fix(synapse/mmr): add its own ingress for mmr path with vhost, fixes sso

This commit is contained in:
unteem 2024-05-07 13:17:25 +02:00
parent 9214855f40
commit 5ad4a482ee
2 changed files with 49 additions and 13 deletions

View file

@ -107,6 +107,11 @@ func (r *SynapseReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
return ctrl.Result{}, err return ctrl.Result{}, err
} }
err = r.reconcileMMRIngress(ctx, &synapse)
if err != nil {
return ctrl.Result{}, err
}
err = r.reconcilePostgres(ctx, &synapse, &resources) err = r.reconcilePostgres(ctx, &synapse, &resources)
if err != nil { if err != nil {
return ctrl.Result{}, err return ctrl.Result{}, err

View file

@ -91,25 +91,12 @@ func (r *SynapseReconciler) reconcileIngress(ctx context.Context, synapse *matri
ingress.Annotations = make(map[string]string) ingress.Annotations = make(map[string]string)
} }
ingress.Annotations["kubernetes.io/tls-acme"] = "true" ingress.Annotations["kubernetes.io/tls-acme"] = "true"
ingress.Annotations["nginx.ingress.kubernetes.io/upstream-vhost"] = synapse.Spec.ServerName
pathType := netv1.PathTypePrefix pathType := netv1.PathTypePrefix
ingress.Spec.Rules = []netv1.IngressRule{{ ingress.Spec.Rules = []netv1.IngressRule{{
Host: synapse.Spec.Host, Host: synapse.Spec.Host,
IngressRuleValue: netv1.IngressRuleValue{ IngressRuleValue: netv1.IngressRuleValue{
HTTP: &netv1.HTTPIngressRuleValue{ HTTP: &netv1.HTTPIngressRuleValue{
Paths: []netv1.HTTPIngressPath{ Paths: []netv1.HTTPIngressPath{
{
PathType: &pathType,
Path: "/_matrix/media",
Backend: netv1.IngressBackend{
Service: &netv1.IngressServiceBackend{
Name: lshr.GetResourceName(synapse, "media-repo"),
Port: netv1.ServiceBackendPort{
Name: "http",
},
},
},
},
{ {
PathType: &pathType, PathType: &pathType,
Path: "/.well-known/matrix/", Path: "/.well-known/matrix/",
@ -188,3 +175,47 @@ func (r *SynapseReconciler) reconcileIngress(ctx context.Context, synapse *matri
return controllerutil.SetControllerReference(synapse, &ingress, r.Scheme()) return controllerutil.SetControllerReference(synapse, &ingress, r.Scheme())
}) })
} }
func (r *SynapseReconciler) reconcileMMRIngress(ctx context.Context, synapse *matrixv1alpha1.Synapse) error {
var ingress netv1.Ingress
lshr.SetResourceNamespacedName(synapse, &ingress, "mmr")
return lshr.CreateOrPatch(ctx, r, &ingress, func() error {
if ingress.Annotations[lshmeta.SuspendAnnotation] == "true" {
return nil
}
lshr.ApplyLabels(synapse, &ingress, nil)
if ingress.Annotations == nil {
ingress.Annotations = make(map[string]string)
}
ingress.Annotations["kubernetes.io/tls-acme"] = "true"
ingress.Annotations["nginx.ingress.kubernetes.io/upstream-vhost"] = synapse.Spec.ServerName
pathType := netv1.PathTypePrefix
ingress.Spec.Rules = []netv1.IngressRule{{
Host: synapse.Spec.Host,
IngressRuleValue: netv1.IngressRuleValue{
HTTP: &netv1.HTTPIngressRuleValue{
Paths: []netv1.HTTPIngressPath{
{
PathType: &pathType,
Path: "/_matrix/media",
Backend: netv1.IngressBackend{
Service: &netv1.IngressServiceBackend{
Name: lshr.GetResourceName(synapse, "media-repo"),
Port: netv1.ServiceBackendPort{
Name: "http",
},
},
},
},
},
},
},
},
}
ingress.Spec.TLS = []netv1.IngressTLS{{
SecretName: ingress.Name + "-tls",
Hosts: []string{synapse.Spec.Host},
}}
return controllerutil.SetControllerReference(synapse, &ingress, r.Scheme())
})
}