sova/sova-deploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enable ingress basic auth for remote test contour.

Browse Source 
Protect all public URLs via nginx basic auth; exempt Gitea API/registry/git paths for CI.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Valeriy Petrov
2026-06-10 03:25:26 +03:00
parent 7967df9b42
commit b0e527e970
12 changed files with 64 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/adminpanel/templates/all.yaml
+9 -1
View File
@@ -77,11 +77,19 @@ kind: Ingress
metadata:
name: adminpanel
namespace: {{ .Values.namespace }}
{{- if .Values.ingress.tls.enabled }}
{{- if or .Values.ingress.tls.enabled .Values.ingress.basicAuth.enabled }}
annotations:
{{- if .Values.ingress.tls.enabled }}
cert-manager.io/cluster-issuer: {{ .Values.ingress.tls.clusterIssuer | quote }}
nginx.ingress.kubernetes.io/ssl-redirect: "true"
{{- end }}
{{- if .Values.ingress.basicAuth.enabled }}
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: {{ .Values.ingress.basicAuth.secretName | quote }}
nginx.ingress.kubernetes.io/auth-realm: {{ .Values.ingress.basicAuth.realm | quote }}
nginx.ingress.kubernetes.io/auth-skip-locations: {{ .Values.ingress.basicAuth.skipLocations | quote }}
{{- end }}
{{- end }}
spec:
ingressClassName: {{ .Values.ingress.className }}
{{- if .Values.ingress.tls.enabled }}
apps/adminpanel/values-test.yaml
+2
View File
@@ -4,6 +4,8 @@ ingress:
enabled: true
clusterIssuer: letsencrypt-prod
secretName: adminpanel-tls
basicAuth:
enabled: true
runtimeEnv:
API_BASE_URL: https://api.dev.sovamed.ru
image:
apps/adminpanel/values.yaml
+5
View File
@@ -13,6 +13,11 @@ ingress:
enabled: true
className: nginx
host: admin.test.sova.local
basicAuth:
enabled: false
secretName: contour-basic-auth
realm: "Sova Test Contour"
skipLocations: "/.well-known/acme-challenge"
runtimeEnv:
API_BASE_URL: http://api.test.sova.local
apps/backend/templates/all.yaml
+9 -1
View File
@@ -193,11 +193,19 @@ kind: Ingress
metadata:
name: backend
namespace: {{ .Values.namespace }}
{{- if .Values.ingress.tls.enabled }}
{{- if or .Values.ingress.tls.enabled .Values.ingress.basicAuth.enabled }}
annotations:
{{- if .Values.ingress.tls.enabled }}
cert-manager.io/cluster-issuer: {{ .Values.ingress.tls.clusterIssuer | quote }}
nginx.ingress.kubernetes.io/ssl-redirect: "true"
{{- end }}
{{- if .Values.ingress.basicAuth.enabled }}
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: {{ .Values.ingress.basicAuth.secretName | quote }}
nginx.ingress.kubernetes.io/auth-realm: {{ .Values.ingress.basicAuth.realm | quote }}
nginx.ingress.kubernetes.io/auth-skip-locations: {{ .Values.ingress.basicAuth.skipLocations | quote }}
{{- end }}
{{- end }}
spec:
ingressClassName: {{ .Values.ingress.className }}
{{- if .Values.ingress.tls.enabled }}
apps/backend/values-test.yaml
+2
View File
@@ -4,6 +4,8 @@ ingress:
enabled: true
clusterIssuer: letsencrypt-prod
secretName: backend-tls
basicAuth:
enabled: true
image:
tag: backend-v1.0.12-test
pullPolicy: IfNotPresent
apps/backend/values.yaml
+5
View File
@@ -17,6 +17,11 @@ ingress:
className: nginx
host: api.test.sova.local
tls: false
basicAuth:
enabled: false
secretName: contour-basic-auth
realm: "Sova Test Contour"
skipLocations: "/.well-known/acme-challenge"
resources:
php:
apps/cabinet/templates/all.yaml
+9 -1
View File
@@ -177,11 +177,19 @@ kind: Ingress
metadata:
name: cabinet
namespace: {{ .Values.namespace }}
{{- if .Values.ingress.tls.enabled }}
{{- if or .Values.ingress.tls.enabled .Values.ingress.basicAuth.enabled }}
annotations:
{{- if .Values.ingress.tls.enabled }}
cert-manager.io/cluster-issuer: {{ .Values.ingress.tls.clusterIssuer | quote }}
nginx.ingress.kubernetes.io/ssl-redirect: "true"
{{- end }}
{{- if .Values.ingress.basicAuth.enabled }}
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: {{ .Values.ingress.basicAuth.secretName | quote }}
nginx.ingress.kubernetes.io/auth-realm: {{ .Values.ingress.basicAuth.realm | quote }}
nginx.ingress.kubernetes.io/auth-skip-locations: {{ .Values.ingress.basicAuth.skipLocations | quote }}
{{- end }}
{{- end }}
spec:
ingressClassName: {{ .Values.ingress.className }}
{{- if .Values.ingress.tls.enabled }}
apps/cabinet/values-test.yaml
+2
View File
@@ -4,6 +4,8 @@ ingress:
enabled: true
clusterIssuer: letsencrypt-prod
secretName: cabinet-tls
basicAuth:
enabled: true
image:
tag: cabinet-v1.0.12-test
pullPolicy: IfNotPresent
apps/cabinet/values.yaml
+5 -1
View File
@@ -16,7 +16,11 @@ ingress:
enabled: true
className: nginx
host: cabinet.test.sova.local
basicAuth:
enabled: false
secretName: contour-basic-auth
realm: "Sova Test Contour"
skipLocations: "/.well-known/acme-challenge"
resources:
php:
requests:
apps/docs/templates/all.yaml
Vendored
+9 -1
View File
@@ -47,11 +47,19 @@ kind: Ingress
metadata:
name: docs
namespace: {{ .Values.namespace }}
{{- if .Values.ingress.tls.enabled }}
{{- if or .Values.ingress.tls.enabled .Values.ingress.basicAuth.enabled }}
annotations:
{{- if .Values.ingress.tls.enabled }}
cert-manager.io/cluster-issuer: {{ .Values.ingress.tls.clusterIssuer | quote }}
nginx.ingress.kubernetes.io/ssl-redirect: "true"
{{- end }}
{{- if .Values.ingress.basicAuth.enabled }}
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: {{ .Values.ingress.basicAuth.secretName | quote }}
nginx.ingress.kubernetes.io/auth-realm: {{ .Values.ingress.basicAuth.realm | quote }}
nginx.ingress.kubernetes.io/auth-skip-locations: {{ .Values.ingress.basicAuth.skipLocations | quote }}
{{- end }}
{{- end }}
spec:
ingressClassName: {{ .Values.ingress.className }}
{{- if .Values.ingress.tls.enabled }}
apps/docs/values-test.yaml
+2
View File
@@ -4,6 +4,8 @@ ingress:
enabled: true
clusterIssuer: letsencrypt-prod
secretName: docs-tls
basicAuth:
enabled: true
image:
tag: docs-v1.0.12-test
pullPolicy: IfNotPresent
apps/docs/values.yaml
+5 -1
View File
@@ -13,7 +13,11 @@ ingress:
enabled: true
className: nginx
host: docs.sova.local
basicAuth:
enabled: false
secretName: contour-basic-auth
realm: "Sova Test Contour"
skipLocations: "/.well-known/acme-challenge"
resources:
requests:
cpu: 25m