Using kroki on K8S behind a nginx in https

gaelbro commented 2 years ago

Hi,

I'm deploying kroki as a chart in my K8S cluster using the chart provided by cowboysysop. My main purpose is to use it in gitlab.

I'm using an ingress rule to expose it in http and then use nginx to access it in https. When I deploy it responds with the error message you see in attachment.

I don't see any documentation regarding a specific configuration when using kroki behind a reverse https proxy.

Could you help me ?

kroki-error

ggrossetie commented 2 years ago

Hi,

I think the reason is that you are using a base path /kroki. The gateway server yuzutech/kroki does have a route on /kroki hence the 404.

You should use a subdomain for Kroki, for instance: https://aforge-dev-utest.k8s.kroki.aforge-ads.com/

Alternatively, we could introduce a new option to configure the "base path". In your case, you will need to add an extra environment variable to declare "/kroki" as the base path.

gaelbro commented 2 years ago

Hi,

Thank you for your reply. Unfortunately I can't use a subdomain in my environment... Is there any other solution for my use case to be implemented right now ? when do you think you can add the base path option ?

ggrossetie commented 2 years ago

I guess you could rewrite the URL to remove the base path using a proxy.

when do you think you can add the base path option ?

I don't know, the first step would be to create a feature request with a use case. Then, we can discuss how to implement it and then someone will eventually implement it 😉

arukiidou commented 2 years ago

nginx stripprefix examples

https://kubernetes.github.io/ingress-nginx/user-guide/ingress-path-matching/

nginx official docs: rewrite-target（pathprefix）

https://kubernetes.github.io/ingress-nginx/examples/rewrite/

ggrossetie commented 2 years ago

Neat, I didn't know it was possible using Ingress. 👍🏻

gaelbro commented 2 years ago

Hi, I used a regex within my ingress rules and it worked ! Thanks for your help !

ggrossetie commented 2 years ago

@gaelbro @arukiidou If one of you is willing to describe the steps or write some documentation, I will gladly add this information to https://docs.kroki.io/

gaelbro commented 2 years ago

here is what I have done : I use a chart so I put those vars in values.yaml like this:

ingress:
  annotations:
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$2
  host: example.com
  path: /gitlab-kroki

Then My ingress looks like this:

{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
apiVersion: networking.k8s.io/v1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
  name: {{ include "common.fullname" . }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
spec:
  rules:
    - host: {{ .Values.ingress.host }}
      http:
        paths:
          - path: {{ .Values.ingress.path }}(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: {{ include "common.fullname" . }}
                port:
                  number: {{ .Values.service.port }}

Tell me if this is clear.

ggrossetie commented 2 years ago

Thanks for sharing! I think it's clear. By any chance, do you have the effective YAML definition (i.e., once variables has been resolved)? I think it would be easier to understand if we provide a sample ingress definition with actual values.

arukiidou commented 2 years ago

init

helm create common

# remove templates without _helpers.tpl, ingress.yaml

./common/values.yaml

it's https://github.com/yuzutech/kroki/issues/1269#issuecomment-1137475646

ingress:
  annotations:
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$2
  host: example.com
  path: /gitlab-kroki

./common/templates/ingress.yaml

it's https://github.com/yuzutech/kroki/issues/1269#issuecomment-1137475646

{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
apiVersion: networking.k8s.io/v1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
  name: {{ include "common.fullname" . }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
spec:
  rules:
    - host: {{ .Values.ingress.host }}
      http:
        paths:
          - path: {{ .Values.ingress.path }}(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: {{ include "common.fullname" . }}
                port:
                  number: {{ .Values.service.port }}

result

helm template common ./common --set service.port=8000

# Source: common/templates/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: common
  labels:
    helm.sh/chart: common-0.1.0
    app.kubernetes.io/name: common
    app.kubernetes.io/instance: common
    app.kubernetes.io/version: "1.16.0"
    app.kubernetes.io/managed-by: Helm
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$2
    nginx.ingress.kubernetes.io/use-regex: "true"
spec:
  rules:
    - host: example.com
      http:
        paths:
          - path: /gitlab-kroki(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: common
                port:
                  number: 8000

ggrossetie commented 2 years ago

Perfect, thanks 👍🏻 I'm reopening to add this example in the documentation.

yuzutech / kroki