dvirlabs/my-recipes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use separate ingress for frontend and backend (like navix): frontend at my-recipes.dvirlabs.com, backend at api-my-recipes.dvirlabs.com

Browse Source
This commit is contained in:
dvirlabs 2025-12-06 22:44:59 +02:00
parent 5c8481304f
commit b4008f5b93
7 changed files with 123 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
frontend/10-generate-env.sh
View File

@ -1,32 +1,23 @@
#!/bin/sh
set -e
# Template is in dist (copied by Dockerfile builder stage)
TEMPLATE="/usr/share/nginx/html/env.js.template"
# Generate env.js from API_BASE environment variable
# This is set in the Helm deployment values
TARGET="/usr/share/nginx/html/env.js"
if [ -f "$TEMPLATE" ]; then
echo "Generating env.js from template with API_BASE=${API_BASE:-/api}"
# Default API_BASE to /api if not provided
# API_BASE should be set via deployment env (e.g., from Helm values)
# Default to /api as fallback (relative path)
: ${API_BASE:=/api}
echo "Generating env.js with API_BASE=${API_BASE}"
cat > "$TARGET" <<EOF
window.__ENV__ = {
API_BASE: "${API_BASE}"
};
EOF
echo "✓ env.js generated at $TARGET"
else
echo "Warning: env.js.template not found at $TEMPLATE, creating default env.js"
# Fallback: create env.js with default value
: ${API_BASE:=/api}
cat > "$TARGET" <<EOF
window.__ENV__ = {
API_BASE: "${API_BASE}"
};
EOF
echo "✓ Default env.js created at $TARGET"
fi
# Ensure ownership/permissions are OK for nginx
# Ensure ownership/permissions for nginx
chown -R nginx:nginx /usr/share/nginx/html || true

7
frontend/Dockerfile
View File

@ -15,10 +15,7 @@ COPY . .
# Build the application
RUN npm run build
# Copy env template to dist so it's available in production
COPY public/env.js.template dist/env.js.template
# Production stage - use nginx to serve static files and proxy API calls
# Production stage - use nginx to serve static files
FROM nginx:alpine
# Copy nginx config
@ -28,7 +25,7 @@ COPY nginx.conf /etc/nginx/nginx.conf
COPY --from=builder /app/dist /usr/share/nginx/html
# Copy entrypoint script to nginx entrypoint.d directory
# This will run before nginx starts and generate env.js from template
# This will run before nginx starts and generate env.js from API_BASE env var
COPY 10-generate-env.sh /docker-entrypoint.d/10-generate-env.sh
# Ensure entrypoint script is executable

13
frontend/nginx.conf
View File

@ -13,19 +13,6 @@ http {
root /usr/share/nginx/html;
index index.html;
# Proxy API requests to backend service
# Frontend calls /api/recipes, nginx removes /api prefix and forwards to backend:8000/recipes
location /api/ {
proxy_pass http://backend:8000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Serve static files and fallback to index.html for SPA
location / {
try_files $uri $uri/ /index.html;

32
manifests/my-recipes/values.yaml
View File

@ -23,6 +23,16 @@ backend:
env:
PYTHONUNBUFFERED: "1"
tag: master-895786b
ingress:
enabled: true
className: "nginx"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
hosts:
- host: api-my-recipes.dvirlabs.com
paths:
- path: /
pathType: Prefix
# Frontend configuration
frontend:
name: frontend
@ -36,7 +46,7 @@ frontend:
port: 80
targetPort: 80
env:
API_BASE: "https://my-recipes.dvirlabs.com/api"
API_BASE: "https://api-my-recipes.dvirlabs.com"
resources:
requests:
cpu: 50m
@ -45,6 +55,16 @@ frontend:
cpu: 200m
memory: 256Mi
tag: master-bd31ffb
ingress:
enabled: true
className: "nginx"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
hosts:
- host: my-recipes.dvirlabs.com
paths:
- path: /
pathType: Prefix
# PostgreSQL configuration
postgres:
name: db
@ -72,24 +92,18 @@ postgres:
limits:
cpu: 1000m
memory: 1Gi
# Ingress (top-level, maps frontend/backend paths)
# Ingress (top-level, disabled - use component-specific ingress instead)
ingress:
enabled: true
enabled: false
className: "nginx"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/rewrite-target: "/$2"
nginx.ingress.kubernetes.io/use-regex: "true"
hosts:
- host: my-recipes.dvirlabs.com
paths:
- path: /
pathType: Prefix
backend: frontend
# use a regex to capture and rewrite /api/... to /... on the backend
- path: /api(/|$)(.*)
pathType: ImplementationSpecific
backend: backend
tls:
- secretName: recipes-tls
hosts:

15
my-recipes-chart/templates/frontend-deployment.yaml
View File

@ -25,26 +25,13 @@ spec:
- containerPort: {{ .Values.frontend.service.targetPort }}
name: http
protocol: TCP
{{- /* compute API_BASE: prefer frontend.env.API_BASE, else use first ingress host */}}
{{- $apiBase := "" }}
{{- if .Values.frontend.env.API_BASE }}
{{- $apiBase = .Values.frontend.env.API_BASE }}
{{- else if .Values.ingress.hosts }}
{{- $firstHost := index .Values.ingress.hosts 0 }}
{{- $apiBase = printf "https://%s/api" $firstHost.host }}
{{- end }}
env:
- name: API_BASE
value: {{ $apiBase | quote }}
{{- /* include any other env vars provided in values.frontend.env (skip API_BASE to avoid duplicate) */}}
{{- with .Values.frontend.env }}
env:
{{- range $key, $value := . }}
{{- if ne $key "API_BASE" }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
livenessProbe:
httpGet:
path: /

79
my-recipes-chart/templates/ingress.yaml
View File

@ -1,31 +1,22 @@
{{- if .Values.ingress.enabled }}
{{- if .Values.frontend.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Release.Name }}
name: {{ .Release.Name }}-frontend
namespace: {{ .Values.global.namespace }}
labels:
app: {{ .Release.Name }}
{{- with .Values.ingress.annotations }}
app: {{ .Release.Name }}-frontend
component: frontend
{{- with .Values.frontend.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.className }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- if .Values.frontend.ingress.className }}
ingressClassName: {{ .Values.frontend.ingress.className }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
{{- range .Values.frontend.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
@ -34,15 +25,65 @@ spec:
pathType: {{ .pathType }}
backend:
service:
{{- if eq .backend "frontend" }}
name: {{ $.Release.Name }}-{{ $.Values.frontend.name }}
port:
number: {{ $.Values.frontend.service.port }}
{{- else if eq .backend "backend" }}
{{- end }}
{{- end }}
{{- if .Values.frontend.ingress.tls }}
tls:
{{- range .Values.frontend.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
{{- end }}
---
{{- if .Values.backend.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Release.Name }}-backend
namespace: {{ .Values.global.namespace }}
labels:
app: {{ .Release.Name }}-backend
component: backend
{{- with .Values.backend.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.backend.ingress.className }}
ingressClassName: {{ .Values.backend.ingress.className }}
{{- end }}
rules:
{{- range .Values.backend.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
pathType: {{ .pathType }}
backend:
service:
name: {{ $.Release.Name }}-{{ $.Values.backend.name }}
port:
number: {{ $.Values.backend.service.port }}
{{- end }}
{{- end }}
{{- if .Values.backend.ingress.tls }}
tls:
{{- range .Values.backend.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
{{- end }}

32
my-recipes-chart/values.yaml
View File

@ -27,6 +27,17 @@ backend:
env:
PYTHONUNBUFFERED: "1"
ingress:
enabled: true
className: "nginx"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
hosts:
- host: api-my-recipes.dvirlabs.com
paths:
- path: /
pathType: Prefix
# Frontend configuration
frontend:
name: frontend
@ -42,7 +53,7 @@ frontend:
targetPort: 80
env:
API_BASE: "https://my-recipes.dvirlabs.com/api"
API_BASE: "https://api-my-recipes.dvirlabs.com"
resources:
requests:
@ -52,6 +63,17 @@ frontend:
cpu: 200m
memory: 256Mi
ingress:
enabled: true
className: "nginx"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
hosts:
- host: my-recipes.dvirlabs.com
paths:
- path: /
pathType: Prefix
# PostgreSQL configuration
postgres:
name: db
@ -86,22 +108,16 @@ postgres:
# Ingress configuration
ingress:
enabled: true
enabled: false # Individual frontend/backend ingress resources handle routing instead
className: "nginx"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/rewrite-target: "/$2"
nginx.ingress.kubernetes.io/use-regex: "true"
hosts:
- host: my-recipes.dvirlabs.com
paths:
- path: /
pathType: Prefix
backend: frontend
# use a regex to capture and rewrite /api/... to /... on the backend
- path: /api(/|$)(.*)
pathType: ImplementationSpecific
backend: backend
tls:
- secretName: recipes-tls
hosts: