🔒️(helm) setup temporary redirect

Add a specific certificate to prepare redirect
2024-09-23 09:48:14 +02:00
parent b309f91095
commit 0be94aa572
3 changed files with 79 additions and 0 deletions
--- a/src/helm/env.d/staging/values.meet.yaml.gotmpl
+++ b/src/helm/env.d/staging/values.meet.yaml.gotmpl
@@ -116,6 +116,12 @@ ingress:
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
+  tls:
+    enabled: true
+    additional:
+      - secretName: transitional-tls
+        hosts:
+          - {{ .Values.newDomain }}

 ingressAdmin:
  enabled: true
@@ -125,3 +131,9 @@ ingressAdmin:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/auth-signin: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/start
    nginx.ingress.kubernetes.io/auth-url: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/auth
+  tls:
+    enabled: true
+    additional:
+      - secretName: transitional-tls
+        hosts:
+          - {{ .Values.newDomain }}
--- a/src/helm/extra/templates/redirect.yaml
+++ b/src/helm/extra/templates/redirect.yaml
@@ -0,0 +1,55 @@
+{{ if .Values.addRedirect }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    {{ if .Values.enablePermanentRedirect }}
+    nginx.ingress.kubernetes.io/permanent-redirect: "https://{{ .Values.newDomain }}$request_uri"
+    nginx.ingress.kubernetes.io/permanent-redirect-code: "308"
+    {{ end }}
+  name: temporary-redirect
+  namespace: {{ .Release.Namespace | quote }}
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: {{ .Values.oldDomain }}
+    http:
+      paths:
+      - backend:
+          service:
+            name: meet-frontend
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+      - backend:
+          service:
+            name: meet-backend
+            port:
+              number: 80
+        path: /api
+        pathType: Prefix
+  tls:
+  - hosts:
+    - {{ .Values.oldDomain }}
+    secretName: transitional-tls
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: transitional-tls
+  namespace: meet-staging
+spec:
+  dnsNames:
+  - {{ .Values.newDomain }}
+  - {{ .Values.oldDomain }}
+  issuerRef:
+    group: cert-manager.io
+    kind: ClusterIssuer
+    name: letsencrypt-prod
+  secretName: transitional-tls
+  usages:
+  - digital signature
+  - key encipherment
+{{ end }}
--- a/src/helm/helmfile.yaml
+++ b/src/helm/helmfile.yaml
@@ -36,6 +36,13 @@ releases:
    chart: ./extra
    secrets:
      - env.d/{{ .Environment.Name }}/secrets.enc.yaml
+    values:
+    - env.d/{{ .Environment.Name }}/values.meet.yaml.gotmpl
+    - addRedirect: {{ .Values | get "addRedirect" "False" }}
+      enablePermanentRedirect: {{ .Values | get "enablePermanentRedirect" "False"}}
+      oldDomain: {{ .Values | get "oldDomain" "demo.com" }}
+      tlsOldSecretName: {{ .Values | get "tlsOldSecretName" "tls"}}
+      newDomain: {{ .Values | get "newDomain" "demo.com" }}

  - name: meet
    version: {{ .Values.version }}
@@ -64,6 +71,11 @@ environments:
  staging:
    values:
      - version: 0.0.1
+        addRedirect: True
+        enablePermanentRedirect: True
+        oldDomain: meet-staging.beta.numerique.gouv.fr
+        tlsOldSecretName: meet-tls
+        newDomain: visio-staging.beta.numerique.gouv.fr
    secrets:
      - env.d/{{ .Environment.Name }}/secrets.enc.yaml
  preprod: