From 25b72ee49aac58ac0ad1423eb7859ee9701330f8 Mon Sep 17 00:00:00 2001
From: Francesco Ilario <filario@redhat.com>
Date: Thu, 16 Jan 2025 19:37:25 +0100
Subject: [PATCH] fix nginx.conf

Signed-off-by: Francesco Ilario <filario@redhat.com>
---
 .../konflux-ui/staging/base/proxy/nginx.conf  | 44 +++++++++++++++----
 1 file changed, 35 insertions(+), 9 deletions(-)

diff --git a/components/konflux-ui/staging/base/proxy/nginx.conf b/components/konflux-ui/staging/base/proxy/nginx.conf
index 1f705db0fcf..c123b3fe0d7 100644
--- a/components/konflux-ui/staging/base/proxy/nginx.conf
+++ b/components/konflux-ui/staging/base/proxy/nginx.conf
@@ -35,6 +35,11 @@ http {
         '' close;
     }
 
+    map $request_method $is_get_request {
+      default 0;
+      GET     1;
+    }
+
     server {
         listen 9443 ssl;
         ssl_certificate /mnt/tls.crt;
@@ -161,23 +166,44 @@ http {
             include /mnt/nginx-generated-config/bearer.conf;
         }
 
+        # GET requests to the following endpoints are handled from the namespace-lister.
+        # * /api/k8s/api/v1/namespace
+        # * /api/k8s/api/v1/namespace/
+        #
+        # Requests with other methods are handled by the Kube-API
         location ~* /api/k8s/api/v1/namespaces(/?)$ {
             # authenticate request
             auth_request_set $email  $upstream_http_x_auth_request_email;
             auth_request /oauth2/auth;
-
-            # Impersonate requesting user
-            proxy_set_header X-Email $email;
-
-            # namespace-lister endpoint
+            
+            # common
             rewrite ^/api/k8s/(.*)/$ /$1 break;
             proxy_read_timeout 30m;
+            proxy_set_header X-Email $email;
 
-            map $request_method $target_service_url {
-              default https://kubernetes.default.svc;
-              GET     http://namespace-lister.namespace-lister.svc.cluster.local:8080;
+            # namespace-lister
+            if ($is_get_request) {
+              proxy_pass http://namespace-lister.namespace-lister.svc.cluster.local:8080;
+              break;
             }
-            proxy_pass $target_service_url
+              
+            # Kube-API
+            proxy_pass https://kubernetes.default.svc;
+            proxy_set_header Impersonate-User $email;
+            include /mnt/nginx-generated-config/bearer.conf;
+        }
+
+        # All namespaced requests are forwarded to Kube-API
+        location /api/k8s/api/v1/namespaces/ {
+          # Kube-API
+          auth_request_set $email  $upstream_http_x_auth_request_email;
+          auth_request /oauth2/auth;
+
+          rewrite /api/k8s/(.+) /$1 break;
+          proxy_pass https://kubernetes.default.svc;
+          proxy_read_timeout 30m;
+          proxy_set_header Impersonate-User $email;
+          include /mnt/nginx-generated-config/bearer.conf;
         }
 
         location /health {