{- if .Values.ingress.annotations }}
     annotations:
-      {{- range $key, $value := .Values.ingress.annotationsNoTls }}
+      {{- range $key, $value := .Values.ingress.annotations }}
       {{ $key }}: {{ tpl $value $ | quote }}
       {{- end }}
     {{- end }}

diff --git a/fiab/helm-chart/control/values.yaml b/fiab/helm-chart/control/values.yaml
@@ -84,25 +84,21 @@ ingress:
   annotations:
     nginx.ingress.kubernetes.io/rewrite-target: /
     cert-manager.io/cluster-issuer: selfsigned
+    # In case there is 413 error,
+    # refer to https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#custom-max-body-size
+    # set nginx.ingress.kubernetes.io/proxy-body-size to 0 to disable the limit
     nginx.ingress.kubernetes.io/proxy-body-size: "512m"
     nginx.ingress.kubernetes.io/proxy-connect-timeout: "60000"
     nginx.ingress.kubernetes.io/proxy-read-timeout: "60000"
     nginx.ingress.kubernetes.io/proxy-send-timeout: "60000"
+    # The following is for handle CORS
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/cors-allow-origin: "http://dashboard.flame.test"
+    nginx.ingress.kubernetes.io/cors-allow-methods: "DELETE, GET, POST, PUT"
   annotationsGrpc:
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
     nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
     cert-manager.io/cluster-issuer: selfsigned
-  # In mlflow, selfsigned certificate raises SSLCertVerificationError
-  # So, fiab env disable tls; tls can be enabled with a legitimate cert
-  annotationsNoTls:
-    nginx.ingress.kubernetes.io/rewrite-target: /
-    # In case there is 413 error,
-    # refer to https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#custom-max-body-size
-    # set nginx.ingress.kubernetes.io/proxy-body-size to 0 to disable the limit
-    nginx.ingress.kubernetes.io/proxy-body-size: "512m"
-    nginx.ingress.kubernetes.io/proxy-connect-timeout: "60000"
-    nginx.ingress.kubernetes.io/proxy-read-timeout: "60000"
-    nginx.ingress.kubernetes.io/proxy-send-timeout: "60000"
 
 frontDoorUrl:
   apiserver: apiserver.flame.test