From 0be94aa572cfa03d83f3816cc980fb27c3eded5b Mon Sep 17 00:00:00 2001 From: Jacques ROUSSEL Date: Mon, 23 Sep 2024 09:48:14 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F(helm)=20setup=20temporary?= =?UTF-8?q?=20redirect?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add a specific certificate to prepare redirect --- .../env.d/staging/values.meet.yaml.gotmpl | 12 ++++ src/helm/extra/templates/redirect.yaml | 55 +++++++++++++++++++ src/helm/helmfile.yaml | 12 ++++ 3 files changed, 79 insertions(+) create mode 100644 src/helm/extra/templates/redirect.yaml diff --git a/src/helm/env.d/staging/values.meet.yaml.gotmpl b/src/helm/env.d/staging/values.meet.yaml.gotmpl index bb6b58a5..d388b5c2 100644 --- a/src/helm/env.d/staging/values.meet.yaml.gotmpl +++ b/src/helm/env.d/staging/values.meet.yaml.gotmpl @@ -116,6 +116,12 @@ ingress: className: nginx annotations: cert-manager.io/cluster-issuer: letsencrypt-prod + tls: + enabled: true + additional: + - secretName: transitional-tls + hosts: + - {{ .Values.newDomain }} ingressAdmin: enabled: true @@ -125,3 +131,9 @@ ingressAdmin: cert-manager.io/cluster-issuer: letsencrypt-prod nginx.ingress.kubernetes.io/auth-signin: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/start nginx.ingress.kubernetes.io/auth-url: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/auth + tls: + enabled: true + additional: + - secretName: transitional-tls + hosts: + - {{ .Values.newDomain }} diff --git a/src/helm/extra/templates/redirect.yaml b/src/helm/extra/templates/redirect.yaml new file mode 100644 index 00000000..14b9b471 --- /dev/null +++ b/src/helm/extra/templates/redirect.yaml @@ -0,0 +1,55 @@ +{{ if .Values.addRedirect }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + {{ if .Values.enablePermanentRedirect }} + nginx.ingress.kubernetes.io/permanent-redirect: "https://{{ .Values.newDomain }}$request_uri" + nginx.ingress.kubernetes.io/permanent-redirect-code: "308" + {{ end }} + name: temporary-redirect + namespace: {{ .Release.Namespace | quote }} +spec: + ingressClassName: nginx + rules: + - host: {{ .Values.oldDomain }} + http: + paths: + - backend: + service: + name: meet-frontend + port: + number: 80 + path: / + pathType: Prefix + - backend: + service: + name: meet-backend + port: + number: 80 + path: /api + pathType: Prefix + tls: + - hosts: + - {{ .Values.oldDomain }} + secretName: transitional-tls +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: transitional-tls + namespace: meet-staging +spec: + dnsNames: + - {{ .Values.newDomain }} + - {{ .Values.oldDomain }} + issuerRef: + group: cert-manager.io + kind: ClusterIssuer + name: letsencrypt-prod + secretName: transitional-tls + usages: + - digital signature + - key encipherment +{{ end }} diff --git a/src/helm/helmfile.yaml b/src/helm/helmfile.yaml index 0b49ebf9..8df19505 100644 --- a/src/helm/helmfile.yaml +++ b/src/helm/helmfile.yaml @@ -36,6 +36,13 @@ releases: chart: ./extra secrets: - env.d/{{ .Environment.Name }}/secrets.enc.yaml + values: + - env.d/{{ .Environment.Name }}/values.meet.yaml.gotmpl + - addRedirect: {{ .Values | get "addRedirect" "False" }} + enablePermanentRedirect: {{ .Values | get "enablePermanentRedirect" "False"}} + oldDomain: {{ .Values | get "oldDomain" "demo.com" }} + tlsOldSecretName: {{ .Values | get "tlsOldSecretName" "tls"}} + newDomain: {{ .Values | get "newDomain" "demo.com" }} - name: meet version: {{ .Values.version }} @@ -64,6 +71,11 @@ environments: staging: values: - version: 0.0.1 + addRedirect: True + enablePermanentRedirect: True + oldDomain: meet-staging.beta.numerique.gouv.fr + tlsOldSecretName: meet-tls + newDomain: visio-staging.beta.numerique.gouv.fr secrets: - env.d/{{ .Environment.Name }}/secrets.enc.yaml preprod: