feat(chrome): adding new option to enable chrome headless to run pdf exports

gsautner · gsautner · commit fb177bf40746 · 2026-04-07T15:51:27.000-03:00
diff --git a/charts/xwiki/templates/_helpers.tpl b/charts/xwiki/templates/_helpers.tpl
@@ -21,6 +21,26 @@ Create a default fully qualified app name for Remote Chrome.
 {{- printf "%s-%s" (include "xwiki.fullname" .) "chrome" | trunc 63 | trimSuffix "-" -}}
 {{- end }}
 
+{{/*
+Chrome Common labels
+*/}}
+{{- define "chrome.labels" -}}
+helm.sh/chart: {{ include "common.names.chart" . }}
+{{ include "chrome.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Chrome Selector labels
+*/}}
+{{- define "chrome.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "common.names.name" . }}-chrome
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
 {{- define "solr.fullname" -}}
 {{- printf "%s-solr" (include "common.names.fullname" .) }}
 {{- end }}
diff --git a/charts/xwiki/templates/chrome-deployment.yaml b/charts/xwiki/templates/chrome-deployment.yaml
@@ -4,21 +4,18 @@ kind: Deployment
 metadata:
   name: {{ include "chrome.fullname" . }}
   labels:
-    {{- include "xwiki.labels" . | nindent 4 }}
-    app.kubernetes.io/component: chrome
+    {{- include "chrome.labels" . | nindent 4 }}
 spec:
   {{- if not .Values.chrome.autoscaling.enabled }}
   replicas: {{ .Values.chrome.replicaCount }}
   {{- end }}
   selector:
     matchLabels:
-      {{- include "xwiki.selectorLabels" . | nindent 6 }}
-      app.kubernetes.io/component: chrome
+      {{- include "chrome.selectorLabels" . | nindent 6 }}
   template:
     metadata:
       labels:
-        {{- include "xwiki.selectorLabels" . | nindent 8 }}
-        app.kubernetes.io/component: chrome
+        {{- include "chrome.selectorLabels" . | nindent 8 }}
       {{- if .Values.chrome.podAnnotations }}
       annotations:
         {{- toYaml .Values.chrome.podAnnotations | nindent 8 }}
@@ -35,12 +32,26 @@ spec:
           image: {{ include "chrome.imageName" . }}
           imagePullPolicy: {{ .Values.chrome.image.pullPolicy }}
           args:
+            {{- if .Values.chrome.nginx.enabled }}
+            - "--remote-debugging-address=127.0.0.1"
+            - "--remote-debugging-port={{ .Values.chrome.internalPort }}"
+            {{- range .Values.chrome.args }}
+            {{- if not (or (hasPrefix "--remote-debugging-address" .) (hasPrefix "--remote-debugging-port" .)) }}
+            - {{ . | quote }}
+            {{- end }}
+            {{- end }}
+            {{- else }}
             {{- toYaml .Values.chrome.args | nindent 12 }}
             - --remote-debugging-port={{ .Values.chrome.service.port }}
+            {{- end }}
           ports:
+            {{- if .Values.chrome.nginx.enabled }}
+            - name: chrome-internal
+              containerPort: {{ .Values.chrome.internalPort }}
+            {{- else }}
             - name: {{ .Values.chrome.service.portName }}
               containerPort: {{ .Values.chrome.service.port }}
-              protocol: TCP
+            {{- end }}
           volumeMounts:
             - name: tmp-dir
               mountPath: /tmp
@@ -58,6 +69,23 @@ spec:
           resources:
             {{- toYaml .Values.chrome.resources | nindent 12 }}
           {{- end }}
+        {{- if .Values.chrome.nginx.enabled }}
+        - name: nginx
+          image: "{{ .Values.chrome.nginx.image.registry }}/{{ .Values.chrome.nginx.image.repository }}:{{ .Values.chrome.nginx.image.tag }}"
+          imagePullPolicy: {{ .Values.chrome.nginx.image.pullPolicy }}
+          ports:
+            - name: {{ .Values.chrome.service.portName }}
+              containerPort: {{ .Values.chrome.service.port }}
+              protocol: TCP
+          volumeMounts:
+            - name: nginx-config
+              mountPath: /etc/nginx/nginx.conf
+              subPath: nginx.conf
+          {{- if .Values.chrome.nginx.resources }}
+          resources:
+            {{- toYaml .Values.chrome.nginx.resources | nindent 12 }}
+          {{- end }}
+        {{- end }}
       {{- with .Values.chrome.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -77,4 +105,9 @@ spec:
           emptyDir:
             medium: Memory
             sizeLimit: 256Mi
+        {{- if .Values.chrome.nginx.enabled }}
+        - name: nginx-config
+          configMap:
+            name: {{ include "chrome.fullname" . }}-nginx
+        {{- end }}
 {{- end }}
diff --git a/charts/xwiki/templates/chrome-hpa.yaml b/charts/xwiki/templates/chrome-hpa.yaml
@@ -4,8 +4,7 @@ kind: HorizontalPodAutoscaler
 metadata:
   name: {{ include "chrome.fullname" . }}
   labels:
-    {{- include "xwiki.labels" . | nindent 4 }}
-    app.kubernetes.io/component: chrome
+    {{- include "chrome.labels" . | nindent 4 }}
 spec:
   scaleTargetRef:
     apiVersion: apps/v1
diff --git a/charts/xwiki/templates/chrome-ingress.yaml b/charts/xwiki/templates/chrome-ingress.yaml
@@ -0,0 +1,64 @@
+{{- if and .Values.chrome.enabled .Values.chrome.ingress.enabled -}}
+{{- $fullName := include "chrome.fullname" . -}}
+{{- $svcPort := .Values.chrome.service.port -}}
+{{- if and .Values.chrome.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.chrome.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.chrome.ingress.annotations "kubernetes.io/ingress.class" .Values.chrome.ingress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "chrome.labels" . | nindent 4 }}
+  annotations:
+    {{- if .Values.chrome.ingress.annotations }}
+{{ toYaml .Values.chrome.ingress.annotations | indent 4 }}
+    {{- end }}
+    {{- if .Values.commonAnnotations }}
+{{ toYaml .Values.commonAnnotations | indent 4 }}
+    {{- end }}
+spec:
+  {{- if and .Values.chrome.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.chrome.ingress.className }}
+  {{- end }}
+  {{- if .Values.chrome.ingress.tls }}
+  tls:
+    {{- range .Values.chrome.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.chrome.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+            - path: {{ .path }}
+              {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+              pathType: {{ .pathType }}
+              {{- end }}
+              backend:
+                {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+                service:
+                  name: {{ $fullName }}
+                  port:
+                    number: {{ $svcPort }}
+                {{- else }}
+                serviceName: {{ $fullName }}
+                servicePort: {{ $svcPort }}
+                {{- end }}
+          {{- end }}
+    {{- end }}
+{{- end -}}
diff --git a/charts/xwiki/templates/chrome-networkpolicy.yaml b/charts/xwiki/templates/chrome-networkpolicy.yaml
@@ -4,13 +4,11 @@ kind: NetworkPolicy
 metadata:
   name: {{ include "chrome.fullname" . }}
   labels:
-    {{- include "xwiki.labels" . | nindent 4 }}
-    app.kubernetes.io/component: chrome
+    {{- include "chrome.labels" . | nindent 4 }}
 spec:
   podSelector:
     matchLabels:
-      {{- include "xwiki.selectorLabels" . | nindent 6 }}
-      app.kubernetes.io/component: chrome
+      {{- include "chrome.selectorLabels" . | nindent 6 }}
   policyTypes:
     - Ingress
     - Egress
@@ -23,7 +21,18 @@ spec:
       ports:
         - protocol: TCP
           port: {{ .Values.chrome.service.port }}
+    {{- with .Values.chrome.networkPolicy.ingress }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   egress:
+    # Allow egress to XWiki pods so Chrome can fetch pages for PDF rendering
+    - to:
+        - podSelector:
+            matchLabels:
+              {{- include "xwiki.selectorLabels" . | nindent 14 }}
+      ports:
+        - protocol: TCP
+          port: {{ .Values.service.internalPort }}
     {{- with .Values.chrome.networkPolicy.egress }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
diff --git a/charts/xwiki/templates/chrome-nginx-configmap.yaml b/charts/xwiki/templates/chrome-nginx-configmap.yaml
@@ -0,0 +1,68 @@
+{{- if and .Values.chrome.enabled .Values.chrome.nginx.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "chrome.fullname" . }}-nginx
+  labels:
+    {{- include "chrome.labels" . | nindent 4 }}
+data:
+  nginx.conf: |
+    worker_processes 1;
+    pid /tmp/nginx.pid;
+    error_log /dev/stderr warn;
+
+    events {
+        worker_connections 1024;
+    }
+
+    http {
+        access_log /dev/stdout;
+
+        # Temp paths so nginx can run as non-root
+        client_body_temp_path /tmp/client_body;
+        proxy_temp_path       /tmp/proxy;
+
+        # Map Upgrade header to the correct Connection value for WebSocket support
+        map $http_upgrade $connection_upgrade {
+            default upgrade;
+            ''      close;
+        }
+
+        # Zone for total simultaneous connection limit (all clients share this pool)
+        limit_conn_zone $server_addr zone=chrome_conn:1m;
+
+        server {
+            listen {{ .Values.chrome.service.port }};
+
+            location / {
+                limit_conn chrome_conn {{ .Values.chrome.nginx.maxConnections }};
+
+                proxy_pass http://127.0.0.1:{{ .Values.chrome.internalPort }};
+                proxy_http_version 1.1;
+
+                # Chrome DevTools only accepts 'localhost' or an IP in the Host header.
+                # We use internalPort so Chrome builds webSocketDebuggerUrl as
+                # ws://localhost:<internalPort>/... which sub_filter rewrites below.
+                proxy_set_header Host "localhost:{{ .Values.chrome.internalPort }}";
+                proxy_set_header X-Real-IP $remote_addr;
+
+                # WebSocket: forward Upgrade/Connection headers
+                proxy_set_header Upgrade    $http_upgrade;
+                proxy_set_header Connection $connection_upgrade;
+
+                # Disable response compression so sub_filter can rewrite JSON bodies
+                proxy_set_header Accept-Encoding "";
+
+                # Chrome embeds its Host header in webSocketDebuggerUrl responses.
+                # Rewrite localhost:<internalPort> → <service>:<servicePort> so XWiki
+                # receives a URL it can actually reach through this proxy.
+                sub_filter_types application/json;
+                sub_filter_once  off;
+                sub_filter 'localhost:{{ .Values.chrome.internalPort }}' '{{ include "chrome.fullname" . }}:{{ .Values.chrome.service.port }}';
+
+                proxy_read_timeout 3600s;
+                proxy_send_timeout 3600s;
+            }
+        }
+    }
+{{- end }}
diff --git a/charts/xwiki/templates/chrome-service.yaml b/charts/xwiki/templates/chrome-service.yaml
@@ -4,20 +4,27 @@ kind: Service
 metadata:
   name: {{ include "chrome.fullname" . }}
   labels:
-    {{- include "xwiki.labels" . | nindent 4 }}
-    app.kubernetes.io/component: chrome
+    {{- include "chrome.labels" . | nindent 4 }}
   {{- if .Values.chrome.service.annotations }}
   annotations:
+    {{- if .Values.commonAnnotations }}
+{{ toYaml .Values.commonAnnotations | indent 4 }}
+    {{- end }}
     {{- toYaml .Values.chrome.service.annotations | nindent 4 }}
-  {{- end }}
+    {{- end }}
 spec:
   type: {{ .Values.chrome.service.type }}
+  {{- if .Values.chrome.nginx.enabled }}
+  sessionAffinity: ClientIP
+  sessionAffinityConfig:
+    clientIP:
+      timeoutSeconds: {{ .Values.chrome.service.sessionAffinityTimeoutSeconds }}
+  {{- end }}
   ports:
     - port: {{ .Values.chrome.service.port }}
       targetPort: {{ .Values.chrome.service.port }}
       protocol: TCP
       name: {{ .Values.chrome.service.portName }}
   selector:
-    {{- include "xwiki.selectorLabels" . | nindent 4 }}
-    app.kubernetes.io/component: chrome
+    {{- include "chrome.selectorLabels" . | nindent 4 }}
 {{- end }}
diff --git a/charts/xwiki/values.yaml b/charts/xwiki/values.yaml
