From f2a78ada47ca57dc482d7f08e6842339be887b81 Mon Sep 17 00:00:00 2001
From: Anthony LC <anthony.le-courric@mail.numerique.gouv.fr>
Date: Fri, 30 Aug 2024 10:52:09 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7(helm)=20replace=20storage=20url=20?=
 =?UTF-8?q?in=20ingressMedia?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

There is no mechanism to have the media storage
URL from a secret from the ingress.
The media storage URL has to be hardcoded.
We replace the media storage URL in the ingress,
if we change the cluster, we will have to update
these urls.
---
 .../env.d/preprod/values.impress.yaml.gotmpl  | 19 ++++++++-----------
 .../production/values.impress.yaml.gotmpl     | 19 ++++++++-----------
 .../env.d/staging/values.impress.yaml.gotmpl  | 19 ++++++++-----------
 3 files changed, 24 insertions(+), 33 deletions(-)

diff --git a/src/helm/env.d/preprod/values.impress.yaml.gotmpl b/src/helm/env.d/preprod/values.impress.yaml.gotmpl
index 15502d32..d0bb8ea3 100644
--- a/src/helm/env.d/preprod/values.impress.yaml.gotmpl
+++ b/src/helm/env.d/preprod/values.impress.yaml.gotmpl
@@ -161,17 +161,14 @@ ingressMedia:
 
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-prod
-    nginx.ingress.kubernetes.io/auth-url: https://impress-preprod.beta.numerique.gouv.fr/api/v1.0/documents/retrieve-auth/
     nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256"
-    nginx.ingress.kubernetes.io/upstream-vhost:
-      secretKeyRef:
-        name: impress-media-storage.bucket.libre.sh
-        key: url
-    nginx.ingress.kubernetes.io/rewrite-target: /impress-media-storage/$1
+    nginx.ingress.kubernetes.io/auth-url: https://impress-preprod.beta.numerique.gouv.fr/api/v1.0/documents/retrieve-auth/
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/rewrite-target: /impress-preprod-impress-media-storage/$1
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/upstream-vhost: s3.margaret-hamilton.indiehosters.net
 
 serviceMedia:
-  host:
-    secretKeyRef:
-      name: impress-media-storage.bucket.libre.sh
-      key: url
-  port: 9000
+  host: s3.margaret-hamilton.indiehosters.net
+  port: 443
\ No newline at end of file
diff --git a/src/helm/env.d/production/values.impress.yaml.gotmpl b/src/helm/env.d/production/values.impress.yaml.gotmpl
index 94fafd93..edc3d6b8 100644
--- a/src/helm/env.d/production/values.impress.yaml.gotmpl
+++ b/src/helm/env.d/production/values.impress.yaml.gotmpl
@@ -161,17 +161,14 @@ ingressMedia:
 
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-prod
-    nginx.ingress.kubernetes.io/auth-url: https://docs.numerique.gouv.fr/api/v1.0/documents/retrieve-auth/
     nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256"
-    nginx.ingress.kubernetes.io/upstream-vhost:
-      secretKeyRef:
-        name: impress-media-storage.bucket.libre.sh
-        key: url
-    nginx.ingress.kubernetes.io/rewrite-target: /impress-media-storage/$1
+    nginx.ingress.kubernetes.io/auth-url: https://docs.numerique.gouv.fr/api/v1.0/documents/retrieve-auth/
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/rewrite-target: /impress-production-impress-media-storage/$1
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/upstream-vhost: s3.hedy-lamarr.indiehosters.net
 
 serviceMedia:
-  host:
-    secretKeyRef:
-      name: impress-media-storage.bucket.libre.sh
-      key: url
-  port: 9000
+  host: s3.hedy-lamarr.indiehosters.net
+  port: 443
\ No newline at end of file
diff --git a/src/helm/env.d/staging/values.impress.yaml.gotmpl b/src/helm/env.d/staging/values.impress.yaml.gotmpl
index be1925dc..b46da59c 100644
--- a/src/helm/env.d/staging/values.impress.yaml.gotmpl
+++ b/src/helm/env.d/staging/values.impress.yaml.gotmpl
@@ -161,17 +161,14 @@ ingressMedia:
 
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-prod
-    nginx.ingress.kubernetes.io/auth-url: https://impress-staging.beta.numerique.gouv.fr/api/v1.0/documents/retrieve-auth/
     nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256"
-    nginx.ingress.kubernetes.io/upstream-vhost:
-      secretKeyRef:
-        name: impress-media-storage.bucket.libre.sh
-        key: url
-    nginx.ingress.kubernetes.io/rewrite-target: /impress-media-storage/$1
+    nginx.ingress.kubernetes.io/auth-url: https://impress-staging.beta.numerique.gouv.fr/api/v1.0/documents/retrieve-auth/
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/rewrite-target: /impress-staging-impress-media-storage/$1
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/upstream-vhost: s3.margaret-hamilton.indiehosters.net
 
 serviceMedia:
-  host:
-    secretKeyRef:
-      name: impress-media-storage.bucket.libre.sh
-      key: url
-  port: 9000
+  host: s3.margaret-hamilton.indiehosters.net
+  port: 443