web: Define ingress paths with authentication
This allows to add the extra basic-authentication part in the ingress.
That will match what's currently deployed in the apache in front of gunicorn in vault.internal.staging.swh.network and moma.
It's not deploying anything yet. Next step would be to decomission webapp.internal.staging.swh.network in favor of the webapp cassandra running in staging (with some adaptations in the values).
make swh-helm-diff
[swh] Generate config in production branch for environment staging...
Switched to branch 'web-improve-ingress-rules'
[swh] Generate config in web-improve-ingress-rules branch for environment staging...
Switched to branch 'production'
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production...
Switched to branch 'web-improve-ingress-rules'
[swh] Generate config in web-improve-ingress-rules branch for environment production...
------------- diff for environment staging -------------
--- /tmp/swh-chart.swh.CWDCbMEC/staging.before 2023-10-12 16:45:46.314322051 +0200
+++ /tmp/swh-chart.swh.CWDCbMEC/staging.after 2023-10-12 16:45:47.058321513 +0200
@@ -44203,45 +44203,47 @@
name: storage
port:
number: 5002
host: storage-cassandra.internal.staging.swh.network
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra
- name: swh-web-ingress
+ name: swh-web-ingress-default
annotations:
- cert-manager.io/cluster-issuer: letsencrypt-production-gandi
- kubernetes.io/ingress.class: nginx
- kubernetes.io/tls-acme: "true"
- nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+ cert-manager.io/cluster-issuer: letsencrypt-production-gandi
+ kubernetes.io/ingress.class: nginx
+ kubernetes.io/tls-acme: "true"
+ nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
rules:
- - http:
+ - host: webapp-cassandra.internal.staging.swh.network
+ http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web
port:
number: 5004
+
- path: /static
pathType: Prefix
backend:
service:
name: web
port:
number: 80
- host: webapp-cassandra.internal.staging.swh.network
+
tls:
- hosts:
- webapp-cassandra.internal.staging.swh.network
secretName: swh-web-crt
---
# Source: swh/charts/keda/templates/metrics-server/apiservice.yaml
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
annotations:
@@ -66229,45 +66231,47 @@
name: storage
port:
number: 5002
host: storage-cassandra-next-version.internal.staging.swh.network
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra-next-version
- name: swh-web-ingress
+ name: swh-web-ingress-default
annotations:
- cert-manager.io/cluster-issuer: letsencrypt-production-gandi
- kubernetes.io/ingress.class: nginx
- kubernetes.io/tls-acme: "true"
- nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+ cert-manager.io/cluster-issuer: letsencrypt-production-gandi
+ kubernetes.io/ingress.class: nginx
+ kubernetes.io/tls-acme: "true"
+ nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
rules:
- - http:
+ - host: webapp-cassandra-next-version.internal.staging.swh.network
+ http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web
port:
number: 5004
+
- path: /static
pathType: Prefix
backend:
service:
name: web
port:
number: 80
- host: webapp-cassandra-next-version.internal.staging.swh.network
+
tls:
- hosts:
- webapp-cassandra-next-version.internal.staging.swh.network
secretName: swh-web-crt
---
# Source: swh/charts/keda/templates/metrics-server/apiservice.yaml
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
annotations:
------------- diff for environment production -------------
--- /tmp/swh-chart.swh.CWDCbMEC/production.before 2023-10-12 16:45:47.514321184 +0200
+++ /tmp/swh-chart.swh.CWDCbMEC/production.after 2023-10-12 16:45:48.002320831 +0200
@@ -40440,45 +40440,47 @@
name: graphql
port:
number: 5013
host: webapp-cassandra.internal.softwareheritage.org
---
# Source: swh/templates/web/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: swh-cassandra
- name: swh-web-ingress
+ name: swh-web-ingress-default
annotations:
- cert-manager.io/cluster-issuer: letsencrypt-production-gandi
- kubernetes.io/ingress.class: nginx
- kubernetes.io/tls-acme: "true"
- nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+ cert-manager.io/cluster-issuer: letsencrypt-production-gandi
+ kubernetes.io/ingress.class: nginx
+ kubernetes.io/tls-acme: "true"
+ nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
rules:
- - http:
+ - host: webapp-cassandra.internal.softwareheritage.org
+ http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web
port:
number: 5004
+
- path: /static
pathType: Prefix
backend:
service:
name: web
port:
number: 80
- host: webapp-cassandra.internal.softwareheritage.org
+
tls:
- hosts:
- webapp-cassandra.internal.softwareheritage.org
secretName: swh-web-crt
---
# Source: swh/charts/keda/templates/metrics-server/apiservice.yaml
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
annotations:Edited by Antoine R. Dumont