feature: add optional grpcweb filter to ingress

2025-05-16 11:51:12 +00:00 · 2025-05-16 11:51:12 +00:00 · 17e9720c42
commit 17e9720c42
parent b05a4937bd
5 changed files with 42 additions and 2 deletions
--- a/charts/kubezero-istio-gateway/templates/envoyfilter-grpcweb.yaml
+++ b/charts/kubezero-istio-gateway/templates/envoyfilter-grpcweb.yaml
@ -0,0 +1,30 @@
+{{- if .Values.httpFilter.grpcWeb }}
+# Inserts the grpcWeb filter into the http_connection mangager chain before the CORS filter
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: {{ include "gatewayName" . | trimPrefix "istio-" }}-grpcweb
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{ include "kubezero-lib.labels" . | nindent 4 }}
+spec:
+  workloadSelector:
+    labels:
+      {{- include "gatewaySelectorLabels" . | nindent 6 }}
+  configPatches:
+  - applyTo: HTTP_FILTER
+    match:
+      context: GATEWAY
+      listener:
+        filterChain:
+          filter:
+            name: envoy.filters.network.http_connection_manager
+            subFilter:
+              name: envoy.filters.http.cors
+    patch:
+      operation: INSERT_BEFORE
+      value:
+        name: envoy.filters.http.grpc_web
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb
+{{- end }}
--- a/charts/kubezero-istio-gateway/values.yaml
+++ b/charts/kubezero-istio-gateway/values.yaml
@ -44,3 +44,6 @@ hardening:
  rejectUnderscoresHeaders: true
  unescapeSlashes: true
  preserveExternalRequestId: false
+
+httpFilter:
+  grpcWeb: false
--- a/charts/kubezero/templates/_app.tpl
+++ b/charts/kubezero/templates/_app.tpl
@ -25,8 +25,7 @@ spec:
    repoURL: {{ default "https://cdn.zero-downtime.net/charts" (index .Values $name "repository") }}
    targetRevision: {{ default "HEAD" ( index .Values $name "targetRevision" ) | quote }}
    helm:
-      # add with 1.32
-      #skipTests: true
+      skipTests: true
      valuesObject:
        {{- include (print $name "-values") $ | nindent 8 }}

--- a/charts/kubezero/templates/istio-ingress.yaml
+++ b/charts/kubezero/templates/istio-ingress.yaml
@ -98,6 +98,10 @@ proxyProtocol: {{ default true (index .Values "istio-ingress" "proxyProtocol") }
 hardening:
  {{- toYaml . | nindent 2 }}
 {{- end }}
+{{- with (index .Values "istio-ingress" "httpFilter") }}
+httpFilter:
+  {{- toYaml . | nindent 2 }}
+{{- end }}

 {{- end }}

--- a/charts/kubezero/templates/istio-private-ingress.yaml
+++ b/charts/kubezero/templates/istio-private-ingress.yaml
@ -93,6 +93,10 @@ proxyProtocol: {{ default true (index .Values "istio-private-ingress" "proxyProt
 hardening:
  {{- toYaml . | nindent 2 }}
 {{- end }}
+{{- with (index .Values "istio-private-ingress" "httpFilter") }}
+httpFilter:
+  {{- toYaml . | nindent 2 }}
+{{- end }}

 {{- end }}