[Suggestion] - Defining tomcatconfig.proxyName should override ingress.host about data-center-helm-charts HOT 11 CLOSED

@bianchi2 I checked again and you are right!

Indeed ATL_PROXY_NAME is set a second time in the env array with the correct value and appears from within the container as the correct overwritten value. So in my case it seems to be a different problem that the correct ENV var is not written into server.xml.

confluence@confluence-0:~$ env | grep -Ei '(ATL_PROXY_NAME|force)'
ATL_FORCE_CFG_UPDATE=true
ATL_PROXY_NAME=confluence.my.url.com

confluence@confluence-0:~$ cat /opt/atlassian/confluence/conf/server.xml | grep proxyName
               proxyName="synchrony-confluence.my.url.com"

With some wipe and retry it works finally! Thanks for that ultra quick response and help today. Really awesome.

from data-center-helm-charts.

@Ansible-man thanks for sharing this use case. What you can do is define:

confluence:
  additionalEnvironmentVariables:
  - name: ATL_PROXY_NAME
    value: confluence-prod.domain.com

This will work is confluence.tomcatConfig.generateByHelm is set to false (i.e. server.xml is generated in the image entrypoint).

If confluence.tomcatConfig.generateByHelm is set to true, you can just set:

confluence:
  tomcatConfig:
     proxyName: confluence-prod.domain.com

from data-center-helm-charts.

Thank you for the fast response

We have the following values set
confluence:
tomcatConfig:
generateByHelm: true
proxyName: "confluence-prod.domain.com"

We are observing that the config map generated by helm still sets the proxy name to the value of ingress.host. We also attempted deleting the configMap and when it gets regenerated the value of ingress.host is still the value for proxyName within the configMap

from data-center-helm-charts.

Oh, right, it's because:

proxyName="{{ .Values.ingress.host | default .Values.confluence.tomcatConfig.proxyName }}"

It should be vice versa, default is ingress host unless it's overridden in the config. I'll raise a PR to fix it.

Have you tried just setting environment variable and let image entrypoint generate it?

from data-center-helm-charts.

We have tried that method as well will no luck. The ENV vars seem to get overwritten

from data-center-helm-charts.

@Ansible-man you must be be doing it wrong. I have just tested it and it works for me:

helm install confluence ./ \
   --set ingress.create=true \
   --set ingress.host=hello.com \
   --set confluence.additionalEnvironmentVariables[0].name=ATL_PROXY_NAME \
   --set confluence.additionalEnvironmentVariables[0].value=no.com

And then check server.xml:

k exec -ti confluence-0 bash
root@confluence-0:/var/atlassian/application-data/confluence# cat /opt/atlassian/confluence/conf/server.xml | grep proxy
               proxyName="no.com"
               proxyPort="443"
        <Context path="${confluence.context.path}/synchrony-proxy"
                 docBase="../synchrony-proxy"
root@confluence-0:/var/atlassian/application-data/confluence#

from data-center-helm-charts.

@bianchi2 I tried your example and it does not work for me with helm chart version 1.20.1.

I try to deploy Confluence datacenter with dedicated Synchrony URL and fail because both are using
"ingress.host" to define their env vars.

So a mechanism to override ATL_PROXY_NAME for confluence tomcat would help me out.

My relevant values snippet:

    confluence:
      additionalEnvironmentVariables:
        # this override does not work because env var is defined already before in
        # https://github.com/atlassian/data-center-helm-charts/blob/main/src/main/charts/confluence/templates/statefulset.yaml#L200
        - name: ATL_PROXY_NAME
          value: ${var.fqdn}
      additionalJvmArgs:
        - '-synchrony.proxy.enabled=false'
        - '-Dsynchrony.service.url=https://synchrony-${var.fqdn}/synchrony'
    ingress:
      # this is used by synchrony in SYNCHRONY_SERVICE_URL env var and can not be overwritten
      # https://github.com/atlassian/data-center-helm-charts/blob/main/src/main/charts/confluence/templates/statefulset-synchrony.yaml#L100
      host: synchrony-${var.fqdn}
      https: true

from data-center-helm-charts.

@inka the snippet you shared should override both proxy name in server.xml and synchrony url for you. Though your ingress.host does not look right. Do you expect Confluence to be available at https://synchrony-${var.fqdn}? https://github.com/atlassian/data-center-helm-charts/blob/main/src/main/charts/confluence/templates/_helpers.tpl#L200 this is how Synchrony url is defined.

Is your use case the same - you need different ingress hostname and proxy name? Or do you just need synchrony to be available on a different url? Say, confluence is confluence.example.com and synchrony is synchrony.example.com/synchrony?

I have double checked additionalEnvironmentVariables override and it works as expected - proxyName is overridden.

from data-center-helm-charts.

If I run above config I get this in my container spec for confluence-0:

spec:
  containers:
  - env:
    - name: ATL_PROXY_NAME
      value: synchrony-confluence.my.url.com

and not like expected:

spec:
  containers:
  - env:
    - name: ATL_PROXY_NAME
      value: confluence.my.url.com

I wanted to have them on 2 different URLs because of the way how our ALBs routing to ISTIO ingress. But I can also try to write the Virtualservice in a different way and use the same FQDN. Would look like:

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: {{ .Values.app }}
  namespace: {{ .Values.namespace }}
spec:
  gateways:
    - istio-system/global-gateway
  hosts:
    - {{ .Values.url }}
  http:
  - name: synchrony
    match:
    - uri:
        prefix: "/synchrony"
    route:
    - destination:
        host: confluence-synchrony.{{ .Values.namespace }}.svc.cluster.local
        port:
          number: 80
  - name: confluence
    route:
    - destination:
        host: confluence.{{ .Values.namespace }}.svc.cluster.local
        port:
          number: 80

Will test that and see how it goes. But this becomes off-topic. The general request of this suggestion I still support. It should be possible to override both URLs independent from each other.

and BTW regarding https://github.com/atlassian/data-center-helm-charts/blob/main/src/main/charts/confluence/templates/_helpers.tpl#L200
I got an error with JWT aud mismatch which went away via https://confluence.atlassian.com/confkb/synchrony-logs-show-invalid-aud-and-synchrony-is-not-connecting-to-confluence-937177818.html

from data-center-helm-charts.

@inka what you are saying is that when you set ATL_PROXY_NAME in additional env vars in Helm values to confluence.my.url.com it is still synchrony-confluence.my.url.com as set in ingress.host? Please note that ATL_PROXY_NAME in container env will be duplicated, so there will be 2 variables with the same name, and the value of the last one will apply. Make sure you actually check server.xml and the effective ATL_PROXY_NAME value in the running container.

from data-center-helm-charts.

Fixed by #822

from data-center-helm-charts.