Generate favicon Route if a custom logo is configured

When the OCP console is customized, the default favicon is not served, which is an intentional design decision, as documented in https://bugzilla.redhat.com/show_bug.cgi?id=1844883#c1. However, that bugzilla provides a workaround to restore the default favicon when the console is customized, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1844883#c3. We implement this workaround in this commit if the console logo is customized, and a custom hostname is configured, as we otherwise can't configure `spec.hostname` for the additional route. Ideally, we'd like to allow users to configure a custom favicon if they're customizing the logo, but that's currently not possible. Fixes #27
appuio · Jun 10, 2022 · a995157 · a995157
1 parent b0e29d3
commit a995157
Show file tree

Hide file tree

Showing 5 changed files with 140 additions and 0 deletions.
diff --git a/component/main.jsonnet b/component/main.jsonnet
@@ -100,6 +100,38 @@ local consoleSpec =
       {}
   );
 
+local faviconRoute =
+  if logoFileName != '' && hostname != null then
+    kube._Object('route.openshift.io/v1', 'Route', 'console-favicon') {
+      metadata+: {
+        namespace: 'openshift-console',
+        labels+: {
+          app: 'console',
+        },
+        annotations+: {
+          'haproxy.router.openshift.io/rewrite-target':
+            '/static/assets/openshift-favicon.png',
+        },
+      },
+      spec: {
+        host: hostname,
+        path: '/favicon.ico',
+        to: {
+          kind: 'Service',
+          name: 'console',
+          weight: 100,
+        },
+        port: {
+          targetPort: 'https',
+        },
+        tls: {
+          termination: 'reencrypt',
+          insecureEdgeTerminationPolicy: 'Redirect',
+        },
+        wildcardPolicy: 'None',
+      },
+    };
+
 // Create ResourceLocker patch to configure console route in
 // ingress.config.openshift.io/cluster object
 local consoleRoutePatch =
@@ -224,6 +256,8 @@ local openshiftConfigNsAnnotationPatch =
   '10_console': kube._Object(versionGroup, 'Console', 'cluster') {
     spec+: consoleSpec,
   },
+  [if faviconRoute != null then '10_console_favicon_route']:
+    faviconRoute,
   [if !oldConfig && consoleRoutePatch != null then '20_ingress_config_patch']:
     consoleRoutePatch,
   [if openshiftConfigNsAnnotationPatch != null then '20_openshift_config_ns_annotation_patch']:

diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc
@@ -114,6 +114,13 @@ The filename needs to have a filename extension which matches the image format.
 For SVG logos the file must *not* be base64 encoded, but inserted directly as a string.
 ====
 
+By default, OCP will not serve a favicon if a custom logo is configured for the console.
+This is an intentional design decision as documented in this https://bugzilla.redhat.com/show_bug.cgi?id=1844883#c1[bug report].
+
+The component tries to ensure that a favicon is served even if a custom logo is configured.
+However, because the current workaround for the missing favicon requires an additional custom route for the console hostname, it can only be implemented for configurations which use a custom console hostname.
+Otherwise, the component is unable to correctly configure `spec.hostname` for the console.
+
 == `secrets`
 
 [horizontal]

diff --git a/tests/custom-logo.yml b/tests/custom-logo.yml
@@ -1,6 +1,19 @@
 parameters:
+  kapitan:
+    dependencies:
+      - type: https
+        source: https://raw.githubusercontent.com/projectsyn/component-resource-locker/v2.1.0/lib/resource-locker.libjsonnet
+        output_path: vendor/lib/resource-locker.libjsonnet
+
+  resource_locker:
+    namespace: syn-resource-locker
+
   openshift4_console:
     config:
+      route:
+        hostname: console.company.cloud
+        secret:
+          name: console-company-cloud-tls
       customization:
         customProductName: Company Cloud
     custom_logo:

diff --git a/tests/golden/custom-logo/openshift4-console/openshift4-console/10_console_favicon_route.yaml b/tests/golden/custom-logo/openshift4-console/openshift4-console/10_console_favicon_route.yaml
@@ -0,0 +1,23 @@
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  annotations:
+    haproxy.router.openshift.io/rewrite-target: /static/assets/openshift-favicon.png
+  labels:
+    app: console
+    name: console-favicon
+  name: console-favicon
+  namespace: openshift-console
+spec:
+  host: console.company.cloud
+  path: /favicon.ico
+  port:
+    targetPort: https
+  tls:
+    insecureEdgeTerminationPolicy: Redirect
+    termination: reencrypt
+  to:
+    kind: Service
+    name: console
+    weight: 100
+  wildcardPolicy: None
diff --git a/tests/golden/custom-logo/openshift4-console/openshift4-console/20_ingress_config_patch.yaml b/tests/golden/custom-logo/openshift4-console/openshift4-console/20_ingress_config_patch.yaml
@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    name: cluster-manager
+  name: cluster-manager
+  namespace: syn-resource-locker
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    name: syn-resource-locker-cluster-manager
+  name: syn-resource-locker-cluster-manager
+rules:
+  - apiGroups:
+      - config.openshift.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - patch
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    name: syn-resource-locker-cluster-manager
+  name: syn-resource-locker-cluster-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: syn-resource-locker-cluster-manager
+subjects:
+  - kind: ServiceAccount
+    name: cluster-manager
+    namespace: syn-resource-locker
+---
+apiVersion: redhatcop.redhat.io/v1alpha1
+kind: ResourceLocker
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: '10'
+  labels:
+    name: cluster
+  name: cluster
+  namespace: syn-resource-locker
+spec:
+  patches:
+    - id: patch1
+      patchTemplate: "\"spec\":\n  \"componentRoutes\":\n  - \"hostname\": \"console.company.cloud\"\
+        \n    \"name\": \"console\"\n    \"namespace\": \"openshift-console\"\n  \
+        \  \"servingCertKeyPairSecret\":\n      \"name\": \"console-company-cloud-tls\""
+      patchType: application/merge-patch+json
+      targetObjectRef:
+        apiVersion: config.openshift.io/v1
+        kind: Ingress
+        name: cluster
+  serviceAccountRef:
+    name: cluster-manager