fix: only proxy GET requests to code.forgejo anubis (#488)
```sh
earl-warren:~/software/k8s-cluster/flux/apps$ kustomize build --load-restrictor LoadRestrictionsNone forgejo-code > /tmp/before.txt
earl-warren:~/software/k8s-cluster/flux/apps$ kustomize build --load-restrictor LoadRestrictionsNone forgejo-code > /tmp/after.txt
earl-warren:~/software/k8s-cluster/flux/apps$ diff -u /tmp/before.txt /tmp/after.txt
```
```diff
-- /tmp/before.txt 2025-05-04 12:03:43.408378869 +0200
+++ /tmp/after.txt 2025-05-04 12:29:46.696879731 +0200
@@ -437,7 +437,6 @@
paths:
- path: /
pathType: Prefix
- port: anubis
- host: data.forgejo.org
paths:
- path: /api/
@@ -619,6 +618,26 @@
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
+metadata:
+ annotations:
+ kubernetes.io/ingress.class: traefik
+ name: anubis-code-forgejo
+ namespace: forgejo-code
+spec:
+ entryPoints:
+ - websecure
+ routes:
+ - kind: Rule
+ match: Host(`code.forgejo.org`) && Method(`GET`)
+ priority: 1100
+ services:
+ - name: forgejo-code-http
+ port: anubis
+ tls:
+ secretName: tls-forgejo-code-ingress-http
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
metadata:
annotations:
kubernetes.io/ingress.class: traefik
```
Reviewed-on: https://invisible.forgejo.org/infrastructure/k8s-cluster/pulls/488
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
This commit is contained in:
Earl Warren
earl-warren
parent
536d8aed24
commit
1a8e2c5c6d
3 changed files with 24 additions and 1 deletions
flux/apps/forgejo-code
23
flux/apps/forgejo-code/anubis-route.yaml
Normal file
23
flux/apps/forgejo-code/anubis-route.yaml
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
apiVersion: traefik.io/v1alpha1
|
||||
# https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-ingressroute
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: anubis-code-forgejo
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
# https://doc.traefik.io/traefik/v3.1/routing/routers/#rule
|
||||
|
||||
# Anubis has issues with POST requests https://github.com/TecharoHQ/anubis/issues/211
|
||||
- match: 'Host(`code.forgejo.org`) && Method(`GET`)'
|
||||
kind: Rule
|
||||
priority: 1100
|
||||
services:
|
||||
# Created by the Forgejo helm chart and named <releaseName>-http
|
||||
- name: forgejo-code-http
|
||||
port: anubis # anubis http port on kubernetes service
|
||||
tls:
|
||||
secretName: tls-forgejo-code-ingress-http
|
||||
|
|
@ -54,7 +54,6 @@ spec:
|
|||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
port: anubis
|
||||
# reverse proxy data instead of redirect to code
|
||||
# we need to use reverse proxy for docker api, otherwise renovate will misbehave
|
||||
- host: data.forgejo.org
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ resources:
|
|||
- pvc.yaml
|
||||
- forgejo-code.yaml
|
||||
- forgejo-route.yaml
|
||||
- anubis-route.yaml
|
||||
- forgejo-data.yaml
|
||||
- git-mirror-pvc.yaml
|
||||
- git-mirror.yaml
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue