fix nginx.conf

Signed-off-by: Francesco Ilario <filario@redhat.com>
redhat-appstudio · Jan 20, 2025 · 25b72ee · 25b72ee
1 parent e88b16f
commit 25b72ee
Showing 1 changed file with 35 additions and 9 deletions.
diff --git a/components/konflux-ui/staging/base/proxy/nginx.conf b/components/konflux-ui/staging/base/proxy/nginx.conf
@@ -35,6 +35,11 @@ http {
         '' close;
     }
 
+    map $request_method $is_get_request {
+      default 0;
+      GET     1;
+    }
+
     server {
         listen 9443 ssl;
         ssl_certificate /mnt/tls.crt;
@@ -161,23 +166,44 @@ http {
             include /mnt/nginx-generated-config/bearer.conf;
         }
 
+        # GET requests to the following endpoints are handled from the namespace-lister.
+        # * /api/k8s/api/v1/namespace
+        # * /api/k8s/api/v1/namespace/
+        #
+        # Requests with other methods are handled by the Kube-API
         location ~* /api/k8s/api/v1/namespaces(/?)$ {
             # authenticate request
             auth_request_set $email  $upstream_http_x_auth_request_email;
             auth_request /oauth2/auth;
-
-            # Impersonate requesting user
-            proxy_set_header X-Email $email;
-
-            # namespace-lister endpoint
+
+            # common
             rewrite ^/api/k8s/(.*)/$ /$1 break;
             proxy_read_timeout 30m;
+            proxy_set_header X-Email $email;
 
-            map $request_method $target_service_url {
-              default https://kubernetes.default.svc;
-              GET     http://namespace-lister.namespace-lister.svc.cluster.local:8080;
+            # namespace-lister
+            if ($is_get_request) {
+              proxy_pass http://namespace-lister.namespace-lister.svc.cluster.local:8080;
+              break;
             }
-            proxy_pass $target_service_url
+
+            # Kube-API
+            proxy_pass https://kubernetes.default.svc;
+            proxy_set_header Impersonate-User $email;
+            include /mnt/nginx-generated-config/bearer.conf;
+        }
+
+        # All namespaced requests are forwarded to Kube-API
+        location /api/k8s/api/v1/namespaces/ {
+          # Kube-API
+          auth_request_set $email  $upstream_http_x_auth_request_email;
+          auth_request /oauth2/auth;
+
+          rewrite /api/k8s/(.+) /$1 break;
+          proxy_pass https://kubernetes.default.svc;
+          proxy_read_timeout 30m;
+          proxy_set_header Impersonate-User $email;
+          include /mnt/nginx-generated-config/bearer.conf;
         }
 
         location /health {