Closed Ansible-man closed 2 months ago
@Ansible-man thanks for sharing this use case. What you can do is define:
confluence:
additionalEnvironmentVariables:
- name: ATL_PROXY_NAME
value: confluence-prod.domain.com
This will work is confluence.tomcatConfig.generateByHelm
is set to false (i.e. server.xml is generated in the image entrypoint).
If confluence.tomcatConfig.generateByHelm
is set to true, you can just set:
confluence:
tomcatConfig:
proxyName: confluence-prod.domain.com
Thank you for the fast response
We have the following values set confluence: tomcatConfig: generateByHelm: true proxyName: "confluence-prod.domain.com"
We are observing that the config map generated by helm still sets the proxy name to the value of ingress.host. We also attempted deleting the configMap and when it gets regenerated the value of ingress.host is still the value for proxyName within the configMap
Oh, right, it's because:
proxyName="{{ .Values.ingress.host | default .Values.confluence.tomcatConfig.proxyName }}"
It should be vice versa, default is ingress host unless it's overridden in the config. I'll raise a PR to fix it.
Have you tried just setting environment variable and let image entrypoint generate it?
We have tried that method as well will no luck. The ENV vars seem to get overwritten
@Ansible-man you must be be doing it wrong. I have just tested it and it works for me:
helm install confluence ./ \
--set ingress.create=true \
--set ingress.host=hello.com \
--set confluence.additionalEnvironmentVariables[0].name=ATL_PROXY_NAME \
--set confluence.additionalEnvironmentVariables[0].value=no.com
And then check server.xml:
k exec -ti confluence-0 bash
root@confluence-0:/var/atlassian/application-data/confluence# cat /opt/atlassian/confluence/conf/server.xml | grep proxy
proxyName="no.com"
proxyPort="443"
<Context path="${confluence.context.path}/synchrony-proxy"
docBase="../synchrony-proxy"
root@confluence-0:/var/atlassian/application-data/confluence#
@bianchi2 I tried your example and it does not work for me with helm chart version 1.20.1.
I try to deploy Confluence datacenter with dedicated Synchrony URL and fail because both are using "ingress.host" to define their env vars.
So a mechanism to override ATL_PROXY_NAME for confluence tomcat would help me out.
My relevant values snippet:
confluence:
additionalEnvironmentVariables:
# this override does not work because env var is defined already before in
# https://github.com/atlassian/data-center-helm-charts/blob/main/src/main/charts/confluence/templates/statefulset.yaml#L200
- name: ATL_PROXY_NAME
value: ${var.fqdn}
additionalJvmArgs:
- '-synchrony.proxy.enabled=false'
- '-Dsynchrony.service.url=https://synchrony-${var.fqdn}/synchrony'
ingress:
# this is used by synchrony in SYNCHRONY_SERVICE_URL env var and can not be overwritten
# https://github.com/atlassian/data-center-helm-charts/blob/main/src/main/charts/confluence/templates/statefulset-synchrony.yaml#L100
host: synchrony-${var.fqdn}
https: true
@inka the snippet you shared should override both proxy name in server.xml
and synchrony url for you. Though your ingress.host does not look right. Do you expect Confluence to be available at https://synchrony-${var.fqdn}
? https://github.com/atlassian/data-center-helm-charts/blob/main/src/main/charts/confluence/templates/_helpers.tpl#L200 this is how Synchrony url is defined.
Is your use case the same - you need different ingress hostname and proxy name? Or do you just need synchrony to be available on a different url? Say, confluence is confluence.example.com
and synchrony is synchrony.example.com/synchrony
?
I have double checked additionalEnvironmentVariables override and it works as expected - proxyName is overridden.
If I run above config I get this in my container spec for confluence-0:
spec:
containers:
- env:
- name: ATL_PROXY_NAME
value: synchrony-confluence.my.url.com
and not like expected:
spec:
containers:
- env:
- name: ATL_PROXY_NAME
value: confluence.my.url.com
I wanted to have them on 2 different URLs because of the way how our ALBs routing to ISTIO ingress. But I can also try to write the Virtualservice in a different way and use the same FQDN. Would look like:
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: {{ .Values.app }}
namespace: {{ .Values.namespace }}
spec:
gateways:
- istio-system/global-gateway
hosts:
- {{ .Values.url }}
http:
- name: synchrony
match:
- uri:
prefix: "/synchrony"
route:
- destination:
host: confluence-synchrony.{{ .Values.namespace }}.svc.cluster.local
port:
number: 80
- name: confluence
route:
- destination:
host: confluence.{{ .Values.namespace }}.svc.cluster.local
port:
number: 80
Will test that and see how it goes. But this becomes off-topic. The general request of this suggestion I still support. It should be possible to override both URLs independent from each other.
and BTW regarding https://github.com/atlassian/data-center-helm-charts/blob/main/src/main/charts/confluence/templates/_helpers.tpl#L200 I got an error with JWT aud mismatch which went away via https://confluence.atlassian.com/confkb/synchrony-logs-show-invalid-aud-and-synchrony-is-not-connecting-to-confluence-937177818.html
@inka what you are saying is that when you set ATL_PROXY_NAME in additional env vars in Helm values to confluence.my.url.com it is still synchrony-confluence.my.url.com as set in ingress.host? Please note that ATL_PROXY_NAME in container env will be duplicated, so there will be 2 variables with the same name, and the value of the last one will apply. Make sure you actually check server.xml and the effective ATL_PROXY_NAME value in the running container.
@bianchi2 I checked again and you are right!
Indeed ATL_PROXY_NAME is set a second time in the env array with the correct value and appears from within the container as the correct overwritten value. So in my case it seems to be a different problem that the correct ENV var is not written into server.xml.
confluence@confluence-0:~$ env | grep -Ei '(ATL_PROXY_NAME|force)'
ATL_FORCE_CFG_UPDATE=true
ATL_PROXY_NAME=confluence.my.url.com
confluence@confluence-0:~$ cat /opt/atlassian/confluence/conf/server.xml | grep proxyName
proxyName="synchrony-confluence.my.url.com"
With some wipe and retry it works finally! Thanks for that ultra quick response and help today. Really awesome.
Suggestion
We are experiencing issues with both jira and confluence related to reverse proxies. We have our ingress.host set to confluence.doman.com and a proxy that forwards requests to confluence.domain.com from confluence-prod.domain.com which is also the base URL of confluence. This causes errors when logging into confluence because the proxyurl is set to the value of ingress.host despite us setting tomcatconfig.proxyName per https://confluence.atlassian.com/jirakb/base-url-warnings-on-manage-apps-page-in-jira-1381400679.html. We have also tried overriding the ENV vars with no luck. This has been the case with helm serverxml enabled and disabled.
Product
Jira, Confluence
Code of Conduct