diff --git a/deploy/manifests/balancer/base/balancer.env b/deploy/manifests/balancer/base/balancer.env new file mode 100644 index 00000000..e69de29b diff --git a/deploy/manifests/balancer/base/deployment.yaml b/deploy/manifests/balancer/base/deployment.yaml index c50012c2..10bcfc93 100644 --- a/deploy/manifests/balancer/base/deployment.yaml +++ b/deploy/manifests/balancer/base/deployment.yaml @@ -21,6 +21,8 @@ spec: envFrom: - secretRef: name: balancer-config + - configMapRef: + name: balancer-config ports: - containerPort: 8000 readinessProbe: diff --git a/deploy/manifests/balancer/base/gateway-listeners.yaml b/deploy/manifests/balancer/base/gateway-listeners.yaml new file mode 100644 index 00000000..1572a1dd --- /dev/null +++ b/deploy/manifests/balancer/base/gateway-listeners.yaml @@ -0,0 +1,26 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: ListenerSet +metadata: + name: balancer-listeners + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod +spec: + parentRef: + name: main-gateway + namespace: envoy-gateway-system + group: gateway.networking.k8s.io + kind: Gateway + listeners: + - name: http + protocol: HTTP + port: 80 + hostname: HOSTNAME_PLACEHOLDER + - name: https + protocol: HTTPS + port: 443 + hostname: HOSTNAME_PLACEHOLDER + tls: + mode: Terminate + certificateRefs: + - name: balancer-tls + kind: Secret diff --git a/deploy/manifests/balancer/base/httproute.yaml b/deploy/manifests/balancer/base/httproute.yaml new file mode 100644 index 00000000..c8fef0fe --- /dev/null +++ b/deploy/manifests/balancer/base/httproute.yaml @@ -0,0 +1,39 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: balancer-redirect +spec: + parentRefs: + - name: balancer-listeners + kind: ListenerSet + group: gateway.networking.k8s.io + sectionName: http + hostnames: + - HOSTNAME_PLACEHOLDER + rules: + - filters: + - type: RequestRedirect + requestRedirect: + scheme: https + statusCode: 301 +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: balancer +spec: + parentRefs: + - name: balancer-listeners + kind: ListenerSet + group: gateway.networking.k8s.io + sectionName: https + hostnames: + - HOSTNAME_PLACEHOLDER + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: balancer + port: 80 diff --git a/deploy/manifests/balancer/base/ingress.yaml b/deploy/manifests/balancer/base/ingress.yaml deleted file mode 100644 index fc98305b..00000000 --- a/deploy/manifests/balancer/base/ingress.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: balancer - annotations: {} -spec: - ingressClassName: nginx - tls: - - hosts: - - HOSTNAME_PLACEHOLDER - secretName: balancer-tls - rules: - - host: HOSTNAME_PLACEHOLDER - http: - paths: - # All traffic routes to balancer service (which serves both API and frontend) - - path: / - pathType: Prefix - backend: - service: - name: balancer - port: - number: 8000 diff --git a/deploy/manifests/balancer/base/kustomization.yaml b/deploy/manifests/balancer/base/kustomization.yaml index c7d2dcd1..f6ed71b4 100644 --- a/deploy/manifests/balancer/base/kustomization.yaml +++ b/deploy/manifests/balancer/base/kustomization.yaml @@ -5,4 +5,10 @@ resources: - namespace.yaml - deployment.yaml - service.yaml - - ingress.yaml + - gateway-listeners.yaml + - httproute.yaml + +configMapGenerator: + - name: balancer-config + envs: + - balancer.env diff --git a/deploy/manifests/balancer/base/service.yaml b/deploy/manifests/balancer/base/service.yaml index 8f294d53..2c839248 100644 --- a/deploy/manifests/balancer/base/service.yaml +++ b/deploy/manifests/balancer/base/service.yaml @@ -7,7 +7,7 @@ metadata: spec: ports: - name: http - port: 8000 + port: 80 targetPort: 8000 selector: app: balancer diff --git a/deploy/manifests/balancer/overlays/dev/kustomization.yaml b/deploy/manifests/balancer/overlays/dev/kustomization.yaml deleted file mode 100644 index d3975eb2..00000000 --- a/deploy/manifests/balancer/overlays/dev/kustomization.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -namespace: balancer - -resources: - - ../../base - -images: - - name: ghcr.io/codeforphilly/balancer-main/app - newTag: latest - -patches: - - target: - kind: Ingress - name: balancer - patch: |- - - op: add - path: /metadata/annotations/cert-manager.io~1cluster-issuer - value: letsencrypt-staging - - op: replace - path: /spec/tls/0/hosts/0 - value: localhost - - op: replace - path: /spec/rules/0/host - value: localhost diff --git a/deploy/manifests/balancer/overlays/production/balancer.env b/deploy/manifests/balancer/overlays/production/balancer.env new file mode 100644 index 00000000..1fa5802e --- /dev/null +++ b/deploy/manifests/balancer/overlays/production/balancer.env @@ -0,0 +1 @@ +CORS_ALLOWED_ORIGINS=https://balancerproject.org diff --git a/deploy/manifests/balancer/overlays/production/kustomization.yaml b/deploy/manifests/balancer/overlays/production/kustomization.yaml new file mode 100644 index 00000000..0bb0bfd3 --- /dev/null +++ b/deploy/manifests/balancer/overlays/production/kustomization.yaml @@ -0,0 +1,43 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: balancer + +resources: + - ../../base + +images: + - name: ghcr.io/codeforphilly/balancer-main/app + newTag: latest + +configMapGenerator: + - name: balancer-config + behavior: merge + envs: + - balancer.env + +patches: + - target: + kind: ListenerSet + name: balancer-listeners + patch: |- + - op: replace + path: /spec/listeners/0/hostname + value: balancerproject.org + - op: replace + path: /spec/listeners/1/hostname + value: balancerproject.org + - target: + kind: HTTPRoute + name: balancer + patch: |- + - op: add + path: /spec/hostnames + value: ["balancerproject.org"] + - target: + kind: HTTPRoute + name: balancer-redirect + patch: |- + - op: add + path: /spec/hostnames + value: ["balancerproject.org"] diff --git a/deploy/manifests/balancer/overlays/sandbox/balancer.env b/deploy/manifests/balancer/overlays/sandbox/balancer.env new file mode 100644 index 00000000..55d82ecc --- /dev/null +++ b/deploy/manifests/balancer/overlays/sandbox/balancer.env @@ -0,0 +1 @@ +CORS_ALLOWED_ORIGINS=https://sandbox.balancerproject.org diff --git a/deploy/manifests/balancer/overlays/sandbox/cnpg/database.yaml b/deploy/manifests/balancer/overlays/sandbox/cnpg/database.yaml new file mode 100644 index 00000000..4676c6b8 --- /dev/null +++ b/deploy/manifests/balancer/overlays/sandbox/cnpg/database.yaml @@ -0,0 +1,10 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Database +metadata: + name: balancer + namespace: cloudnative-pg +spec: + name: balancer + owner: balancer + cluster: + name: shared-cluster diff --git a/deploy/manifests/balancer/overlays/sandbox/cnpg/kustomization.yaml b/deploy/manifests/balancer/overlays/sandbox/cnpg/kustomization.yaml new file mode 100644 index 00000000..f971acab --- /dev/null +++ b/deploy/manifests/balancer/overlays/sandbox/cnpg/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - database.yaml diff --git a/deploy/manifests/balancer/overlays/sandbox/configmap.yaml b/deploy/manifests/balancer/overlays/sandbox/configmap.yaml new file mode 100644 index 00000000..8ba92568 --- /dev/null +++ b/deploy/manifests/balancer/overlays/sandbox/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: balancer-db-config +data: + SQL_HOST: shared-cluster-rw.cloudnative-pg.svc.cluster.local + SQL_PORT: "5432" + SQL_DATABASE: balancer + SQL_USER: balancer + SQL_ENGINE: django.db.backends.postgresql diff --git a/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml b/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml new file mode 100644 index 00000000..e2086d37 --- /dev/null +++ b/deploy/manifests/balancer/overlays/sandbox/kustomization.yaml @@ -0,0 +1,61 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: balancer + +resources: + - ../../base + - configmap.yaml + +images: + - name: ghcr.io/codeforphilly/balancer-main/app + newTag: latest + +configMapGenerator: + - name: balancer-config + behavior: merge + envs: + - balancer.env + +patches: + - target: + kind: ListenerSet + name: balancer-listeners + patch: |- + - op: replace + path: /spec/listeners/0/hostname + value: sandbox.balancerproject.org + - op: replace + path: /spec/listeners/1/hostname + value: sandbox.balancerproject.org + - target: + kind: HTTPRoute + name: balancer + patch: |- + - op: add + path: /spec/hostnames + value: ["sandbox.balancerproject.org"] + - target: + kind: HTTPRoute + name: balancer-redirect + patch: |- + - op: add + path: /spec/hostnames + value: ["sandbox.balancerproject.org"] + - target: + kind: Deployment + name: balancer + patch: |- + - op: add + path: /spec/template/spec/containers/0/envFrom/- + value: + configMapRef: + name: balancer-db-config + - op: add + path: /spec/template/spec/containers/0/env + value: + - name: SQL_PASSWORD + valueFrom: + secretKeyRef: + name: balancer-db-credentials + key: password diff --git a/server/balancer_backend/settings.py b/server/balancer_backend/settings.py index a4ccaaae..c1424fc7 100644 --- a/server/balancer_backend/settings.py +++ b/server/balancer_backend/settings.py @@ -67,7 +67,10 @@ ROOT_URLCONF = "balancer_backend.urls" -CORS_ALLOW_ALL_ORIGINS = True +# CORS configuration +CORS_ALLOWED_ORIGINS = os.environ.get("CORS_ALLOWED_ORIGINS", "http://localhost:3000").split(",") +# Ensure no empty strings if input was empty or trailing comma +CORS_ALLOWED_ORIGINS = [origin.strip() for origin in CORS_ALLOWED_ORIGINS if origin.strip()] TEMPLATES = [ {