Added proxy pod

README.md

@@ -10,6 +10,28 @@ This application provides an interface to the OpenShift V4 Rest API. It can be r
 
 The Swagger UI communicates to OpenShift via REST. 
 
+# Deployment to OpenShift
+
+A [template](https://docs.openshift.com/container-platform/4.13/openshift_images/using-templates.html) is available for a streamlined deployment to OpenShift. Use the following steps to deploy the application:
+
+Login to a cluster and create a new project:
+
+```
+oc create namespace openshift-api-swagger
+oc project openshift-api-swagger
+```
+
+Instantiate the [openshift-api-swagger](openshift-api-swagger-template.yml) template:
+
+```
+oc process -f openshift-api-swagger-template.yml | oc apply -f-
+```
+
+Navigate to _host_ specified in the route that has been created:
+
+```
+oc get routes openshift-api-swagger
+```
 
 # Authentication
 
@@ -44,26 +66,35 @@ At the top of the page, you are presented with two input fields:
 
 Hit the **Explore** to begin traversing the API. Consult the [Swagger Documentation](http://swagger.io/getting-started/)on how to use the Swagger UI. 
 
+# Handling cross-origin (CORS) issue
+
 If the Swagger spec fails to load, you may need to configure OpenShift to support [cross-origin](http://www.w3.org/TR/cors/) requests. Additional steps are found in the OpenShift [documentation](https://docs.openshift.com/container-platform/4.13/security/allowing-javascript-access-api-server.html).
 
-# Deployment to OpenShift
+An alternative is to use a proxy container. See procedure below.
 
-A [template](https://docs.openshift.com/container-platform/4.13/openshift_images/using-templates.html) is available for a streamlined deployment to OpenShift. Use the following steps to deploy the application:
-
-Login to a cluster and create a new project:
+Deploying proxy container:
 
 ```
-oc new-project <project-name>
+oc project openshift-api-swagger
+API_SERVER=$(oc whoami --show-server | cut -d/ -f3 | cut -d: -f1)
+APP_ROUTE=$(oc get route openshift-api-swagger -o jsonpath='{.spec.host}')
+oc process -f swagger-proxy-template.yml \
+-p NAMESPACE=openshift-api-swagger \
+-p API_SERVER_HOST=$API_SERVER \
+-p APP_ROUTE_HOST=$APP_ROUTE \
+| oc apply -f-
 ```
 
-Instantiate the [openshift-api-swagger](openshift-api-swagger-template.yml) template:
+Testing proxy pod:
 
 ```
-oc process -f openshift-api-swagger-template.yml | oc apply -f-
+TOKEN=$(oc whoami -t)
+curl -k --header "Authorization: Bearer $TOKEN" https://$APP_ROUTE/proxy/openapi/v2
+curl -k --header "Authorization: Bearer $TOKEN" https://$APP_ROUTE/api/v1/namespaces/
 ```
 
-Navigate to _host_ specified in the route that has been created:
-
+On the UI use the following url and token:
 ```
-oc get routes openshift-api-swagger
+echo "https://$APP_ROUTE/proxy/openapi/v2"
+echo $TOKEN
 ```

openshift-api-swagger-template.yml

@@ -35,7 +35,7 @@ objects:
       sourceStrategy:
         from:
           kind: ImageStreamTag
-          name: httpd:2.4
+          name: httpd:latest
           namespace: ${IMAGE_STREAM_NAMESPACE}
       type: Source
     triggers:

swagger-proxy-template.yml

@@ -0,0 +1,156 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+  annotations:
+    description: OpenShift Swagger UI Proxy
+    iconClass: icon-load-balancer
+    tags: api,swagger
+  name: openshift-api-swagger-proxy
+objects:
+- kind: ConfigMap
+  apiVersion: v1
+  metadata:
+    name: haproxy-config
+    namespace: ${NAMESPACE}
+  data:
+    haproxy.cfg: |
+      global
+        daemon
+        maxconn 256
+
+      defaults
+        mode http
+        timeout connect 5s
+        timeout client  50s
+        timeout server  50s
+
+      frontend http-in
+        bind *:8080
+
+        acl is_openapi path_beg /proxy/openapi
+        acl is_k8s_api path_beg /api/
+
+        use_backend openapi_backend if is_openapi
+        use_backend api_backend if is_k8s_api
+
+        default_backend fallback_backend
+
+      backend openapi_backend
+        http-request set-path /openapi/v2
+        server ocp-api ${API_SERVER_HOST}:6443 ssl verify none
+
+      backend api_backend
+        server ocp-api ${API_SERVER_HOST}:6443 ssl verify none
+
+      backend fallback_backend
+        http-request deny
+- kind: Deployment
+  apiVersion: apps/v1
+  metadata:
+    name: proxy
+    namespace: ${NAMESPACE}
+  spec:
+    replicas: 1
+    selector:
+      matchLabels:
+        app: proxy
+    template:
+      metadata:
+        creationTimestamp: null
+        labels:
+          app: proxy
+      spec:
+        volumes:
+          - name: config-volume
+            configMap:
+              name: haproxy-config
+              defaultMode: 420
+        containers:
+          - resources: {}
+            terminationMessagePath: /dev/termination-log
+            name: haproxy
+            command:
+              - /usr/sbin/haproxy
+              - '-f'
+              - /etc/haproxy/haproxy.cfg
+              - '-db'
+            ports:
+              - containerPort: 8080
+                protocol: TCP
+            imagePullPolicy: Always
+            volumeMounts:
+              - name: config-volume
+                mountPath: /etc/haproxy/
+            terminationMessagePolicy: File
+            image: registry.connect.redhat.com/haproxytech/haproxy
+        restartPolicy: Always
+        terminationGracePeriodSeconds: 30
+        dnsPolicy: ClusterFirst
+        securityContext: {}
+        schedulerName: default-scheduler
+    strategy:
+      type: RollingUpdate
+      rollingUpdate:
+        maxUnavailable: 25%
+        maxSurge: 25%
+    revisionHistoryLimit: 10
+    progressDeadlineSeconds: 600
+- kind: Service
+  apiVersion: v1
+  metadata:
+    name: proxy
+    namespace: ${NAMESPACE}
+  spec:
+    ports:
+      - protocol: TCP
+        port: 8080
+        targetPort: 8080
+    type: ClusterIP
+    selector:
+      app: proxy
+- kind: Route
+  apiVersion: route.openshift.io/v1
+  metadata:
+    name: api-proxy
+    namespace: ${NAMESPACE}
+  spec:
+    host: ${APP_ROUTE_HOST}
+    path: /api
+    to:
+      kind: Service
+      name: proxy
+      weight: 100
+    port:
+      targetPort: 8080
+    tls:
+      termination: edge
+      insecureEdgeTerminationPolicy: Redirect
+    wildcardPolicy: None
+- kind: Route
+  apiVersion: route.openshift.io/v1
+  metadata:
+    name: openapi-proxy
+    namespace: ${NAMESPACE}
+  spec:
+    host: ${APP_ROUTE_HOST}
+    path: /proxy/openapi
+    to:
+      kind: Service
+      name: proxy
+      weight: 100
+    port:
+      targetPort: 8080
+    tls:
+      termination: edge
+      insecureEdgeTerminationPolicy: Redirect
+    wildcardPolicy: None
+parameters:
+- name: NAMESPACE
+  description: Namespace Swagger is deployed
+  required: true
+- name: API_SERVER_HOST
+  description: The OpenShift API hostname (e.g., api.example.com)
+  required: true
+- name: APP_ROUTE_HOST
+  description: The public host for the Swagger UI (e.g., openshift-api-swagger-openshift-api-swagger.apps.example.com)
+  required: true