Multiplayer/Ingress force retool as backend

[davidaparicio]

Hello!

I deployed the latest stable version (3.114.2-stable) with the penultimate version of the HELM Chart (retool-6.2.14).

But the chart can't permit to redirect the path /api/multiplayer/ to the serviceName: retool-multiplayer-ws.

In fact, the lines 40/44 have the full name of the application so it's not possible to overwrite to another value (in order to target the multiplayer webservice). :-/

Kind regards,
David

[davidaparicio]

An example from an opensource helm chart:
https://github.com/codecentric/helm-charts/blob/master/charts/keycloak/values.yaml#L308

[davidaparicio]

I retried today without sucess..
I deployed the latest stable version (3.114.5-stable) with the ultimate version of the HELM Chart (retool-6.3.0).

[jjlgao]

Hi David,

Apologies for the late response here.

Could you clarify what error you're getting? I believe our chart does redirect /api/multiplayer/ to the service retool-multiplayer-ws, I take it Helm isn't letting this happen. Is there anything that's outputted when you're trying this that could help narrow down the cause?

[davidaparicio]

Hi @jjlgao,

Yes, I can share you the current overview on our retool namespace

❯ k get pods,deployments,services,ingress,secrets,configmaps -n retool
NAME                                          READY   STATUS    RESTARTS   AGE
pod/retool-9yy-8xx                            1/1     Running   0          150m
pod/retool-9yy-rxx                            1/1     Running   0          152m
pod/retool-code-executor-7d56-9bn4t           1/1     Running   0          152m
pod/retool-jobs-runner-9b9c-tcrn6             1/1     Running   0          152m
pod/retool-multiplayer-ws-6468-v78m9          1/1     Running   0          139m
pod/retool-workflow-backend-b9bc8-b7d57       1/1     Running   0          152m
pod/retool-workflow-worker-698b-hpvll         1/1     Running   0          152m

NAME                                      READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/retool                    2/2     2            2           261d
deployment.apps/retool-code-executor      1/1     1            1           261d
deployment.apps/retool-jobs-runner        1/1     1            1           261d
deployment.apps/retool-multiplayer-ws     1/1     1            1           139m
deployment.apps/retool-workflow-backend   1/1     1            1           261d
deployment.apps/retool-workflow-worker    1/1     1            1           261d

NAME                              TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)             AGE
service/retool                    ClusterIP   10.xx.xx.xx     <none>        3000/TCP            261d
service/retool-code-executor      ClusterIP   10.xx.xx.xx     <none>        80/TCP              261d
service/retool-multiplayer-ws     ClusterIP   10.xx.xx.xx     <none>        80/TCP              139m
service/retool-workflow-backend   ClusterIP   10.xx.xx.xx     <none>        80/TCP              261d
service/retool-workflow-worker    ClusterIP   10.xx.xx.xx     <none>        3005/TCP,9090/TCP   261d

NAME                               CLASS    HOSTS              ADDRESS         PORTS     AGE
ingress.networking.k8s.io/retool   <none>   retool.domain.com  1xx.1xx.1xx.xx   80, 443   261d

NAME                                   TYPE                 DATA   AGE
secret/letsencrypt-prod                Opaque               1      262d
secret/retool                          Opaque               5      262d
secret/retool-tls                      kubernetes.io/tls    2      134m
secret/retool.tls                      kubernetes.io/tls    2      262d
secret/sh.helm.release.v1.retool.v13   helm.sh/release.v1   1      122m
secret/sh.helm.release.v1.retool.v7    helm.sh/release.v1   1      84d

NAME                         DATA   AGE
configmap/kube-root-ca.crt   1      262d

❯ k describe ingress.networking.k8s.io/retool -n retool
Name:             retool
Labels:           app.kubernetes.io/managed-by=Helm
                  helm.sh/chart=retool-6.3.0
Namespace:        retool
Address:          1xx.1xx.1xx.xx
Ingress Class:    <none>
Default backend:  <default>
TLS:
  retool.tls terminates retool.domain.com
Rules:
  Host              Path  Backends
  ----              ----  --------
  retool.domain.com /   retool:3000 (1xx.1xx.1xx.xxx:3000,1xx.1xx.1xx.xxx:3000)

As you can see, there is only one rule..
If I added /api/multiplayer in the line#151, the redirection created was to the retool backend and not the multiplayer (I think, Ican't change it). I followed this values.yaml file.

I need something like this one

  - path: /api/multiplayer/
    pathType: Prefix
    backend:
      service:
        name: retool-multiplayer-ws
        port:
          number: 80

Did I make a mistake somewhere?
Because your Google Docs "Retool multiplayer for self-hosted (beta)" doesn't present the installation for Helm..
(only requirements>Web proxy)

Thank you very much in advance for your help!

Kind regards,
David

[jjlgao]

Thanks for the extra context. I apologize, I made a mistake looking through our chart, and you are correct that our helm chart does not currently set up this extra ingress rule or have a way to do so. I'm checking internally to get an answer for the best practice way to enable multiplayer; in the meantime, does multiplayer work at all if this endpoint is routed to the Retool backend instead?

[davidaparicio]

You're welcome! Yes, exactly, the current Helm chart doesn't handle it :)

Manually, I created this one:

❯ k describe ingress.networking.k8s.io/retool-multiplayer-ingress -n retool
Name:             retool-multiplayer-ingress
Labels:           <none>
Namespace:        retool
Address:          1xx.1xx.1xx.1xx
Ingress Class:    nginx
Default backend:  <default>
TLS:
  retool-tls terminates retool.domain.com
Rules:
  Host                      Path  Backends
  ----                      ----  --------
  retool.domain.com
                            /api/multiplayer/   retool-multiplayer-ws:80 (1xx.1xx.1xx.1xx:3001)
Annotations:                cert-manager.io/cluster-issuer: cluster-issuer
                            nginx.ingress.kubernetes.io/ingress.class: nginx
                            nginx.ingress.kubernetes.io/proxy-body-size: 8m
                            nginx.ingress.kubernetes.io/proxy-http-version: 1.1
                            nginx.ingress.kubernetes.io/proxy-request-buffering: off
                            nginx.ingress.kubernetes.io/proxy-set-headers: ingress-multiplayer-headers
                            nginx.ingress.kubernetes.io/rewrite-target: /
                            nginx.ingress.kubernetes.io/tls-acme: true

When I went to the endpoint /api/multiplayer with my browser, I got "Route not found for /" without the rewrite-target.
Now, with this annotation, I have

 curl https://retool.domain.com/api/multiplayer
{"success":false,"message":"Authentication failure. Missing access token","triggerOauth2SSOLoginAutomatically":false,"triggerSamlLoginAutomatically":false}

I asked my team to test the multiplayer again, but it still doesn't work.

[davidaparicio]

Hello @jjlgao, have some update regarding this issue ? (:

[jjlgao]

Hi David,

Apologies for the late update, it took some time to gather information internally. I confirmed that we don't have a way to route multiplayer requests in this helm chart, and in the past we've expected folks to set up the ingress themselves to do so, independently of our helm chart.

With that being said, we'll be making a change to make this possible this week or next week, to make it part of our helm chart so you can enable it without having to set up an independent ingress.

Thanks,
Jason

[jjlgao]

Hi David,

We're working on the change in PR #205. We actually don't have the greatest test coverage on the ingress component of our helm chart, so if you're able to help us test this by pulling the change and referencing the local helm chart, that would be much appreciated.

Separately, while making this change I discovered that we actually have an extraPaths section in the ingress that you may be able to use in place of the PR changes: https://github.com/tryretool/retool-helm/blob/main/charts/retool/values.yaml#L164

Regardless of whether this works for you, we'll likely move forward with the PR to make sure others in the future who want to enable multiplayer don't need to add custom ingress snippets to properly enable it.

You may be able to add a section like this in your ingress section of your values.yaml file:

    extraPaths:
      - path: /api/multiplayer
        backend:
          service:
            name: retool-multiplayer-ws
            port:
              name: http-server
        pathType: ImplementationSpecific

Apologies for the sparse responses here, it took me some time to gather this information. Could you check these options and let me know if either the PR changes or the extraPaths configuration will work for you?

Thank you!
Jason