From 7dda229ae6e519141a943240413d4e3507d86a8a Mon Sep 17 00:00:00 2001
From: Jason Plum <jplum@gitlab.com>
Date: Tue, 24 Oct 2023 15:27:54 -0400
Subject: [PATCH] Webservice: add assets ingress shim functionality (nginx
 only)

Add `gitlab.webservice.DEPLOYMENT.ingress.assetsShim` to allow a defined
(must be defined!) `deployment` object to have the Ingress path of `/assets`
automatically spread across all functional pods of the backing Service object.

This is relies strictly on  NGINX, so it is gated on `ingress.provider`
of `nginx`.

This:
- disables `service-upstream` to individually address Pods
- configures lower proxyBodySize (1m)
- use `proxy-next-upstream` settings to try 10 different Pods before
  giving up

```yaml
gitlab:
  webservice:
    deployment:
      default:
        ingress:
          path: /
          assetsShim: true
```

Changelog: added
---
 .../gitlab/charts/webservice/templates/ingress.yaml   | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/charts/gitlab/charts/webservice/templates/ingress.yaml b/charts/gitlab/charts/webservice/templates/ingress.yaml
index 30cb522855..eb0c9760ef 100644
--- a/charts/gitlab/charts/webservice/templates/ingress.yaml
+++ b/charts/gitlab/charts/webservice/templates/ingress.yaml
@@ -13,6 +13,17 @@ From here on:
 {{-       $tlsSecret := include "webservice.tlsSecret" (dict "root" $ "local" $.Values.ingress) -}}
 {{-       $ingressCfg := dict "global" $global.ingress "context" $ "local" .ingress -}}
 {{-       include "webservice.ingress.template" (dict "root" $ "deployment" . "ingressCfg" $ingressCfg "host" $hostname "name" $ingressName "tlsSecret" $tlsSecret) }}
+{{-       if and .ingress.assetsShim (eq "nginx" (include  "gitlab.ingress.provider" $ingressCfg)) }}
+{{-         $ingressName = printf "%s-assets" $ingressName -}}
+{{-         $assetsIngressCfg := deepCopy $ingressCfg -}}
+{{-         $_ := set $assetsIngressCfg.local "path" "/assets" -}}
+{{-         $_ := set $assetsIngressCfg.local.annotations "nginx.ingress.kubernetes.io/service-upstream" "false" -}}
+{{-         $_ := set $assetsIngressCfg.local.annotations "nginx.ingress.kubernetes.io/proxy-next-upstream" "error timeout http_500 http_502 http_503 http_404" -}}
+{{-         $_ := set $assetsIngressCfg.local.annotations "nginx.ingress.kubernetes.io/proxy-next-upstream-timeout" "0" -}}
+{{-         $_ := set $assetsIngressCfg.local.annotations "nginx.ingress.kubernetes.io/proxy-next-upstream-tries" "10" -}}
+{{-         $_ := set $assetsIngressCfg.local "proxyBodySize" "1m" -}}
+{{-         include "webservice.ingress.template" (dict "root" $ "deployment" . "ingressCfg" $assetsIngressCfg "host" $hostname "name" $ingressName "tlsSecret" $tlsSecret) }}
+{{-       end }}
 {{-       if $.Values.extraIngress.enabled }}
 {{-         $hostname = $.Values.extraIngress.hostname | default $hostname -}}
 {{-         $_ := set $ingressCfg "local" .extraIngress -}}
-- 
GitLab