fix(synapse/mmr): add its own ingress for mmr path with vhost, fixes sso

2024-12-27 22:26:41 +00:00 · 2024-05-07 13:17:25 +02:00 · 2024-05-07 13:17:25 +02:00 · 5ad4a482ee
commit 5ad4a482ee
parent 9214855f40
2 changed files with 49 additions and 13 deletions
--- a/internal/controller/matrix/synapse_controller.go
+++ b/internal/controller/matrix/synapse_controller.go
@ -107,6 +107,11 @@ func (r *SynapseReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 		return ctrl.Result{}, err
 	}

+	err = r.reconcileMMRIngress(ctx, &synapse)
+	if err != nil {
+		return ctrl.Result{}, err
+	}
+
 	err = r.reconcilePostgres(ctx, &synapse, &resources)
 	if err != nil {
 		return ctrl.Result{}, err
--- a/internal/controller/matrix/synapse_controller_net.go
+++ b/internal/controller/matrix/synapse_controller_net.go
@ -91,25 +91,12 @@ func (r *SynapseReconciler) reconcileIngress(ctx context.Context, synapse *matri
 			ingress.Annotations = make(map[string]string)
 		}
 		ingress.Annotations["kubernetes.io/tls-acme"] = "true"
-		ingress.Annotations["nginx.ingress.kubernetes.io/upstream-vhost"] = synapse.Spec.ServerName
 		pathType := netv1.PathTypePrefix
 		ingress.Spec.Rules = []netv1.IngressRule{{
 			Host: synapse.Spec.Host,
 			IngressRuleValue: netv1.IngressRuleValue{
 				HTTP: &netv1.HTTPIngressRuleValue{
 					Paths: []netv1.HTTPIngressPath{
-						{
-							PathType: &pathType,
-							Path:     "/_matrix/media",
-							Backend: netv1.IngressBackend{
-								Service: &netv1.IngressServiceBackend{
-									Name: lshr.GetResourceName(synapse, "media-repo"),
-									Port: netv1.ServiceBackendPort{
-										Name: "http",
-									},
-								},
-							},
-						},
 						{
 							PathType: &pathType,
 							Path:     "/.well-known/matrix/",
@ -188,3 +175,47 @@ func (r *SynapseReconciler) reconcileIngress(ctx context.Context, synapse *matri
 		return controllerutil.SetControllerReference(synapse, &ingress, r.Scheme())
 	})
 }
+
+func (r *SynapseReconciler) reconcileMMRIngress(ctx context.Context, synapse *matrixv1alpha1.Synapse) error {
+	var ingress netv1.Ingress
+	lshr.SetResourceNamespacedName(synapse, &ingress, "mmr")
+	return lshr.CreateOrPatch(ctx, r, &ingress, func() error {
+		if ingress.Annotations[lshmeta.SuspendAnnotation] == "true" {
+			return nil
+		}
+		lshr.ApplyLabels(synapse, &ingress, nil)
+		if ingress.Annotations == nil {
+			ingress.Annotations = make(map[string]string)
+		}
+		ingress.Annotations["kubernetes.io/tls-acme"] = "true"
+		ingress.Annotations["nginx.ingress.kubernetes.io/upstream-vhost"] = synapse.Spec.ServerName
+		pathType := netv1.PathTypePrefix
+		ingress.Spec.Rules = []netv1.IngressRule{{
+			Host: synapse.Spec.Host,
+			IngressRuleValue: netv1.IngressRuleValue{
+				HTTP: &netv1.HTTPIngressRuleValue{
+					Paths: []netv1.HTTPIngressPath{
+						{
+							PathType: &pathType,
+							Path:     "/_matrix/media",
+							Backend: netv1.IngressBackend{
+								Service: &netv1.IngressServiceBackend{
+									Name: lshr.GetResourceName(synapse, "media-repo"),
+									Port: netv1.ServiceBackendPort{
+										Name: "http",
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		}
+		ingress.Spec.TLS = []netv1.IngressTLS{{
+			SecretName: ingress.Name + "-tls",
+			Hosts:      []string{synapse.Spec.Host},
+		}}
+		return controllerutil.SetControllerReference(synapse, &ingress, r.Scheme())
+	})
+}