From 13da9a887724a2a9f08d77362956ee660424d8ab Mon Sep 17 00:00:00 2001 From: rasmus Date: Sat, 3 Aug 2024 01:49:16 +0300 Subject: [PATCH] Add redirects sign.k-space.ee, members.k-space.ee There still are dead inventory links with members.k-space.ee --- README.md | 1 + hackerspace/inventory-extras.yaml | 25 +++++++++++++++++++++++++ hackerspace/inventory.yaml | 1 + signs/application-extras.yaml | 25 +++++++++++++++++++++++++ signs/application.yaml | 1 + 5 files changed, 53 insertions(+) create mode 100644 hackerspace/inventory-extras.yaml create mode 100644 signs/application-extras.yaml diff --git a/README.md b/README.md index 155b43d..962a6eb 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ Jump to docs: [inventory-app](hackerspace/README.md) / [cameras](camtiler/README - bind: Manage _additional_ DNS records with `kind: DNSEndpoint`. - [Prometheus](https://wiki.k-space.ee/en/hosting/monitoring): Collect metrics with `kind: PodMonitor` (alerts with `kind: PrometheusRule`). - [Slack bots](SLACK.md) and Kubernetes [CLUSTER.md](CLUSTER.md) itself. + [^nonginx]: No nginx annotations! Use `kind: Ingress` instead. `IngressRoute` is not used as it doesn't support [`external-dns`](bind/README.md) out of the box. [^authz]: Applications should use OpenID Connect (`kind: OIDCClient`) for authentication, whereever possible. If not possible, use `kind: OIDCMiddlewareClient` client, which will provide authentication via a Traefik middleware (`traefik.ingress.kubernetes.io/router.middlewares: passmower-proxmox@kubernetescrd`). Sometimes you might use both for extra security. diff --git a/hackerspace/inventory-extras.yaml b/hackerspace/inventory-extras.yaml new file mode 100644 index 0000000..bfa45be --- /dev/null +++ b/hackerspace/inventory-extras.yaml @@ -0,0 +1,25 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: members-inventory-redirect +spec: + redirectRegex: + regex: ^https://members.k-space.ee/(.*) + replacement: https://inventory.k-space.ee/${1} + permanent: false +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: members-inventory +spec: + entryPoints: + - websecure + routes: + - match: Host(`members.k-space.ee`) + kind: Rule + middlewares: + - name: members-inventory-redirect + services: + - kind: TraefikService + name: api@internal diff --git a/hackerspace/inventory.yaml b/hackerspace/inventory.yaml index 7b05e29..37777b9 100644 --- a/hackerspace/inventory.yaml +++ b/hackerspace/inventory.yaml @@ -105,6 +105,7 @@ metadata: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" external-dns.alpha.kubernetes.io/target: traefik.k-space.ee + external-dns.alpha.kubernetes.io/hostname: members.k-space.ee,inventory.k-space.ee spec: ingressClassName: shared rules: diff --git a/signs/application-extras.yaml b/signs/application-extras.yaml new file mode 100644 index 0000000..6f95c7a --- /dev/null +++ b/signs/application-extras.yaml @@ -0,0 +1,25 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: sign-redirect +spec: + redirectRegex: + regex: ^https://sign.k-space.ee/(.*) + replacement: https://signs.k-space.ee/${1} + permanent: true +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: sign +spec: + entryPoints: + - websecure + routes: + - match: Host(`sign.k-space.ee`) + kind: Rule + middlewares: + - name: sign-redirect + services: + - kind: TraefikService + name: api@internal diff --git a/signs/application.yaml b/signs/application.yaml index 17358ce..22e88c7 100644 --- a/signs/application.yaml +++ b/signs/application.yaml @@ -8,6 +8,7 @@ metadata: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" external-dns.alpha.kubernetes.io/target: traefik.k-space.ee + external-dns.alpha.kubernetes.io/hostname: sign.k-space.ee,signs.k-space.ee spec: rules: - host: signs.k-space.ee