Moved nginx config to Helm Chart rather than nginx.conf in the image

onos-gui/files/certs/onos-gui.crt

@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEJzCCAw+gAwIBAgIUSsEbOxcejWXxuZlGYOQX6HZux1IwDQYJKoZIhvcNAQEL
+BQAwcjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRIwEAYDVQQHDAlNZW5sb1Bh
+cmsxDDAKBgNVBAoMA09ORjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHjAcBgNVBAMM
+FWNhLm9wZW5uZXR3b3JraW5nLm9yZzAeFw0xOTA3MjExMzU3MzJaFw0yOTA3MTgx
+MzU3MzJaMGUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJTWVu
+bG9QYXJrMQwwCgYDVQQKDANPTkYxFDASBgNVBAsMC0VuZ2luZWVyaW5nMREwDwYD
+VQQDDAhvbm9zLWd1aTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK8D
+gVeotXoZ0oFvBLAkA+OXLGRpy/NK1Jn+4Z58l4t99IF1FsRLYX7649zZxZ4s/+gR
+qS2Il5qc9mmbUZIVWU6LNsabG29KISLPJdR+7/bgv4wkmnRa1flel5OJoA/wEqQW
+LfTfIJatu5tK3J4Bzvj6fW4vRydy/87o+3fCua3x8m/ETqALbu1vJ2Vv2/Yul27a
+4kzusJb0iu78tfn+NPUe/Z2ZmRj5kOa5oX4YvYLFYq7BemrDu18mcxPwum7qNjJ9
+E4NjGTUKhs5HMl7E+CeapaRhJRWhyoNyzdpFA/TFCXDvQdSTX0wN7DZQgGZBpxEX
+aFTG0c0BZ7yMurYqDO0CAwEAAaOBwTCBvjCBjgYDVR0jBIGGMIGDoXakdDByMQsw
+CQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCU1lbmxvUGFyazEMMAoG
+A1UECgwDT05GMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEeMBwGA1UEAwwVY2Eub3Bl
+bm5ldHdvcmtpbmcub3JnggkA3vfX0jfasUkwCQYDVR0TBAIwADALBgNVHQ8EBAMC
+BPAwEwYDVR0RBAwwCoIIb25vcy1ndWkwDQYJKoZIhvcNAQELBQADggEBAFa/ug+x
+Mrq3g0p3sHTNR82FjjQKPHW4E0h5kGALvQqtwNOyClls9Ik4wYIZNKyHDXOcWP4I
+NOgBho8WHh39bixjz0dka96H88u3WptqBKAySk1UGaSmqHVNxGSTtCpwV17QMh0f
++KsnbxVulcQZeOTbgpFoAuCB9S+u4N5F8j40FkjUbIj3rLN76eidinUMYHfeaZ+K
+uP8kU+EwPvh70RuX3fOSPUPNdMV1VjtAnPrvQPuqi3K/9FPEtr+YCuXSTk0+Qpcn
+25wdQKAz7ppglbfWYjowtGWU8POx+wuXHyFTvrRrCy+JYnM8DUlPKP1/oDKneoy0
+3h4nV209NiJ4c/A=
+-----END CERTIFICATE-----

onos-gui/files/certs/onos-gui.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCvA4FXqLV6GdKB
+bwSwJAPjlyxkacvzStSZ/uGefJeLffSBdRbES2F++uPc2cWeLP/oEaktiJeanPZp
+m1GSFVlOizbGmxtvSiEizyXUfu/24L+MJJp0WtX5XpeTiaAP8BKkFi303yCWrbub
+StyeAc74+n1uL0cncv/O6Pt3wrmt8fJvxE6gC27tbydlb9v2Lpdu2uJM7rCW9Iru
+/LX5/jT1Hv2dmZkY+ZDmuaF+GL2CxWKuwXpqw7tfJnMT8Lpu6jYyfRODYxk1CobO
+RzJexPgnmqWkYSUVocqDcs3aRQP0xQlw70HUk19MDew2UIBmQacRF2hUxtHNAWe8
+jLq2KgztAgMBAAECggEBAJQ117cwfF8mtwo9xi6UkWaPg1yV683hNSIko1TgFkZf
+KEzpp5ocbDhop8dD9QL7AMy7CBYzco/RFSxiCDY6NiM56e1PNXCNynn8CwFlbjoY
+Ip6/8L1Qn5xK6vpatl5I5MBouAqDWsm/3vyn7SUySuC24LoK96sEzHWhADRvh2cx
+8xZVdhYH6zBQp/+KErrK0BLcVpMfV/yJk2y0mrXafpdymndfz7TBOXCyKQ0cXFne
+14zLw23TlKp6JDSHw3QEaSgVQPmu+BdYfX2SMT3MLt6Im7z3aOG8y3whkt96yL56
+I7LBQ/KROfJGL8i8zK3KZNi7IwftKv+x0UU5OdbaA4ECgYEA3+lAJO6en+6lTYMg
+hYG7dzjaeW/3XfDIwKvi/5Xv3eA4HOzZ8GhxHssXV9f1VTGMK10vPBPEQBmvioDf
+qvMgP76qm85TK86CFqGayZ5ShIyNblOeMUnFanW6y7MylIu9Dmw94CS4tkL4zENG
+BpKzoXAMFc9996mQBK9/YxatVKkCgYEAyBhT4Efz+JAkT+3Zr+rIph3ZGoGu0RJ3
+zl20su3kzl+QuUVpcbkbsEupjJJ2r6LtAllcSxmnoJ+/f6ckEISNsrfy0ycRW7k5
+pqF3Xp9b3XrzQ6bMxyQVSgm1zIfftsCaJ0bexpMjy6acokUWXrE5Buy1qHLev58F
+MGP17tewHKUCgYBZILimutErakwkcYi1e/GKQHg+lIILw7e1cfY2tJE5aXIMmX8b
+AgfdMQxGrDD8y283J62QpXGd7luAr1HY81Qn65Zv1I4oxtfjeEpr7Ph9yJDXlLNI
+fUv214wWX2tH0+PaZN2wZg2ch0YP0MuD/EtCfJ5i5CgJOFaadt0nLTSrmQKBgQCa
+c0TTG1czpzeQRt1AT+8/YkzBjBZ/pUy7C1O+xahWsCeLCwwgTy0TQOQH8MoSOqXN
+qWJ3Sb89WfG8PCy3X0ntCNYzrLVWYrwgZgQ5ErMbW5tIvgjVMoIIW0RsMvk5HKQg
+6zBsgQkhWmMPUlq5Dv0g3jg+ZSSRLtMXjiE4kl6LTQKBgB9DTdNba8HXgavWOAjm
+M37pa+1CqsohKEyHNBPBJUUyvK6XxzsooX6x9X2PvwsJJ+MaMTv6vnH+SVm6ZJ8u
+K6iBd3bjQx0G7QXhGT75MSFSOeiMHtbFwh++C7O7s+A3XT8yUwnyG9STH6YhCoDf
+jFvx0Laxe0FBnNj4lIzaDFhf
+-----END PRIVATE KEY-----

onos-gui/templates/configmap.yaml

@@ -12,3 +12,8 @@ data:
 {{ $valueWithDefault := default "" $value -}}
 {{ tpl $valueWithDefault $ | indent 4 }}
 {{- end -}}
+{{- range $key, $value := .Values.Nginx.templates }}
+  {{ $key }}: |-
+{{ $valueWithDefault := default "" $value -}}
+{{ tpl $valueWithDefault $ | indent 4 }}
+{{- end -}}

onos-gui/templates/deployment.yaml

@@ -53,6 +53,12 @@ spec:
             tcpSocket:
               port: web
             initialDelaySeconds: 30
+          volumeMounts:
+            - name: config
+              mountPath: /etc/nginx/conf.d
+            - name: secret
+              mountPath: /usr/share/certs
+              readOnly: true
         - name: onos-envoy
           image: "{{ .Values.Envoy.image.repository }}:{{ .Values.Envoy.image.tag }}"
           imagePullPolicy: {{ .Values.Envoy.image.pullPolicy }}

onos-gui/templates/secret.yaml

@@ -8,7 +8,7 @@ metadata:
      heritage: "{{ .Release.Service }}"
 data:
   {{ $root := . }}
-  {{ range $path, $bytes := .Files.Glob "files/certs/tls.*" }}
+  {{ range $path, $bytes := .Files.Glob "files/certs/*.*" }}
   {{ base $path }}: '{{ $root.Files.Get $path | b64enc }}'
   {{ end }}
 type: Opaque

onos-gui/values.yaml

@@ -19,7 +19,7 @@ service:
   enabled: true
   ## Service name is user-configurable for maximum service discovery flexibility.
   name: onos-gui
-  type: ClusterIP
+  type: LoadBalancer
 
 ingress:
   enabled: true
@@ -51,9 +51,11 @@ onosservices:
   topo:
     grpc: 5150
     proxy: 8080
+    streamTimeout: 3600
   config:
     grpc: 5150
     proxy: 8081
+    streamTimeout: 3600
 #  control:
 #    grpc: 5150
 #    proxy: 8082
@@ -228,3 +230,33 @@ Envoy:
                 validation_context:
                   trusted_ca: { filename: "/etc/envoy-proxy/certs/tls.cacrt" }
         {{- end }}
+
+Nginx:
+  templates:
+    server-block.conf: |-
+      server {
+          listen 80;
+          ssl_certificate /usr/share/certs/onos-gui.crt;
+          ssl_certificate_key /usr/share/certs/onos-gui.key;
+          location / {
+            root /usr/share/nginx/html;
+          }
+          location ~ \.(html|js|ico|map|css|png|woff|woff2)$ {
+            root /usr/share/nginx/html;
+          }
+          location /rs/nav/uiextensions {
+            root /usr/share/nginx/html;
+          }
+          {{- range $key, $value := .Values.onosservices }}
+          location /onos-{{ $key }}/ {
+              proxy_pass http://localhost:{{ $value.proxy }}/;
+              proxy_http_version 1.1;
+              proxy_set_header Upgrade $http_upgrade;
+              proxy_set_header Connection "Upgrade";
+              proxy_connect_timeout       {{ $value.streamTimeout }};
+              proxy_send_timeout          {{ $value.streamTimeout }};
+              proxy_read_timeout          {{ $value.streamTimeout }};
+              send_timeout                {{ $value.streamTimeout }};
+          }
+          {{ end }}
+      }