diff --git a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/nginx-cors-public/config.xml b/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/nginx-cors-public/config.xml deleted file mode 100644 index fa3e603cd7..0000000000 --- a/deploy/jenkins/jobs/Deploy/jobs/dev/jobs/Kubernetes/jobs/nginx-cors-public/config.xml +++ /dev/null @@ -1,149 +0,0 @@ - - - - - hudson.model.ParametersDefinitionProperty - com.sonyericsson.rebuild.RebuildSettings - - - - - false - - - - -1 - 10 - -1 - 2 - - - - - false - false - - - - - absolute_job_path - <font color=dimgray size=2><b>Do not change this value! The metadata.json will be copied from this job.</b></font> - ArtifactUpload/dev/Core/Proxy - false - - - image_tag - <font color=red size=2><b>CAUTION: If the value is blank, image tag will be taken from the latest metadata.json.</b></font> - - false - - - private_branch - - choice-parameter-2544395024638227 - 1 - - true - - - - true - - - nginx-cors-public - Deploy/dev/Kubernetes/nginx-cors-public - - - ET_FORMATTED_HTML - true - - - branch_or_tag - - choice-parameter-2620434998790477 - 1 - - true - - - - true - - - nginx-cors-public - Deploy/dev/Kubernetes/nginx-cors-public - - - ET_FORMATTED_HTML - true - - - role_name - - - - helm-deploy - sunbird-deploy - - - - - - - 0 - 0 - - false - project - false - - - - - - - - - - 2 - - - https://github.com/project-sunbird/sunbird-devops.git - - - - - ${branch_or_tag} - - - false - - - - true - false - - 0 - false - - - - kubernetes/pipelines/deploy_core/Jenkinsfile - false - - - false - \ No newline at end of file diff --git a/kubernetes/helm_charts/core/nginx-cors-public/.helmignore b/kubernetes/helm_charts/core/nginx-cors-public/.helmignore deleted file mode 100644 index 50af031725..0000000000 --- a/kubernetes/helm_charts/core/nginx-cors-public/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/kubernetes/helm_charts/core/nginx-cors-public/Chart.yaml b/kubernetes/helm_charts/core/nginx-cors-public/Chart.yaml deleted file mode 100644 index 429f940d82..0000000000 --- a/kubernetes/helm_charts/core/nginx-cors-public/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: nginx-cors-public -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. -appVersion: 1.16.0 diff --git a/kubernetes/helm_charts/core/nginx-cors-public/templates/_helpers.tpl b/kubernetes/helm_charts/core/nginx-cors-public/templates/_helpers.tpl deleted file mode 100644 index 0af5bc238a..0000000000 --- a/kubernetes/helm_charts/core/nginx-cors-public/templates/_helpers.tpl +++ /dev/null @@ -1,63 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "nginx-public-ingress.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "nginx-public-ingress.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nginx-public-ingress.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "nginx-public-ingress.labels" -}} -helm.sh/chart: {{ include "nginx-public-ingress.chart" . }} -{{ include "nginx-public-ingress.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Selector labels -*/}} -{{- define "nginx-public-ingress.selectorLabels" -}} -app.kubernetes.io/name: {{ include "nginx-public-ingress.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "nginx-public-ingress.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "nginx-public-ingress.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/kubernetes/helm_charts/core/nginx-cors-public/templates/configMap.yaml b/kubernetes/helm_charts/core/nginx-cors-public/templates/configMap.yaml deleted file mode 100644 index ba70de2a1c..0000000000 --- a/kubernetes/helm_charts/core/nginx-cors-public/templates/configMap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: proxy-cors-default - namespace: {{ .Values.namespace }} -data: - proxy-default.conf: | -{{ .Values.proxyconfig | indent 4 }} - compression.conf: | -{{ .Values.compressionConfig | indent 4 }} - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-cors-conf - namespace: {{ .Values.namespace }} -data: - nginx.conf: | -{{ .Values.nginxconfig | indent 4 }} diff --git a/kubernetes/helm_charts/core/nginx-cors-public/templates/deployment.yaml b/kubernetes/helm_charts/core/nginx-cors-public/templates/deployment.yaml deleted file mode 100644 index 28a558bb17..0000000000 --- a/kubernetes/helm_charts/core/nginx-cors-public/templates/deployment.yaml +++ /dev/null @@ -1,81 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx-cors-public - namespace: {{ .Values.namespace }} - annotations: - reloader.stakater.com/auto: "true" -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: nginx-cors-public - template: - metadata: - annotations: - nginxRolloutID: {{ randAlphaNum 5 | quote }} # Restart nginx after every deployment - fluentbit.io/parser: nginx2 - labels: - app: nginx-cors-public - spec: - # Running nginx with custom config -{{- if .Values.imagepullsecrets }} - imagePullSecrets: - - name: {{ .Values.imagepullsecrets }} -{{- end }} - volumes: - - name: tls - secret: - secretName: ingress-cert - - name: proxy-config - configMap: - name: proxy-cors-default - - name: nginx-config - configMap: - name: nginx-cors-conf -{{- if .Values.volumes }} -{{ toYaml .Values.volumes | indent 8 }} -{{- end }} - containers: - - name: nginx-public - image: "{{ .Values.dockerhub }}/{{ .Values.repository }}:{{ .Values.image_tag }}" - resources: -{{ toYaml .Values.resources | indent 10 }} - volumeMounts: - - name: tls - mountPath: /etc/secrets - readOnly: true - - name: proxy-config - mountPath: /etc/nginx/defaults.d - - name: nginx-config - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf -{{- if .Values.volumeMounts }} -{{ toYaml .Values.volumeMounts | indent 10 }} -{{- end }} - ports: - - containerPort: 80 - name: http - - containerPort: 443 - name: https ---- -apiVersion: v1 -kind: Service -metadata: - name: nginx-cors-public - namespace: {{ .Values.namespace }} -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} -spec: - externalTrafficPolicy: Local - selector: - app: nginx-cors-public - type: {{ .Values.service.type }} -{{- if and .Values.service.nginx_cors_public_ip (ne .Values.service.type "NodePort") }} - loadBalancerIP: {{ .Values.service.nginx_cors_public_ip }} -{{- end }} - ports: -{{ toYaml .Values.service.ports | indent 4 }} diff --git a/kubernetes/helm_charts/core/nginx-cors-public/values.j2 b/kubernetes/helm_charts/core/nginx-cors-public/values.j2 deleted file mode 100644 index 3168f506b4..0000000000 --- a/kubernetes/helm_charts/core/nginx-cors-public/values.j2 +++ /dev/null @@ -1,207 +0,0 @@ -#jinja2:lstrip_blocks: True - -namespace: {{ namespace }} -merge_domain_status: {{ merge_domain_status | lower }} -service: - annotations: {{nginx_public_ingress_service_annotations | d('') | to_json}} - type: {{ nginx_public_ingress_type | default('LoadBalancer') }} - {% if nginx_cors_public_ip is defined %} - nginx_cors_public_ip: {{ nginx_cors_public_ip }} - {% endif %} - ports: - - port: 80 - name: http - targetPort: 80 - nodePort: 31382 - - port: 443 - name: https - targetPort: 443 - nodePort: 31392 - -{% if nginx_volumes is defined and nginx_volumes %} -volumes: {{ nginx_volumes.volumes | to_json }} -volumeMounts: {{ nginx_volumes.volumeMounts | to_json }} -{% endif %} - -imagepullsecrets: {{ imagepullsecrets }} -dockerhub: {{ dockerhub }} - -resources: - requests: - cpu: {{proxy_cpu_req|default('100m')}} - memory: {{proxy_mem_req|default('100Mi')}} - limits: - cpu: {{proxy_cpu_limit|default('1')}} - memory: {{proxy_mem_limit|default('1024Mi')}} - -repository: {{proxy_repository|default('proxy')}} -image_tag: {{ image_tag }} -replicaCount: {{nginx_cors_public_replicacount|default(1)}} - -proxyconfig: |- - {% if proto=='https' %} - server { - if ($host = files.{{domain_name}}) { - return 301 https://$host$request_uri; - } - listen 80 ; - listen [::]:80 ; - server_name files.{{domain_name}}; - return 404; - } - {% endif %} - server { - {% if proto=='http' %} - listen 80; - listen [::]:80; - {% else %} - listen [::]:443 ssl ipv6only=on; - listen 443 ssl; - ssl_certificate /etc/secrets/site.crt; - ssl_certificate_key /etc/secrets/site.key; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; - {% endif %} - server_name files.{{domain_name}}; - client_max_body_size 0; - root /var/www/html; - resolver {{ kube_dns_ip }} valid=30s; - - location / { - # handle cors and allow all - if ($request_method = OPTIONS ) { - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST, PUT, HEAD"; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Accept, Accept-Encoding, Accept-Language, Access-Control-Request-Headers, Access-Control-Request-Method, Cache-Control, DNT, User-Agent, X-Amz-Algorithm, X-Amz-Credential, X-Amz-Date, Amz-Expires, X-Amz-SignedHeaders, X-Amz-Signature, x-ms-blob-type"; - add_header Access-Control-Allow-Credentials "true"; - add_header Content-Length 0; - add_header Content-Type text/plain; - return 204; - } - - proxy_set_header Host "{{ cloud_storage_url | replace('https://', '') }}"; - # remove any CORS header from backend OSS S3 - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Methods; - proxy_hide_header Access-Control-Allow-Headers; - proxy_hide_header Access-Control-Allow-Credentials; - - # inject our own CORS header to allow what we wanted - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Expose-Headers 'Content-Length,Content-Range,Connection,opc-client-info,opc-request-id' always; - add_header Access-Control-Allow-Origin * always; - add_header Access-Control-Allow-Methods "GET,OPTIONS,PATCH,POST,PUT,HEAD" always; - add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Accept,Accept-Encoding,Accept-Language, Access-Control-Request-Headers, Access-Control-Request-Method,Cache-Control,DNT,Host,Origin,Pragma,Referer,User-Agent, X-Amz-Algorithm, X-Amz-Credential, X-Amz-Date, Amz-Expires, X-Amz-SignedHeaders, X-Amz-Signature, x-ms-blob-type" always; - # - add_header Referer ""; - proxy_pass {{cloud_storage_url}}; - - # if get request, trim the query string - if ($request_method = GET ) { - proxy_pass {{cloud_storage_url}}$uri; - } - - - } - } - -nginxconfig: | - user nginx; - worker_processes {{nginx_worker_processes | d("auto")}}; - error_log /var/log/nginx/error.log warn; - pid /var/run/nginx.pid; - events { - worker_connections 10000; - } - http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - resolver {{ kube_dns_ip }} valid=30s; - lua_load_resty_core off; - log_format main '{{ nginx_client_public_ip_header | d('$remote_addr') }} - $remote_user [$time_local] ' - '"$request" $status $request_length $body_bytes_sent' - ' $request_time $upstream_response_time $pipe' - ' "$http_referer" "$http_user_agent" "$sb_request_id"' - ' "$http_x_device_id" "$http_x_channel_id" "$http_x_app_id"' - ' "$http_x_app_ver" "$http_x_session_id" {{nginx_additional_log_fields | default("")}}'; - access_log /var/log/nginx/access.log main; - # Shared dictionary to store metrics - lua_shared_dict prometheus_metrics 100M; - lua_package_path "/etc/nginx/lua_modules/?.lua"; - # Defining request_id - # If the client send request_id it should be preffered over the default one - map $http_x_request_id $sb_request_id { - default $http_x_request_id; - '' $request_id; - } - # Defining upstream cache status for nginx metrics - map $upstream_cache_status $cache_status { - default $upstream_cache_status; - '' "NONE"; - } - map $http_accept $dial_upstream_host { - default player; - application/ld+json kong; - } - # Defining metrics - init_worker_by_lua_block { - prometheus = require("prometheus").init("prometheus_metrics") - metric_requests = prometheus:counter( - "nginx_http_requests_total", "Number of HTTP requests", {"host", "status", "request_method", "cache_status"}) - metric_latency = prometheus:histogram( - "nginx_http_request_duration_seconds", "HTTP request latency", {"host"}) - metric_connections = prometheus:gauge( - "nginx_http_connections", "Number of HTTP connections", {"state"}) - } - log_by_lua_block { - metric_requests:inc(1, {ngx.var.server_name, ngx.var.status, ngx.var.request_method, ngx.var.cache_status }) - metric_latency:observe(tonumber(ngx.var.request_time), {ngx.var.server_name}) - } - header_filter_by_lua_block { - ngx.header["server"] = nil - } - sendfile on; - #tcp_nopush on; - client_max_body_size 60M; - keepalive_timeout 65s; - keepalive_requests 200; - # Nginx connection limit per ip - limit_conn_zone $binary_remote_addr zone=limitbyaddr:10m; - limit_conn_status 429; - include /etc/nginx/defaults.d/*.conf; - include /etc/nginx/conf.d/*.conf; - - } - - -compressionConfig: |- - # Compression - gzip on; - gzip_comp_level 5; - gzip_min_length 256; # 256Bytes - gzip_proxied any; - gzip_vary on; - # Content types for compression - gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - ; - -