🚀(helm) support Django Admin pages in ingress paths

Based on @rouja reco, I added a dedicated ingress to serve Django Admin pages and Django statics. The admin route will be secured by the oauth proxy. I simply copy/pasted the first ingress template, and adapted it.
2024-03-20 15:22:22 +01:00
parent e8a241adbc
commit de4551ab30
4 changed files with 127 additions and 1 deletions
--- a/src/helm/desk/templates/ingress_admin.yaml
+++ b/src/helm/desk/templates/ingress_admin.yaml
@@ -0,0 +1,97 @@
+{{- if .Values.ingressAdmin.enabled -}}
+{{- $fullName := include "desk.fullname" . -}}
+{{- if and .Values.ingressAdmin.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingressAdmin.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingressAdmin.annotations "kubernetes.io/ingress.class" .Values.ingressAdmin.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-admin
+  labels:
+    {{- include "desk.labels" . | nindent 4 }}
+  {{- with .Values.ingressAdmin.annotations }}
+  annotations:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingressAdmin.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingressAdmin.className }}
+  {{- end }}
+  {{- if .Values.ingressAdmin.tls.enabled }}
+  tls:
+    {{- if .Values.ingressAdmin.host }}
+    - secretName: {{ $fullName }}-tls
+      hosts:
+        - {{ .Values.ingressAdmin.host | quote }}
+    {{- end }}
+    {{- range .Values.ingressAdmin.tls.additional }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- if .Values.ingressAdmin.host }}
+    - host: {{ .Values.ingressAdmin.host | quote }}
+      http:
+        paths:
+          - path: {{ .Values.ingressAdmin.path | quote }}
+            {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
+            pathType: Prefix
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ include "desk.backend.fullname" . }}
+                port:
+                  number: {{ .Values.backend.service.port }}
+              {{- else }}
+              serviceName: {{ include "desk.backend.fullname" . }}
+              servicePort: {{ .Values.backend.service.port }}
+            {{- end }}
+          - path: /static
+            {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
+            pathType: Prefix
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ include "desk.backend.fullname" . }}
+                port:
+                  number: {{ .Values.backend.service.port }}
+              {{- else }}
+              serviceName: {{ include "desk.backend.fullname" . }}
+              servicePort: {{ .Values.backend.service.port }}
+            {{- end }}
+    {{- end }}
+    {{- range .Values.ingressAdmin.hosts }}
+    - host: {{ . | quote }}
+      http:
+        paths:
+          - path: {{ $.Values.ingressAdmin.path | quote }}
+            {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
+            pathType: Prefix
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ include "desk.backend.fullname" $ }}
+                port:
+                  number: {{ $.Values.backend.service.port }}
+              {{- else }}
+              serviceName: {{ include "desk.backend.fullname" $ }}
+              servicePort: {{ $.Values.backend.service.port }}
+            {{- end }}
+    {{- end }}
+{{- end }}
+
--- a/src/helm/desk/values.yaml
+++ b/src/helm/desk/values.yaml
@@ -48,6 +48,26 @@ ingress:
  ## @param ingress.customBackends Add custom backends to ingress
  customBackends: []

+## @param ingressAdmin.enabled whether to enable the Ingress or not
+## @param ingressAdmin.className IngressClass to use for the Ingress
+## @param ingressAdmin.host Host for the Ingress
+## @param ingressAdmin.path Path to use for the Ingress
+ingressAdmin:
+  enabled: false
+  className: null
+  host: desk.example.com
+  path: /admin
+  ## @param ingressAdmin.hosts Additional host to configure for the Ingress
+  hosts: [ ]
+  #  - chart-example.local
+  ## @param ingressAdmin.tls.enabled Weather to enable TLS for the Ingress
+  ## @skip ingressAdmin.tls.additional
+  ## @extra ingressAdmin.tls.additional[].secretName Secret name for additional TLS config
+  ## @extra ingressAdmin.tls.additional[].hosts[] Hosts for additional TLS config
+  tls:
+    enabled: true
+    additional: []
+

 ## @section backend

--- a/src/helm/env.d/dev/values.desk.yaml.gotmpl
+++ b/src/helm/env.d/dev/values.desk.yaml.gotmpl
@@ -46,4 +46,6 @@ ingress:
  enabled: true
  host: desk.127.0.0.1.nip.io

-
+admin:
+  enabled: true
+  host: desk.127.0.0.1.nip.io
--- a/src/helm/env.d/staging/values.desk.yaml.gotmpl
+++ b/src/helm/env.d/staging/values.desk.yaml.gotmpl
@@ -75,3 +75,10 @@ ingress:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod

+admin:
+  enabled: true
+  host: desk-staging.beta.numerique.gouv.fr
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/auth-signin: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/start
+    nginx.ingress.kubernetes.io/auth-url: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/auth