From f97d0299d23ba65e13fc6783fcc44c2a2833b607 Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Fri, 20 Mar 2026 20:13:09 +0000 Subject: [PATCH 1/2] feat(deploy): migrate ingress from NGINX to Envoy Gateway Replace ingress-nginx with Gateway API (Envoy Gateway) in both backend and frontend Helm values files by enabling the gateway flag supported by the helm-webapp chart. - Add gateway.enabled: true to backend and frontend values - Disable explicit ingress (chart suppresses it when gateway is enabled) - Remove NGINX-specific annotation from frontend; SPA routing (try_files) must be handled at the nginx container level, not at the ingress Closes #62 Co-authored-by: Lauri Gates --- deploy/backend-values.yaml | 30 ++++++++---------------------- deploy/frontend-values.yaml | 29 ++++++++++------------------- 2 files changed, 18 insertions(+), 41 deletions(-) diff --git a/deploy/backend-values.yaml b/deploy/backend-values.yaml index 05ef68d..5488838 100644 --- a/deploy/backend-values.yaml +++ b/deploy/backend-values.yaml @@ -125,29 +125,15 @@ service: port: 80 targetPort: 8000 -# Ingress configuration - API endpoint (same domain as frontend, path-based routing) -ingress: +# Gateway API configuration (Envoy Gateway) +# Replaces ingress-nginx; creates HTTPRoute pointing to shared dataportal-gateway +# Hostname auto-generated as olmap-backend.dataportal.fi from release name +gateway: enabled: true - className: nginx - annotations: - cert-manager.io/cluster-issuer: "letsencrypt-prod" - hosts: - - host: olmap.dataportal.fi - paths: - - path: /api - pathType: Prefix - - path: /admin - pathType: Prefix - - path: /static - pathType: Prefix - - path: /rest-auth - pathType: Prefix - - path: /accounts - pathType: Prefix - tls: - - hosts: - - olmap.dataportal.fi - secretName: olmap-backend-tls # pragma: allowlist secret + +# Ingress configuration - disabled in favour of Gateway API above +ingress: + enabled: false # Health checks for Django livenessProbe: diff --git a/deploy/frontend-values.yaml b/deploy/frontend-values.yaml index 6299bf4..3b7592c 100644 --- a/deploy/frontend-values.yaml +++ b/deploy/frontend-values.yaml @@ -37,26 +37,17 @@ service: port: 80 targetPort: 80 -# Ingress configuration - serves the SPA, proxies /api to backend -ingress: +# Gateway API configuration (Envoy Gateway) +# Replaces ingress-nginx; creates HTTPRoute pointing to shared dataportal-gateway +# Hostname auto-generated as olmap-frontend.dataportal.fi from release name +# Note: SPA catch-all routing (try_files $uri $uri/ /index.html) must be handled +# by the nginx container's own nginx.conf - it cannot be delegated to the gateway. +gateway: enabled: true - className: nginx - annotations: - cert-manager.io/cluster-issuer: "letsencrypt-prod" - # SPA catch-all routing - serve index.html for non-file paths - nginx.ingress.kubernetes.io/configuration-snippet: | - location ~* ^/(?!api|admin|static|rest-auth|accounts|health).*$ { - try_files $uri $uri/ /index.html; - } - hosts: - - host: olmap.dataportal.fi - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - olmap.dataportal.fi - secretName: olmap-frontend-tls # pragma: allowlist secret + +# Ingress configuration - disabled in favour of Gateway API above +ingress: + enabled: false # Health check for nginx livenessProbe: From fe993d09c1ce6b549e282d42b57f69921090cf1a Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Tue, 24 Mar 2026 17:46:18 +0000 Subject: [PATCH 2/2] fix(deploy): update backend env vars for new hostname-based routing Update DJANGO_ALLOWED_HOSTS, DJANGO_CORS_ALLOWED_ORIGINS, and FRONTEND_ROOT to reflect the new Envoy Gateway hostname-based routing scheme: - Backend: olmap-backend.dataportal.fi (was olmap.dataportal.fi with path routing) - Frontend: olmap-frontend.dataportal.fi (was olmap.dataportal.fi) Without these changes, Django would reject requests from the new backend hostname and CORS would block frontend requests from the new frontend origin. Co-authored-by: Lauri Gates --- deploy/backend-values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/backend-values.yaml b/deploy/backend-values.yaml index 5488838..f0bd27c 100644 --- a/deploy/backend-values.yaml +++ b/deploy/backend-values.yaml @@ -77,9 +77,9 @@ env: name: olmap-backend-secrets key: DJANGO_SECRET_KEY DJANGO_ALLOWED_HOSTS: - value: "olmap.dataportal.fi,localhost" + value: "olmap-backend.dataportal.fi,localhost" DJANGO_CORS_ALLOWED_ORIGINS: - value: "https://olmap.dataportal.fi" + value: "https://olmap-frontend.dataportal.fi" DJANGO_MIGRATE: value: "true" # Database configuration (Cloud SQL via proxy with IAM auth) @@ -95,7 +95,7 @@ env: value: "olmap-app@fvh-project-containers-etc.iam" # Frontend URL for CORS and redirects FRONTEND_ROOT: - value: "https://olmap.dataportal.fi" + value: "https://olmap-frontend.dataportal.fi" # Admin email ADMIN_EMAIL: value: "admin@forumvirium.fi"