Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use nginx to route requests from port 8003 to connector builder #19264

Closed
wants to merge 13 commits into from
Closed

Use nginx to route requests from port 8003 to connector builder #19264

wants to merge 13 commits into from

Conversation

girarda
Copy link
Contributor

@girarda girarda commented Nov 10, 2022
edited
Loading

What

I misunderstood how to use the proxy to forward requests to the connector-builder-server in my original PR.

This use nginx to route requests sent to localhost:8003 to the connector-builder-server:80.

Everything is still commented out so this PR won't affect production.

How

  • Add a server block listening to port 8003 to the nginx-auth config templates. Requests are forwarded to http://airbyte-connector-builder-server:80
  • Add an env var to the proxy's Dockefile so it knows where the connector-builder-server lives
  • Update the proxy run script to replace the new env var in the nginx templates
  • Update the proxy test script to pass in the new env var
  • Update docker-compose to expose port 80 on the connector-builder-server
  • Update kube/resources/connector-builder-server.yaml to expose port 80 on the connector-builder-server

Recommended reading order

  1. airbyte-proxy/nginx-auth.conf.template
  2. airbyte-proxy/nginx-no-auth.conf.template
  3. airbyte-proxy/Dockerfile
  4. airbyte-proxy/run.sh
  5. airbyte-proxy/test.sh
  6. docker-compose.yaml

🚨 User Impact 🚨

Are there any breaking changes? What is the end result perceived by the user? If yes, please merge this PR with the 🚨🚨 emoji so changelog authors can further highlight this if needed.

Pre-merge Checklist

Expand the relevant checklist and delete the others.

New Connector

Community member or Airbyter

  • Community member? Grant edit access to maintainers (instructions)
  • Secrets in the connector's spec are annotated with airbyte_secret
  • Unit & integration tests added and passing. Community members, please provide proof of success locally e.g: screenshot or copy-paste unit, integration, and acceptance test output. To run acceptance tests for a Python connector, follow instructions in the README. For java connectors run ./gradlew :airbyte-integrations:connectors:<name>:integrationTest.
  • Code reviews completed
  • Documentation updated
    • Connector's README.md
    • Connector's bootstrap.md. See description and examples
    • docs/integrations/<source or destination>/<name>.md including changelog. See changelog example
    • docs/integrations/README.md
    • airbyte-integrations/builds.md
  • PR name follows PR naming conventions

Airbyter

If this is a community PR, the Airbyte engineer reviewing this PR is responsible for the below items.

  • Create a non-forked branch based on this PR and test the below items on it
  • Build is successful
  • If new credentials are required for use in CI, add them to GSM. Instructions.
  • /test connector=connectors/<name> command is passing
  • New Connector version released on Dockerhub by running the /publish command described here
  • After the connector is published, connector added to connector index as described here
  • Seed specs have been re-generated by building the platform and committing the changes to the seed spec files, as described here
Updating a connector

Community member or Airbyter

  • Grant edit access to maintainers (instructions)
  • Secrets in the connector's spec are annotated with airbyte_secret
  • Unit & integration tests added and passing. Community members, please provide proof of success locally e.g: screenshot or copy-paste unit, integration, and acceptance test output. To run acceptance tests for a Python connector, follow instructions in the README. For java connectors run ./gradlew :airbyte-integrations:connectors:<name>:integrationTest.
  • Code reviews completed
  • Documentation updated
    • Connector's README.md
    • Connector's bootstrap.md. See description and examples
    • Changelog updated in docs/integrations/<source or destination>/<name>.md including changelog. See changelog example
  • PR name follows PR naming conventions

Airbyter

If this is a community PR, the Airbyte engineer reviewing this PR is responsible for the below items.

  • Create a non-forked branch based on this PR and test the below items on it
  • Build is successful
  • If new credentials are required for use in CI, add them to GSM. Instructions.
  • /test connector=connectors/<name> command is passing
  • New Connector version released on Dockerhub and connector version bumped by running the /publish command described here
Connector Generator
  • Issue acceptance criteria met
  • PR name follows PR naming conventions
  • If adding a new generator, add it to the list of scaffold modules being tested
  • The generator test modules (all connectors with -scaffold in their name) have been updated with the latest scaffold by running ./gradlew :airbyte-integrations:connector-templates:generator:testScaffoldTemplates then checking in your changes
  • Documentation which references the generator is updated as needed

Tests

Unit

Put your unit tests output here.

Integration

Put your integration tests output here.

Acceptance

Put your acceptance tests output here.

@girarda girarda temporarily deployed to more-secrets November 10, 2022 00:02 Inactive
@girarda girarda temporarily deployed to more-secrets November 10, 2022 00:08 Inactive
@girarda girarda temporarily deployed to more-secrets November 10, 2022 00:27 Inactive
@girarda girarda temporarily deployed to more-secrets November 10, 2022 00:54 Inactive
girarda
girarda commented Nov 10, 2022
View reviewed changes
airbyte-proxy/run.sh
@@ -16,7 +16,7 @@ else
TEMPLATE_PATH="/etc/nginx/templates/nginx-auth.conf.template"
fi

envsubst '${PROXY_PASS_WEB} ${PROXY_PASS_API} ${PROXY_PASS_RESOLVER}' < $TEMPLATE_PATH > /etc/nginx/nginx.conf
envsubst '${PROXY_PASS_WEB} ${PROXY_PASS_API} ${CONNECTOR_BUILDER_SERVER_API} ${PROXY_PASS_RESOLVER}' < $TEMPLATE_PATH > /etc/nginx/nginx.conf
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

search and replace the patterns with the value of the corresponding bash variable
https://www.baeldung.com/linux/envsubst-command#:~:text=The%20envsubst%20command%20searches%20the,envsubst%20recognizes%20only%20exported%20variables.

girarda
girarda commented Nov 10, 2022
View reviewed changes
airbyte-proxy/Dockerfile
@@ -12,6 +12,7 @@ RUN apt-get update -y && apt-get install -y apache2-utils && rm -rf /var/lib/apt
# This variable can be used to update the destintion containers that Nginx proxies to.
ENV PROXY_PASS_WEB "http://airbyte-webapp:80"
ENV PROXY_PASS_API "http://airbyte-server:8001"
ENV CONNECTOR_BUILDER_SERVER_API "http://airbyte-connector-builder-server:80"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

requests will come on port 8003, but will be forwarded to the port 80 on the connector-builder-server

@girarda girarda temporarily deployed to more-secrets November 10, 2022 01:05 Inactive
girarda
girarda commented Nov 10, 2022
View reviewed changes
docker-compose.yaml Outdated
container_name: airbyte-connector-builder-server
restart: unless-stopped
ports:
- 80
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

expose port 80 because the server runs on port 80

girarda
girarda commented Nov 10, 2022
View reviewed changes
docker-compose.yaml Outdated
airbyte-proxy:
image: airbyte/proxy:${VERSION}
container_name: airbyte-proxy
ports:
- 8000:8000
- 8001:8001
#- 8003:8003 FIXME: Uncomment this when enabling airbyte-connector-builder
- 8003:8003 # FIXME: Uncomment this when enabling airbyte-connector-builder
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

forward the proxy's port 8003 to localhost:8003

girarda
girarda commented Nov 10, 2022
View reviewed changes
airbyte-proxy/nginx-no-auth.conf.template Outdated
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass "${CONNECTOR_BUILDER_SERVER_API}";
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

forward to "http://airbyte-connector-builder-server:80" as defined in https://github.com/airbytehq/airbyte/pull/19264/files#diff-8a4136717271f90d70120fef7bb8904d26f3fbcfe7520dbd39fa0b8723d8548eR15

@girarda girarda temporarily deployed to more-secrets November 10, 2022 01:28 Inactive
@girarda girarda changed the title add 8003 to nginx for connector builder server Use nginx to route requests from port 8003 to connector builder Nov 10, 2022
girarda
girarda commented Nov 10, 2022
View reviewed changes
docker-compose.yaml
#container_name: airbyte-connector-builder-server
#restart: unless-stopped
#ports:
# - 80
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

expose port 80 because the server runs on port 80

girarda
girarda commented Nov 10, 2022
View reviewed changes
docker-compose.yaml
airbyte-proxy:
image: airbyte/proxy:${VERSION}
container_name: airbyte-proxy
ports:
- 8000:8000
- 8001:8001
#- 8003:8003 FIXME: Uncomment this when enabling airbyte-connector-builder
#- 8003:8003 # FIXME: Uncomment this when enabling airbyte-connector-builder
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

forward the proxy's port 8003 to localhost:8003

girarda
girarda commented Nov 10, 2022
View reviewed changes
airbyte-proxy/nginx-auth.conf.template
# auth_basic "Welcome to Airbyte";
# auth_basic_user_file /etc/nginx/.htpasswd;

# proxy_pass "${CONNECTOR_BUILDER_SERVER_API}";
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

forward to "http://airbyte-connector-builder-server:80" as defined in https://github.com/airbytehq/airbyte/pull/19264/files#diff-8a4136717271f90d70120fef7bb8904d26f3fbcfe7520dbd39fa0b8723d8548eR15

@girarda girarda temporarily deployed to more-secrets November 10, 2022 02:02 Inactive
@github-actions github-actions bot added area/platform issues related to the platform kubernetes labels Nov 10, 2022
@girarda girarda force-pushed the alex/update_nginx_template branch from 84b6ac1 to 2e5c014 Compare November 10, 2022 02:13
girarda
girarda commented Nov 10, 2022
View reviewed changes
kube/resources/connector-builder-server.yaml
@@ -1,3 +1,15 @@
apiVersion: v1
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this file is not imported in the kube deploys (https://github.com/airbytehq/airbyte/blob/master/kube/resources/kustomization.yaml#L7)

@girarda girarda temporarily deployed to more-secrets November 10, 2022 02:15 Inactive
@girarda girarda temporarily deployed to more-secrets November 10, 2022 02:26 Inactive
@girarda girarda temporarily deployed to more-secrets November 10, 2022 02:48 Inactive
@girarda girarda requested a review from davinchia November 10, 2022 03:42
@girarda girarda marked this pull request as ready for review November 10, 2022 03:42
lmossman
lmossman approved these changes Nov 10, 2022
View reviewed changes
Copy link
Contributor

@lmossman lmossman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One small question but otherwise these changes LGTM!

airbyte-proxy/test.sh
@@ -11,7 +11,7 @@ VERSION="${VERSION:-dev}" # defaults to "dev", otherwise it is set by environmen
echo "testing with proxy container airbyte/proxy:$VERSION"

function start_container () {
CMD="docker run -d -p $PORT:8000 --env BASIC_AUTH_USERNAME=$1 --env BASIC_AUTH_PASSWORD=$2 --env PROXY_PASS_WEB=http://localhost --env PROXY_PASS_API=http://localhost --name $NAME airbyte/proxy:$VERSION"
CMD="docker run -d -p $PORT:8000 --env BASIC_AUTH_USERNAME=$1 --env BASIC_AUTH_PASSWORD=$2 --env PROXY_PASS_WEB=http://localhost --env PROXY_PASS_API=http://localhost --env CONNECTOR_BUILDER_SERVER_API=http://localhost --name $NAME airbyte/proxy:$VERSION"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just curious, why are these just http://localhost instead of http://localhost:PORT?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this test is not spinning up the whole platform to test the routing. It's only testing that unauthenticated requests fail with a 401 error and that authenticated do not result in a 401 error

@girarda girarda closed this Jul 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brianjlai brianjlai brianjlai approved these changes

@lmossman lmossman lmossman approved these changes

@davinchia davinchia Awaiting requested review from davinchia

Assignees
No one assigned
Labels
area/platform issues related to the platform kubernetes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@girarda @lmossman @brianjlai