From 7cb7740570b471da42e98e09302321dc5a1eeadd Mon Sep 17 00:00:00 2001 From: rito528 <39003544+rito528@users.noreply.github.com> Date: Mon, 6 May 2024 00:30:20 +0900 Subject: [PATCH 1/5] =?UTF-8?q?feat:=20argo-workflows=E7=94=A8=E3=81=AE?= =?UTF-8?q?=E3=83=AA=E3=83=90=E3=83=BC=E3=82=B9=E3=83=97=E3=83=AD=E3=82=AD?= =?UTF-8?q?=E3=82=B7=E3=82=92=E5=AE=9A=E7=BE=A9=E3=81=99=E3=82=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../argo-events-reverse-proxy.yaml | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/argo-events-reverse-proxy.yaml diff --git a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/argo-events-reverse-proxy.yaml b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/argo-events-reverse-proxy.yaml new file mode 100644 index 000000000..1d29d01c0 --- /dev/null +++ b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/argo-events-reverse-proxy.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: Pod +metadata: + name: argo-events-reverse-proxy + namespace: argocd +spec: + containers: + - name: nginx + image: nginx:1.26.0 + volumeMounts: + - name: conf + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + volumes: + - name: conf + configMap: + name: argo-events-reverse-proxy-config-map +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: argo-events-reverse-proxy-config-map + namespace: argocd +data: + nginx.conf: | + events { + } + http { + server { + listen 80; + location / { + if ($request_method !~ ^(POST)$ ) { + return 405; + } + proxy_pass http://argo-workflows-server.argo:2746; + } + } + } From 72669bece9b8435cd1cf822c56b2db9948099a96 Mon Sep 17 00:00:00 2001 From: rito528 <39003544+rito528@users.noreply.github.com> Date: Mon, 6 May 2024 13:35:23 +0900 Subject: [PATCH 2/5] =?UTF-8?q?fix:=20argo-events=E7=94=A8=E3=81=AE?= =?UTF-8?q?=E3=83=AA=E3=83=90=E3=83=BC=E3=82=B9=E3=83=97=E3=83=AD=E3=82=AD?= =?UTF-8?q?=E3=82=B7=E3=82=92Pod=E3=81=8B=E3=82=89Deployment=E3=81=AB?= =?UTF-8?q?=E7=9B=B4=E3=81=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../app-of-other-apps/argo-events-reverse-proxy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/argo-events-reverse-proxy.yaml b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/argo-events-reverse-proxy.yaml index 1d29d01c0..c45acc416 100644 --- a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/argo-events-reverse-proxy.yaml +++ b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/argo-events-reverse-proxy.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -kind: Pod +kind: Deployment metadata: name: argo-events-reverse-proxy namespace: argocd From 4d0985abc2fa0a4c0bf9f3eb19969f845b47216b Mon Sep 17 00:00:00 2001 From: rito528 <39003544+rito528@users.noreply.github.com> Date: Mon, 6 May 2024 16:19:45 +0900 Subject: [PATCH 3/5] =?UTF-8?q?feat:=20argo=20events=E7=94=A8=E3=81=AE?= =?UTF-8?q?=E3=83=AA=E3=83=90=E3=83=BC=E3=82=B9=E3=83=97=E3=83=AD=E3=82=AD?= =?UTF-8?q?=E3=82=B7=E3=81=AE=E3=83=8D=E3=83=83=E3=83=88=E3=83=AF=E3=83=BC?= =?UTF-8?q?=E3=82=AF=E5=AE=9A=E7=BE=A9=E3=82=92=E8=BF=BD=E5=8A=A0=E3=81=99?= =?UTF-8?q?=E3=82=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../apps/cloudflared-tunnel-exits/http-exits.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cloudflared-tunnel-exits/http-exits.yaml b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cloudflared-tunnel-exits/http-exits.yaml index 4b518b7ae..77a0e97dd 100644 --- a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cloudflared-tunnel-exits/http-exits.yaml +++ b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cloudflared-tunnel-exits/http-exits.yaml @@ -100,6 +100,11 @@ spec: external-hostname: wiki.onp-k8s.admin.seichi.click internal-authority: "growi.growi-system:3000" + # Argo Eventsのリバースプロキシ。 + - name: argo-events-reverse-proxy + external-hostname: argo-workflows-reverse-proxy.onp-k8s.admin.seichi.click + internal-authority: "argo-events-reverse-proxy.argocd:80" + template: metadata: name: "cloudflared-tunnel-http-exit--{{name}}" From f5da7307a4e0c8db34230bb866af6153ca9afd98 Mon Sep 17 00:00:00 2001 From: rito528 <39003544+rito528@users.noreply.github.com> Date: Mon, 6 May 2024 20:34:50 +0900 Subject: [PATCH 4/5] =?UTF-8?q?chore:=20nginx.conf=E3=82=92=E7=9B=B4?= =?UTF-8?q?=E3=81=97=E3=81=A6=E3=80=81=E3=83=AA=E3=83=90=E3=83=BC=E3=82=B9?= =?UTF-8?q?=E3=83=97=E3=83=AD=E3=82=AD=E3=82=B7=E3=81=AE=E7=9B=AE=E7=9A=84?= =?UTF-8?q?=E3=81=AA=E3=81=A9=E3=82=92=E6=9B=B8=E3=81=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../apps/cloudflared-tunnel-exits/http-exits.yaml | 2 +- .../app-of-other-apps/argo-events-reverse-proxy.yaml | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cloudflared-tunnel-exits/http-exits.yaml b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cloudflared-tunnel-exits/http-exits.yaml index 77a0e97dd..e2795dbcc 100644 --- a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cloudflared-tunnel-exits/http-exits.yaml +++ b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cloudflared-tunnel-exits/http-exits.yaml @@ -102,7 +102,7 @@ spec: # Argo Eventsのリバースプロキシ。 - name: argo-events-reverse-proxy - external-hostname: argo-workflows-reverse-proxy.onp-k8s.admin.seichi.click + external-hostname: argo-workflows-webhook.onp-k8s.admin.seichi.click internal-authority: "argo-events-reverse-proxy.argocd:80" template: diff --git a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/argo-events-reverse-proxy.yaml b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/argo-events-reverse-proxy.yaml index c45acc416..e26982375 100644 --- a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/argo-events-reverse-proxy.yaml +++ b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/argo-events-reverse-proxy.yaml @@ -1,3 +1,5 @@ +# 外部から Argo Workflows を発火するためには Cloudflared を使えば機能的には問題がないが、 +# 任意のクライアントから GET を受け付けると面倒なので、POST だけに限定するためのリバースプロキシを挟む。 apiVersion: v1 kind: Deployment metadata: @@ -23,11 +25,10 @@ metadata: namespace: argocd data: nginx.conf: | - events { - } http { server { listen 80; + server_name argo-workflows-webhook.onp-k8s.admin.seichi.click; location / { if ($request_method !~ ^(POST)$ ) { return 405; From fee9086da9794dce03734337fdce5659ed4242bd Mon Sep 17 00:00:00 2001 From: rito528 <39003544+rito528@users.noreply.github.com> Date: Mon, 6 May 2024 20:44:20 +0900 Subject: [PATCH 5/5] =?UTF-8?q?fix:=20argo-event=20=E3=81=AE=E3=83=AA?= =?UTF-8?q?=E3=83=90=E3=83=BC=E3=82=B9=E3=83=97=E3=83=AD=E3=82=AD=E3=82=B7?= =?UTF-8?q?=E3=81=A7=E3=81=AF=E3=81=AA=E3=81=8F=20argo-workflows=20?= =?UTF-8?q?=E3=81=AE=E3=83=AA=E3=83=90=E3=83=BC=E3=82=B9=E3=83=97=E3=83=AD?= =?UTF-8?q?=E3=82=AD=E3=82=B7=E3=81=AB=E7=9B=B4=E3=81=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../apps/cloudflared-tunnel-exits/http-exits.yaml | 6 +++--- .../app-of-other-apps/argo-events-reverse-proxy.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cloudflared-tunnel-exits/http-exits.yaml b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cloudflared-tunnel-exits/http-exits.yaml index e2795dbcc..4e8e9674a 100644 --- a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cloudflared-tunnel-exits/http-exits.yaml +++ b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cloudflared-tunnel-exits/http-exits.yaml @@ -100,10 +100,10 @@ spec: external-hostname: wiki.onp-k8s.admin.seichi.click internal-authority: "growi.growi-system:3000" - # Argo Eventsのリバースプロキシ。 - - name: argo-events-reverse-proxy + # Argo Workflows に対する POST リクエストのみを受け付けるためのリバースプロキシ。 + - name: argo-workflows-reverse-proxy external-hostname: argo-workflows-webhook.onp-k8s.admin.seichi.click - internal-authority: "argo-events-reverse-proxy.argocd:80" + internal-authority: "argo-workflows-reverse-proxy.argocd:80" template: metadata: diff --git a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/argo-events-reverse-proxy.yaml b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/argo-events-reverse-proxy.yaml index e26982375..7d520134e 100644 --- a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/argo-events-reverse-proxy.yaml +++ b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/argo-events-reverse-proxy.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Deployment metadata: - name: argo-events-reverse-proxy + name: argo-workflows-reverse-proxy namespace: argocd spec: containers: @@ -16,12 +16,12 @@ spec: volumes: - name: conf configMap: - name: argo-events-reverse-proxy-config-map + name: argo-workflows-reverse-proxy-config-map --- apiVersion: v1 kind: ConfigMap metadata: - name: argo-events-reverse-proxy-config-map + name: argo-workflows-reverse-proxy-config-map namespace: argocd data: nginx.conf: |