🔒️(helm) setup temporary redirect

Add a specific certificate to prepare redirect

src/helm/env.d/staging/values.meet.yaml.gotmpl

@@ -116,6 +116,12 @@ ingress:
   className: nginx
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-prod
+  tls:
+    enabled: true
+    additional:
+      - secretName: transitional-tls
+        hosts:
+          - {{ .Values.newDomain }}
 
 ingressAdmin:
   enabled: true
@@ -125,3 +131,9 @@ ingressAdmin:
     cert-manager.io/cluster-issuer: letsencrypt-prod
     nginx.ingress.kubernetes.io/auth-signin: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/start
     nginx.ingress.kubernetes.io/auth-url: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/auth
+  tls:
+    enabled: true
+    additional:
+      - secretName: transitional-tls
+        hosts:
+          - {{ .Values.newDomain }}

src/helm/extra/templates/redirect.yaml

@@ -0,0 +1,55 @@
+{{ if .Values.addRedirect }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    {{ if .Values.enablePermanentRedirect }}
+    nginx.ingress.kubernetes.io/permanent-redirect: "https://{{ .Values.newDomain }}$request_uri"
+    nginx.ingress.kubernetes.io/permanent-redirect-code: "308"
+    {{ end }}
+  name: temporary-redirect
+  namespace: {{ .Release.Namespace | quote }}
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: {{ .Values.oldDomain }}
+    http:
+      paths:
+      - backend:
+          service:
+            name: meet-frontend
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+      - backend:
+          service:
+            name: meet-backend
+            port:
+              number: 80
+        path: /api
+        pathType: Prefix
+  tls:
+  - hosts:
+    - {{ .Values.oldDomain }}
+    secretName: transitional-tls
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: transitional-tls
+  namespace: meet-staging
+spec:
+  dnsNames:
+  - {{ .Values.newDomain }}
+  - {{ .Values.oldDomain }}
+  issuerRef:
+    group: cert-manager.io
+    kind: ClusterIssuer
+    name: letsencrypt-prod
+  secretName: transitional-tls
+  usages:
+  - digital signature
+  - key encipherment
+{{ end }}

src/helm/helmfile.yaml

@@ -36,6 +36,13 @@ releases:
     chart: ./extra
     secrets:
       - env.d/{{ .Environment.Name }}/secrets.enc.yaml
+    values:
+    - env.d/{{ .Environment.Name }}/values.meet.yaml.gotmpl
+    - addRedirect: {{ .Values | get "addRedirect" "False" }}
+      enablePermanentRedirect: {{ .Values | get "enablePermanentRedirect" "False"}}
+      oldDomain: {{ .Values | get "oldDomain" "demo.com" }}
+      tlsOldSecretName: {{ .Values | get "tlsOldSecretName" "tls"}}
+      newDomain: {{ .Values | get "newDomain" "demo.com" }}
 
   - name: meet
     version: {{ .Values.version }}
@@ -64,6 +71,11 @@ environments:
   staging:
     values:
       - version: 0.0.1
+        addRedirect: True
+        enablePermanentRedirect: True
+        oldDomain: meet-staging.beta.numerique.gouv.fr
+        tlsOldSecretName: meet-tls
+        newDomain: visio-staging.beta.numerique.gouv.fr
     secrets:
       - env.d/{{ .Environment.Name }}/secrets.enc.yaml
   preprod: