fix(beads-server): fix Workbench GraphQL URL for remote hosting
Dolt Workbench hardcodes http://localhost:9002/graphql in the built JS. For k8s hosting, init container patches this to relative /graphql path. Second ingress routes /graphql to port 9002 behind Authentik auth. - Init container copies static JS to writable emptyDir, patches URL - Pre-seeds store.json with Dolt connection config - Added /graphql ingress with Authentik forward-auth Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
375a3d91d5
commit
b98890d799
1 changed files with 111 additions and 0 deletions
|
|
@ -178,6 +178,22 @@ resource "kubernetes_service" "dolt" {
|
||||||
|
|
||||||
# ── Dolt Workbench (web UI) ──
|
# ── Dolt Workbench (web UI) ──
|
||||||
|
|
||||||
|
resource "kubernetes_config_map" "workbench_store" {
|
||||||
|
metadata {
|
||||||
|
name = "workbench-store"
|
||||||
|
namespace = kubernetes_namespace.beads.metadata[0].name
|
||||||
|
}
|
||||||
|
data = {
|
||||||
|
"store.json" = jsonencode([{
|
||||||
|
name = "beads"
|
||||||
|
connectionUrl = "mysql://beads@dolt.beads-server.svc.cluster.local:3306/code"
|
||||||
|
hideDoltFeatures = false
|
||||||
|
useSSL = false
|
||||||
|
type = "mysql"
|
||||||
|
}])
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
resource "kubernetes_deployment" "workbench" {
|
resource "kubernetes_deployment" "workbench" {
|
||||||
metadata {
|
metadata {
|
||||||
name = "dolt-workbench"
|
name = "dolt-workbench"
|
||||||
|
|
@ -201,6 +217,35 @@ resource "kubernetes_deployment" "workbench" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
spec {
|
spec {
|
||||||
|
init_container {
|
||||||
|
name = "seed-config"
|
||||||
|
image = "dolthub/dolt-workbench:latest"
|
||||||
|
command = ["sh", "-c", <<-EOT
|
||||||
|
# Seed connection store
|
||||||
|
cp /config/store.json /store/store.json
|
||||||
|
# Copy static JS to writable volume and patch GraphQL URL
|
||||||
|
cp -r /app/web/.next/static/* /static/
|
||||||
|
for f in /static/chunks/pages/_app-*.js; do
|
||||||
|
sed -i 's|http://localhost:9002/graphql|/graphql|g' "$f"
|
||||||
|
done
|
||||||
|
echo "Patched GraphQL URL to /graphql"
|
||||||
|
EOT
|
||||||
|
]
|
||||||
|
volume_mount {
|
||||||
|
name = "store-config"
|
||||||
|
mount_path = "/config"
|
||||||
|
read_only = true
|
||||||
|
}
|
||||||
|
volume_mount {
|
||||||
|
name = "store"
|
||||||
|
mount_path = "/store"
|
||||||
|
}
|
||||||
|
volume_mount {
|
||||||
|
name = "static-patched"
|
||||||
|
mount_path = "/static"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
container {
|
container {
|
||||||
name = "workbench"
|
name = "workbench"
|
||||||
image = "dolthub/dolt-workbench:latest"
|
image = "dolthub/dolt-workbench:latest"
|
||||||
|
|
@ -214,6 +259,15 @@ resource "kubernetes_deployment" "workbench" {
|
||||||
container_port = 9002
|
container_port = 9002
|
||||||
}
|
}
|
||||||
|
|
||||||
|
volume_mount {
|
||||||
|
name = "store"
|
||||||
|
mount_path = "/app/store"
|
||||||
|
}
|
||||||
|
volume_mount {
|
||||||
|
name = "static-patched"
|
||||||
|
mount_path = "/app/web/.next/static"
|
||||||
|
}
|
||||||
|
|
||||||
startup_probe {
|
startup_probe {
|
||||||
http_get {
|
http_get {
|
||||||
path = "/"
|
path = "/"
|
||||||
|
|
@ -249,6 +303,21 @@ resource "kubernetes_deployment" "workbench" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
volume {
|
||||||
|
name = "store-config"
|
||||||
|
config_map {
|
||||||
|
name = kubernetes_config_map.workbench_store.metadata[0].name
|
||||||
|
}
|
||||||
|
}
|
||||||
|
volume {
|
||||||
|
name = "store"
|
||||||
|
empty_dir {}
|
||||||
|
}
|
||||||
|
volume {
|
||||||
|
name = "static-patched"
|
||||||
|
empty_dir {}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -276,6 +345,11 @@ resource "kubernetes_service" "workbench" {
|
||||||
port = 80
|
port = 80
|
||||||
target_port = 3000
|
target_port = 3000
|
||||||
}
|
}
|
||||||
|
port {
|
||||||
|
name = "graphql"
|
||||||
|
port = 9002
|
||||||
|
target_port = 9002
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -300,3 +374,40 @@ module "ingress" {
|
||||||
"gethomepage.dev/pod-selector" = ""
|
"gethomepage.dev/pod-selector" = ""
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# GraphQL API ingress — the frontend JS hardcodes localhost:9002/graphql,
|
||||||
|
# but we rewrite the browser request to hit the same hostname on /graphql
|
||||||
|
# routed to port 9002.
|
||||||
|
resource "kubernetes_ingress_v1" "graphql" {
|
||||||
|
metadata {
|
||||||
|
name = "dolt-workbench-graphql"
|
||||||
|
namespace = kubernetes_namespace.beads.metadata[0].name
|
||||||
|
annotations = {
|
||||||
|
"traefik.ingress.kubernetes.io/router.middlewares" = "traefik-authentik-forward-auth@kubernetescrd"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
spec {
|
||||||
|
ingress_class_name = "traefik"
|
||||||
|
tls {
|
||||||
|
hosts = ["dolt-workbench.viktorbarzin.me"]
|
||||||
|
secret_name = var.tls_secret_name
|
||||||
|
}
|
||||||
|
rule {
|
||||||
|
host = "dolt-workbench.viktorbarzin.me"
|
||||||
|
http {
|
||||||
|
path {
|
||||||
|
path = "/graphql"
|
||||||
|
path_type = "Exact"
|
||||||
|
backend {
|
||||||
|
service {
|
||||||
|
name = kubernetes_service.workbench.metadata[0].name
|
||||||
|
port {
|
||||||
|
number = 9002
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue