From 2dc32094d0e2e2e3112e2237e257910c2c741322 Mon Sep 17 00:00:00 2001
From: Iain Sproat <68657+iainsproat@users.noreply.github.com>
Date: Sat, 15 Mar 2025 11:31:40 +0000
Subject: [PATCH] feat(helm chart): can be configured to deploy preview service
 in cluster

---
 docker-compose-speckle.yml                    |  3 ++-
 .../server/modules/previews/rest/router.ts    |  9 +++++---
 .../modules/shared/helpers/envHelper.ts       | 21 +++++++++++--------
 .../speckle-server/templates/_helpers.tpl     | 11 +++++++++-
 .../templates/preview_service/deployment.yml  |  3 ++-
 .../preview_service/networkpolicy.cilium.yml  |  2 ++
 .../networkpolicy.kubernetes.yml              |  4 +++-
 .../templates/preview_service/service.yml     |  2 ++
 .../preview_service/serviceaccount.yml        |  2 ++
 utils/helm/speckle-server/values.schema.json  |  5 +++++
 utils/helm/speckle-server/values.yaml         |  2 ++
 11 files changed, 48 insertions(+), 16 deletions(-)

diff --git a/docker-compose-speckle.yml b/docker-compose-speckle.yml
index 446204c58..658d2ccc2 100644
--- a/docker-compose-speckle.yml
+++ b/docker-compose-speckle.yml
@@ -54,7 +54,7 @@ services:
       CANONICAL_URL: 'http://127.0.0.1'
       # This is the URL of the server as accessed by other Speckle services within this docker compose network, such as preview-service.
       # This will be the same value as NUXT_PUBLIC_BACKEND_API_ORIGIN as defined in the frontend-2 service.
-      PRIVATE_SERVER_URL: 'http://speckle-server:3000'
+      PRIVATE_OBJECTS_SERVER_URL: 'http://speckle-server:3000'
 
       # TODO: Change this to a unique secret for this server
       SESSION_SECRET: 'TODO:Replace'
@@ -71,6 +71,7 @@ services:
       POSTGRES_DB: 'speckle'
 
       REDIS_URL: 'redis://redis'
+      PREVIEW_SERVICE_USE_PRIVATE_OBJECTS_SERVER_URL: 'true'
       PREVIEW_SERVICE_REDIS_URL: 'redis://redis'
 
       S3_ENDPOINT: 'http://minio:9000'
diff --git a/packages/server/modules/previews/rest/router.ts b/packages/server/modules/previews/rest/router.ts
index 92374d73b..ea2002154 100644
--- a/packages/server/modules/previews/rest/router.ts
+++ b/packages/server/modules/previews/rest/router.ts
@@ -38,8 +38,9 @@ import {
   storeUserServerAppTokenFactory
 } from '@/modules/core/repositories/tokens'
 import {
-  getPrivateServerOrigin,
-  getServerOrigin
+  getPrivateObjectsServerOrigin,
+  getServerOrigin,
+  previewServiceShouldUsePrivateObjectsServerUrl
 } from '@/modules/shared/helpers/envHelper'
 import { requestObjectPreviewFactory } from '@/modules/previews/queues/previews'
 import type { Queue } from 'bull'
@@ -65,7 +66,9 @@ const buildCreateObjectPreviewFunction = ({
       responseQueue: responseQueueName
     }),
     // use the private server origin if defined, otherwise use the public server origin
-    serverOrigin: getPrivateServerOrigin() || getServerOrigin(),
+    serverOrigin: previewServiceShouldUsePrivateObjectsServerUrl()
+      ? getPrivateObjectsServerOrigin()
+      : getServerOrigin(),
     storeObjectPreview: storeObjectPreviewFactory({ db: projectDb }),
     getStreamCollaborators: getStreamCollaboratorsFactory({ db }),
     createAppToken: createAppTokenFactory({
diff --git a/packages/server/modules/shared/helpers/envHelper.ts b/packages/server/modules/shared/helpers/envHelper.ts
index 9d398f0d9..7e3093ba7 100644
--- a/packages/server/modules/shared/helpers/envHelper.ts
+++ b/packages/server/modules/shared/helpers/envHelper.ts
@@ -112,6 +112,10 @@ export function getRedisUrl() {
   return getStringFromEnv('REDIS_URL')
 }
 
+export const previewServiceShouldUsePrivateObjectsServerUrl = (): boolean => {
+  return getBooleanFromEnv('PREVIEW_SERVICE_USE_PRIVATE_OBJECTS_SERVER_URL')
+}
+
 export const getPreviewServiceRedisUrl = (): string | undefined => {
   return process.env['PREVIEW_SERVICE_REDIS_URL']
 }
@@ -221,20 +225,19 @@ export function getFrontendOrigin() {
 }
 
 /**
- * Get server app origin/base URL
+ * Get server app origin/base URL.
+ * This is the public server URL, i.e. 'canonical url', used for external communication.
  */
 export function getServerOrigin() {
   return mustGetUrlFromEnv('CANONICAL_URL', true).origin
 }
 
-export function getPrivateServerOrigin() {
-  try {
-    const url = getUrlFromEnv('PRIVATE_SERVER_URL', true)
-    if (!url) return url
-    return url.origin
-  } catch {
-    return null
-  }
+/**
+ *
+ * @returns the private server origin, which is used for internal communication between services
+ */
+export function getPrivateObjectsServerOrigin() {
+  return mustGetUrlFromEnv('PRIVATE_OBJECTS_SERVER_URL', true).origin
 }
 
 export function getBindAddress(aDefault: string = '127.0.0.1') {
diff --git a/utils/helm/speckle-server/templates/_helpers.tpl b/utils/helm/speckle-server/templates/_helpers.tpl
index 1e733bbed..748779d6d 100644
--- a/utils/helm/speckle-server/templates/_helpers.tpl
+++ b/utils/helm/speckle-server/templates/_helpers.tpl
@@ -528,7 +528,6 @@ Retrieve the s3 parameters from ConfigMap if enabled, or default to retrieving t
 {{- end }}
 {{- end }}
 
-
 {{/*
 Generate the environment variables for Speckle server and Speckle objects deployments
 */}}
@@ -542,6 +541,10 @@ Generate the environment variables for Speckle server and Speckle objects deploy
 
 - name: PORT
   value: {{ include "server.port" $ | quote }}
+
+- name: PRIVATE_OBJECTS_SERVER_URL
+  value: {{ printf "http://%s:%s" ( include "objects.service.fqdn" $ ) ( include "objects.port" $ ) }}
+
 - name: LOG_LEVEL
   value: {{ .Values.server.logLevel }}
 - name: LOG_PRETTY
@@ -799,6 +802,12 @@ Generate the environment variables for Speckle server and Speckle objects deploy
   value: {{ .Values.server.gendoAI.ratelimiting.burstRenderRequestPeriodSeconds | quote }}
 {{- end }}
 
+# *** Preview service ***
+{{- if .Values.preview_service.deployInCluster }}
+- name: PREVIEW_SERVICE_USE_PRIVATE_OBJECTS_SERVER_URL
+  value: "true"
+{{- end }}
+
 # *** Redis ***
 - name: REDIS_URL
   valueFrom:
diff --git a/utils/helm/speckle-server/templates/preview_service/deployment.yml b/utils/helm/speckle-server/templates/preview_service/deployment.yml
index 01bba8ef6..7ac6f8041 100644
--- a/utils/helm/speckle-server/templates/preview_service/deployment.yml
+++ b/utils/helm/speckle-server/templates/preview_service/deployment.yml
@@ -1,3 +1,4 @@
+{{- if .Values.preview_service.deployInCluster }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -121,4 +122,4 @@ spec:
 
       # Should be > preview generation time ( 1 hour for good measure )
       terminationGracePeriodSeconds: 3600
-
+{{- end }}
diff --git a/utils/helm/speckle-server/templates/preview_service/networkpolicy.cilium.yml b/utils/helm/speckle-server/templates/preview_service/networkpolicy.cilium.yml
index 828509cb4..5b4e799c0 100644
--- a/utils/helm/speckle-server/templates/preview_service/networkpolicy.cilium.yml
+++ b/utils/helm/speckle-server/templates/preview_service/networkpolicy.cilium.yml
@@ -1,3 +1,4 @@
+{{- if .Values.preview_service.deployInCluster }}
 {{- if (and (.Values.preview_service.networkPolicy.enabled) (eq .Values.networkPlugin.type "cilium")) -}}
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
@@ -38,3 +39,4 @@ spec:
     # postgres
 {{ include "speckle.networkpolicy.egress.postgres.cilium" $ | indent 4 }}
 {{- end }}
+{{- end }}
diff --git a/utils/helm/speckle-server/templates/preview_service/networkpolicy.kubernetes.yml b/utils/helm/speckle-server/templates/preview_service/networkpolicy.kubernetes.yml
index b4c386b11..d5dbff0ab 100644
--- a/utils/helm/speckle-server/templates/preview_service/networkpolicy.kubernetes.yml
+++ b/utils/helm/speckle-server/templates/preview_service/networkpolicy.kubernetes.yml
@@ -1,3 +1,4 @@
+{{- if .Values.preview_service.deployInCluster }}
 {{- if (and (.Values.preview_service.networkPolicy.enabled) (eq .Values.networkPlugin.type "kubernetes")) -}}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -38,4 +39,5 @@ spec:
           protocol: UDP
     # postgres
 {{ include "speckle.networkpolicy.egress.postgres" $ | indent 4 }}
-{{- end -}}
+{{- end }}
+{{- end }}
diff --git a/utils/helm/speckle-server/templates/preview_service/service.yml b/utils/helm/speckle-server/templates/preview_service/service.yml
index b0b186306..e2156a71c 100644
--- a/utils/helm/speckle-server/templates/preview_service/service.yml
+++ b/utils/helm/speckle-server/templates/preview_service/service.yml
@@ -1,3 +1,4 @@
+{{- if .Values.preview_service.deployInCluster }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -14,3 +15,4 @@ spec:
       name: web
       port: {{ .Values.preview_service.port }}
       targetPort: metrics
+{{- end }}
diff --git a/utils/helm/speckle-server/templates/preview_service/serviceaccount.yml b/utils/helm/speckle-server/templates/preview_service/serviceaccount.yml
index 279e661e2..e078289ed 100644
--- a/utils/helm/speckle-server/templates/preview_service/serviceaccount.yml
+++ b/utils/helm/speckle-server/templates/preview_service/serviceaccount.yml
@@ -1,3 +1,4 @@
+{{- if .Values.preview_service.deployInCluster }}
 {{- if .Values.preview_service.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
@@ -21,3 +22,4 @@ secrets:
   - name: {{ default .Values.secretName .Values.redis.previewServiceConnectionString.secretName }}
 {{- end }}
 {{- end -}}
+{{- end }}
diff --git a/utils/helm/speckle-server/values.schema.json b/utils/helm/speckle-server/values.schema.json
index 09b6e39ea..25d17d47e 100644
--- a/utils/helm/speckle-server/values.schema.json
+++ b/utils/helm/speckle-server/values.schema.json
@@ -1884,6 +1884,11 @@
     "preview_service": {
       "type": "object",
       "properties": {
+        "deployInCluster": {
+          "type": "boolean",
+          "description": "If enabled, the Preview Service will be deployed within the cluster and speckle-server will be configured to send the kubernetes service url of the objects server to the Preview Service.",
+          "default": true
+        },
         "dedicatedPreviewsQueue": {
           "type": "boolean",
           "description": "Allows using a dedicated redis url for the preview service job queue",
diff --git a/utils/helm/speckle-server/values.yaml b/utils/helm/speckle-server/values.yaml
index 3b7476913..de2fb8246 100644
--- a/utils/helm/speckle-server/values.yaml
+++ b/utils/helm/speckle-server/values.yaml
@@ -1101,6 +1101,8 @@ frontend_2:
 ## @descriptionEnd
 ##
 preview_service:
+  ## @param preview_service.deployInCluster If enabled, the Preview Service will be deployed within the cluster and speckle-server will be configured to send the kubernetes service url of the objects server to the Preview Service.
+  deployInCluster: true
   ## @param preview_service.dedicatedPreviewsQueue Allows using a dedicated redis url for the preview service job queue
   ##
   dedicatedPreviewsQueue: false