fixes #17064 - gateway single-host with helm (#17788)

deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/ingress.yaml

@@ -7,6 +7,8 @@
 # SPDX-License-Identifier: EPL-2.0
 #
 
+{{- if not (and (eq .Values.global.serverStrategy "single-host") (eq .Values.global.singleHostExposure "gateway")) }}
+
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
@@ -49,3 +51,5 @@ spec:
     - {{ template "devfileRegistryHost" . }}
     secretName: {{ .Values.global.tls.secretName }}
 {{- end -}}
+
+{{- end }}

deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/traefik-gateway-configmap.yaml

@@ -0,0 +1,39 @@
+#
+# Copyright (c) 2012-2018 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+{{- if and (eq .Values.global.serverStrategy "single-host") (eq .Values.global.singleHostExposure "gateway") }}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: che
+    component: che-gateway-config
+  name: che-gateway-route-devfile-registry
+data:
+  devfile-registry.yml: |
+    http:
+      routers:
+        devfile-registry:
+          rule: "PathPrefix(`/devfile-registry`)"
+          service: devfile-registry
+          middlewares: [devfile-registry]
+          priority: 10
+      services:
+        devfile-registry:
+          loadBalancer:
+            servers:
+            - url: 'http://devfile-registry:8080'
+      middlewares:
+        devfile-registry:
+          stripPrefix:
+            prefixes:
+            - '/devfile-registry'
+
+{{- end }}

deploy/kubernetes/helm/che/custom-charts/che-gateway/Chart.yaml

@@ -0,0 +1,12 @@
+#
+# Copyright (c) 2018 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+apiVersion: "v1"
+name: "che-gateway"
+version: "0.0.1"

deploy/kubernetes/helm/che/custom-charts/che-gateway/templates/configmap-traefik.yaml

@@ -0,0 +1,34 @@
+#
+# Copyright (c) 2012-2018 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: che
+    component: che-gateway
+  name: che-gateway-config
+data:
+  traefik.yml: |
+    global:
+      checkNewVersion: false
+      sendAnonymousUsage: false
+    entrypoints:
+      http:
+        address: ":8080"
+        forwardedHeaders:
+          insecure: true
+      https:
+        address: ":8443"
+        forwardedHeaders:
+          insecure: true
+    providers:
+      file:
+        directory: "/dynamic-config"
+        watch: true

deploy/kubernetes/helm/che/custom-charts/che-gateway/templates/deployment.yaml

@@ -0,0 +1,69 @@
+#
+# Copyright (c) 2018 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: che
+    component: che-gateway
+  name: che-gateway
+spec:
+  replicas: 1
+  revisionHistoryLimit: 2
+  selector:
+    matchLabels:
+      app: che
+      component: che-gateway
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+  template:
+    metadata:
+      labels:
+        app: che
+        component: che-gateway
+    spec:
+      serviceAccountName: che-gateway
+      containers:
+        - name: gateway
+          image: {{ .Values.cheGateway.gatewayImage }}
+          imagePullPolicy: {{ .Values.cheGateway.imagePullPolicy }}
+          volumeMounts:
+            - name: static-config
+              mountPath: /etc/traefik
+            - name: dynamic-config
+              mountPath: "/dynamic-config"
+        - name: configbump
+          image: {{ .Values.cheGateway.configBumpImage }}
+          imagePullPolicy: {{ .Values.cheGateway.imagePullPolicy }}
+          env:
+            - name: CONFIG_BUMP_DIR
+              value: "/dynamic-config"
+            - name: CONFIG_BUMP_LABELS
+              value: {{ .Values.global.singleHostGatewayLabels | quote }}
+            - name: CONFIG_BUMP_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          volumeMounts:
+            - name: dynamic-config
+              mountPath: "/dynamic-config"
+      volumes:
+        - name: static-config
+          configMap:
+            name: che-gateway-config
+        - name: dynamic-config
+          emptyDir: {}

deploy/kubernetes/helm/che/custom-charts/che-gateway/templates/role.yaml

@@ -0,0 +1,22 @@
+#
+# Copyright (c) 2012-2019 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: che-gateway
+rules:
+  - verbs:
+      - watch
+      - get
+      - list
+    apiGroups:
+      - ""
+    resources:
+      - configmaps

deploy/kubernetes/helm/che/custom-charts/che-gateway/templates/rolebinding.yaml

@@ -0,0 +1,20 @@
+#
+# Copyright (c) 2012-2019 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: che-gateway
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: che-gateway
+subjects:
+  - kind: ServiceAccount
+    name: che-gateway

deploy/kubernetes/helm/che/custom-charts/che-gateway/templates/service.yaml

@@ -0,0 +1,24 @@
+#
+# Copyright (c) 2018 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: che
+    component: che-gateway
+  name: che-gateway
+spec:
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080
+  selector:
+    app: che
+    component: che-gateway

deploy/kubernetes/helm/che/custom-charts/che-gateway/templates/serviceaccount.yaml

@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2012-2019 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: che
+    component: che-gateway
+  name: che-gateway

deploy/kubernetes/helm/che/custom-charts/che-gateway/values.yaml

@@ -0,0 +1,13 @@
+#
+# Copyright (c) 2018 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+cheGateway:
+  gatewayImage: docker.io/traefik:v2.2.8
+  configBumpImage: quay.io/che-incubator/configbump:0.1.4
+  imagePullPolicy: Always

deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/ingress.yaml

@@ -7,6 +7,8 @@
 # SPDX-License-Identifier: EPL-2.0
 #
 
+{{- if not (and (eq .Values.global.serverStrategy "single-host") (eq .Values.global.singleHostExposure "gateway")) }}
+
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
@@ -46,3 +48,5 @@ spec:
         backend:
           serviceName: keycloak
           servicePort: 5050
+
+{{- end }}

deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/traefik-gateway-configmap.yaml

@@ -0,0 +1,33 @@
+#
+# Copyright (c) 2012-2018 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+{{- if and (eq .Values.global.serverStrategy "single-host") (eq .Values.global.singleHostExposure "gateway") }}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: che
+    component: che-gateway-config
+  name: che-gateway-route-keycloak
+data:
+  keycloak.yml: |
+    http:
+      routers:
+        keycloak:
+          rule: "PathPrefix(`/auth`)"
+          service: keycloak
+          priority: 10
+      services:
+        keycloak:
+          loadBalancer:
+            servers:
+            - url: 'http://keycloak:5050'
+
+{{- end }}

deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/ingress.yaml

@@ -7,6 +7,8 @@
 # SPDX-License-Identifier: EPL-2.0
 #
 
+{{- if not (and (eq .Values.global.serverStrategy "single-host") (eq .Values.global.singleHostExposure "gateway")) }}
+
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
@@ -49,3 +51,5 @@ spec:
     - {{ template "pluginRegistryHost" . }}
     secretName: {{ .Values.global.tls.secretName }}
 {{- end -}}
+
+{{- end }}

deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/traefik-gateway-configmap.yaml

@@ -0,0 +1,39 @@
+#
+# Copyright (c) 2012-2018 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+{{- if and (eq .Values.global.serverStrategy "single-host") (eq .Values.global.singleHostExposure "gateway") }}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: che
+    component: che-gateway-config
+  name: che-gateway-route-plugin-registry
+data:
+  plugin-registry.yml: |
+    http:
+      routers:
+        plugin-registry:
+          rule: "PathPrefix(`/plugin-registry`)"
+          service: plugin-registry
+          middlewares: [plugin-registry]
+          priority: 10
+      services:
+        plugin-registry:
+          loadBalancer:
+            servers:
+            - url: 'http://plugin-registry:8080'
+      middlewares:
+        plugin-registry:
+          stripPrefix:
+            prefixes:
+            - '/plugin-registry'
+
+  {{- end }}

deploy/kubernetes/helm/che/requirements.yaml

@@ -8,6 +8,10 @@
 #
 
 dependencies:
+  - name: che-gateway
+    repository: file://./custom-charts/che-gateway/
+    version: 0.0.1
+    condition: cheSinglehostGateway.deploy
   - name: che-devfile-registry
     repository: file://./custom-charts/che-devfile-registry/
     version: 0.0.1

deploy/kubernetes/helm/che/templates/configmap.yaml

@@ -81,6 +81,8 @@ data:
 {{- end }}
   CHE_INFRA_KUBERNETES_INGRESS_PATH__TRANSFORM: '%s(.*)'
   CHE_INFRA_KUBERNETES_SERVER__STRATEGY: {{ .Values.global.serverStrategy }}
+  CHE_INFRA_KUBERNETES_SINGLEHOST_WORKSPACE_EXPOSURE: {{ .Values.global.singleHostExposure | quote }}
+  CHE_INFRA_KUBERNETES_SINGLEHOST_GATEWAY_CONFIGMAP__LABELS: {{ .Values.global.singleHostGatewayLabels | quote }}
   CHE_LOGGER_CONFIG: {{ .Values.global.log.loggerConfig | quote}}
   CHE_LOGS_APPENDERS_IMPL: {{ .Values.global.log.appenderName }}
   CHE_WORKSPACE_HTTP__PROXY: {{ .Values.cheWorkspaceHttpProxy | quote}}

deploy/kubernetes/helm/che/templates/ingress.yaml

@@ -37,5 +37,9 @@ spec:
       paths:
       - path: /
         backend:
+{{- if and (eq .Values.global.serverStrategy "single-host") (eq .Values.global.singleHostExposure "gateway") }}
+          serviceName: che-gateway
+{{- else }}
           serviceName: che-host
+{{- end }}
           servicePort: 8080

deploy/kubernetes/helm/che/templates/traefik-gateway-configmap.yaml

@@ -0,0 +1,33 @@
+#
+# Copyright (c) 2012-2018 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+{{- if and (eq .Values.global.serverStrategy "single-host") (eq .Values.global.singleHostExposure "gateway") }}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: che
+    component: che-gateway-config
+  name: che-gateway-route-che
+data:
+  che.yml: |
+    http:
+      routers:
+        che:
+          rule: "PathPrefix(`/`)"
+          service: che
+          priority: 1
+      services:
+        che:
+          loadBalancer:
+            servers:
+            - url: 'http://che-host:8080'
+
+{{- end }}

deploy/kubernetes/helm/che/values.yaml

@@ -36,6 +36,10 @@ global:
   ingressAnnotationsPrefix: "nginx."
   # options: default-host, single-host, multi-host
   serverStrategy: multi-host
+  # exposure type for `serverStrategy: single-host`. options: native, gateway
+  singleHostExposure: native
+  # labels used for single-host gateway ConfigMaps
+  singleHostGatewayLabels: app=che,component=che-gateway-config
   # Public hostname of the installed Che server. If value is omitted then it will be automatically set.
   cheHost: ""
 
@@ -111,6 +115,9 @@ cheDevfileRegistry:
 chePluginRegistry:
   deploy: true
 
+cheSinglehostGateway:
+  deploy: false
+
 prometheus:
   alertmanager:
     enabled: false

deploy/kubernetes/helm/che/values/single-host-gateway.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2012-2019 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+global:
+  serverStrategy: single-host
+  singleHostExposure: gateway
+  singleHostGatewayLabels: app=che,component=che-gateway-config
+cheSinglehostGateway:
+  deploy: true

infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/external/TraefikGatewayRouteConfigGenerator.java

@@ -53,8 +53,9 @@ import org.eclipse.che.workspace.infrastructure.kubernetes.Annotations;
  *         prefixes:
  *         - "{GatewayRouteConfig#routePath}"
  *     {name}_headers:
- *       customRequestHeaders:
- *         X-Forwarded-Proto: "{protocol}"
+ *       headers:
+ *         customRequestHeaders:
+ *           X-Forwarded-Proto: "{protocol}"
  * </pre>
  */
 public class TraefikGatewayRouteConfigGenerator implements GatewayRouteConfigGenerator {