enhance nginx auth sidecar config #502
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pgvishnuram
commented
May 24, 2024
pgvishnuram
commented
May 24, 2024
rishkarajgi
approved these changes
May 24, 2024
danielhoherd
requested changes
May 24, 2024
| assert authSidecarServicePorts in docs[1]["spec"]["ports"] | ||
|
|
||
| nginx_conf = pathlib.Path( | ||
| "tests/chart/test_data/dag-server-authsidecar-nginx.conf" |
There was a problem hiding this comment.
If we're going to start doing this kind of thing, we'll need to come up with a way to organize these files better by naming them after the function that uses them, or by their content hash. We don't need to solve this now if we don't want to, but if we don't solve it now we'll have to solve it as soon as we start adding more files.
| location = /auth { | ||
| {{ include "default_nginx_settings" . | indent 8 }} |
There was a problem hiding this comment.
Since this isn't nindent of a data structure, should we just indent it so it aligns with the code, rather than calling | indent 8 ?
Suggested change
| {{ include "default_nginx_settings" . | indent 8 }} | |
| {{ include "default_nginx_server_settings" . }} |
danielhoherd
approved these changes
May 24, 2024
Co-authored-by: Daniel Hoherd <danielh@astronomer.io>
Co-authored-by: Daniel Hoherd <danielh@astronomer.io>
Co-authored-by: Daniel Hoherd <danielh@astronomer.io>
|
tests failing |
pgvishnuram
added a commit
that referenced
this pull request
May 26, 2024
* enhance nginx auth sidecar config * only connect ipv4 * update static test cases for nginx * Update templates/webserver/webserver-auth-sidecar-configmap.yaml Co-authored-by: Daniel Hoherd <danielh@astronomer.io> * Update templates/flower/flower-auth-sidecar-configmap.yaml Co-authored-by: Daniel Hoherd <danielh@astronomer.io> * Update templates/dag-deploy/dag-server-auth-sidecar-configmap.yaml Co-authored-by: Daniel Hoherd <danielh@astronomer.io> * update nginx template --------- Co-authored-by: Daniel Hoherd <danielh@astronomer.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR enhances existing authsidecar config and fixes code duplication.
change 1: client_max_body_size initially nested inside auth block its now moved to server block to get applied for all location
change 2: server_tokens is added every where in auth-sidecar nginx block now its moved to common location and called every to reduce code duplication
change 3: localhost in upstream block connects ipv6 by default and falls back to ipv4 this was causing error in first try and fallbacks to ipv4 and call passed sucessfully - we have changed to 127.0.0.1 to connect ipv4 by default
Related Issues
https://github.com/astronomer/issues/issues/6141
Testing
QA should validate webserver, flower and dag-server to see services comes up without any issues.
This also now enhances our upload limit for all auth proxy components
Merging
cherry-pick to release-1.10, master and 1.11