Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

supporting exposing https port #481

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

supporting exposing https port #481

wants to merge 1 commit into from

Conversation

aogier
Copy link

@aogier aogier commented Dec 28, 2024
edited
Loading

This PR allows for expose https port based on DISABLE_HTTPS config.

The rationale is, I've tried to deploy the chart using an ingress and found it complicated to configure the proper whitelists for the proxy chain of trust. All to end up with a setup where the segment between zulip and the ingress controller passes in the clear.

With this simple modification I don't change the previous chart's behaviour but I can configure my ingress to use https eg. by annotating it in values file:

ingress:
  enabled: true
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
[...]

and this produce an easy to obtain end-to-end encryption and zero fights with the container setup!

How did you test this PR?

$ diff -u \
 <(helm template zulip . -s templates/service.yaml) \
 <(helm template zulip . --set=zulip.environment.DISABLE_HTTPS=false -s templates/service.yaml)
--- /proc/self/fd/11    2024-12-28 14:54:57.416000000 +0100
+++ /proc/self/fd/22    2024-12-28 14:54:57.416000000 +0100
@@ -14,7 +14,7 @@
   type: ClusterIP
   ports:
     - port: 80
-      targetPort: http
+      targetPort: https
       protocol: TCP
       name: http
   selector:
Self-review checklist
  • Self-reviewed the changes for clarity and maintainability
    (variable names, code reuse, readability, etc.).

Communicate decisions, questions, and potential concerns.

  • Explains differences from previous plans (e.g., issue description).
  • Highlights technical choices and bugs encountered.
  • Calls out remaining decisions and concerns.
  • Automated tests verify logic where appropriate.

Individual commits are ready for review (see commit discipline).

  • Each commit is a coherent idea.
  • Commit message(s) explain reasoning and motivation for changes.

Completed manual review and testing of the following:

  • Visual appearance of the changes.
  • Responsiveness and internationalization.
  • Strings and tooltips.
  • End-to-end functionality of buttons, interactions and flows.
  • Corner cases, error conditions, and easily imagined bugs.

Hope this helps, ciao and thank you!

@aogier aogier force-pushed the feature/expose-https branch from b2596d3 to 856fe14 Compare December 28, 2024 14:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@aogier