diff options
| author |  Joe Banks <[email protected]> | 2025-04-05 17:59:00 +0100 |
|---|---|---|
| committer | Joe Banks <[email protected]> | 2025-04-05 17:59:00 +0100 |
| commit | 29ad57f3ac4798e1637bcb595885ed2d8a6b04e4 (patch) | |
| tree | aa41a5a1b6115546497b452929b21c0c950b6361 | |
| parent | Set dev-log channel id back to default (diff) | |
Update ingresses with NGINX ingress upgrade
22 files changed, 29 insertions, 25 deletions
diff --git a/kubernetes/namespaces/apis/quackstack/ingress.yaml b/kubernetes/namespaces/apis/quackstack/ingress.yaml index 663f90c..ae2dc0c 100644 --- a/kubernetes/namespaces/apis/quackstack/ingress.yaml +++ b/kubernetes/namespaces/apis/quackstack/ingress.yaml @@ -4,7 +4,7 @@ metadata: annotations: nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" - nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/" name: quackstack namespace: apis spec: diff --git a/kubernetes/namespaces/default/redirects/github.yaml b/kubernetes/namespaces/default/redirects/github.yaml index 130b0dd..89e17b0 100644 --- a/kubernetes/namespaces/default/redirects/github.yaml +++ b/kubernetes/namespaces/default/redirects/github.yaml @@ -5,7 +5,7 @@ metadata: nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/rewrite-target: "https://github.com/python-discord/$1" nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" - nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/" name: github-redirect spec: tls: @@ -16,7 +16,7 @@ spec: - host: git.pythondiscord.com http: paths: - - path: /(.*) + - path: / pathType: Prefix backend: service: diff --git a/kubernetes/namespaces/default/redirects/paypal.yaml b/kubernetes/namespaces/default/redirects/paypal.yaml index d84afa1..81ce10d 100644 --- a/kubernetes/namespaces/default/redirects/paypal.yaml +++ b/kubernetes/namespaces/default/redirects/paypal.yaml @@ -5,7 +5,7 @@ metadata: nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/rewrite-target: "https://www.paypal.com/paypalme/pythondiscord" nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" - nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/" name: paypal-redirect spec: tls: @@ -16,7 +16,7 @@ spec: - host: paypal.pythondiscord.com http: paths: - - path: /(.*) + - path: / pathType: Prefix backend: service: diff --git a/kubernetes/namespaces/default/redirects/sentry.yaml b/kubernetes/namespaces/default/redirects/sentry.yaml index c4ad8e6..e737f14 100644 --- a/kubernetes/namespaces/default/redirects/sentry.yaml +++ b/kubernetes/namespaces/default/redirects/sentry.yaml @@ -5,7 +5,7 @@ metadata: nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/rewrite-target: "https://sentry.io/organizations/python-discord/issues/" nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" - nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/" name: sentry-redirect spec: tls: @@ -16,7 +16,7 @@ spec: - host: sentry.pythondiscord.com http: paths: - - path: /(.*) + - path: / pathType: Prefix backend: service: diff --git a/kubernetes/namespaces/forms/forms-backend/ingress.yaml b/kubernetes/namespaces/forms/forms-backend/ingress.yaml index 0fc9fb5..81ff563 100644 --- a/kubernetes/namespaces/forms/forms-backend/ingress.yaml +++ b/kubernetes/namespaces/forms/forms-backend/ingress.yaml @@ -4,7 +4,7 @@ metadata: annotations: nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" - nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/" name: forms-backend namespace: forms spec: diff --git a/kubernetes/namespaces/kube-system/nginx/values.yaml b/kubernetes/namespaces/kube-system/nginx/values.yaml index 858f041..c1aca57 100644 --- a/kubernetes/namespaces/kube-system/nginx/values.yaml +++ b/kubernetes/namespaces/kube-system/nginx/values.yaml @@ -7,6 +7,9 @@ controller: enable-real-ip: true forwarded-for-header: cf-connecting-ip generate-request-id: true + allow-snippet-annotations: true + annotations-risk-level: Critical + allow-cross-namespace-resources: true extraArgs: default-ssl-certificate: "default/pythondiscord.com-tls" diff --git a/kubernetes/namespaces/modmail/web/ingress.yaml b/kubernetes/namespaces/modmail/web/ingress.yaml index f54c022..0d250b2 100644 --- a/kubernetes/namespaces/modmail/web/ingress.yaml +++ b/kubernetes/namespaces/modmail/web/ingress.yaml @@ -4,7 +4,7 @@ metadata: annotations: nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" - nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/" name: modmail-web namespace: modmail spec: diff --git a/kubernetes/namespaces/monitoring/alerts/alertmanager/ingress.yaml b/kubernetes/namespaces/monitoring/alerts/alertmanager/ingress.yaml index 31c93d7..1028207 100644 --- a/kubernetes/namespaces/monitoring/alerts/alertmanager/ingress.yaml +++ b/kubernetes/namespaces/monitoring/alerts/alertmanager/ingress.yaml @@ -4,7 +4,7 @@ metadata: annotations: nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" - nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/" nginx.ingress.kubernetes.io/affinity: "cookie" nginx.ingress.kubernetes.io/session-cookie-name: "AlertManager_LB" nginx.ingress.kubernetes.io/session-cookie-domain: "alertmanager.pydis.wtf" diff --git a/kubernetes/namespaces/monitoring/grafana/ingress.yaml b/kubernetes/namespaces/monitoring/grafana/ingress.yaml index 60336e7..3f4b569 100644 --- a/kubernetes/namespaces/monitoring/grafana/ingress.yaml +++ b/kubernetes/namespaces/monitoring/grafana/ingress.yaml @@ -4,7 +4,7 @@ metadata: annotations: nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" - nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/" name: grafana namespace: monitoring spec: diff --git a/kubernetes/namespaces/monitoring/prometheus/ingress.yaml b/kubernetes/namespaces/monitoring/prometheus/ingress.yaml index ac5d6be..8a893a2 100644 --- a/kubernetes/namespaces/monitoring/prometheus/ingress.yaml +++ b/kubernetes/namespaces/monitoring/prometheus/ingress.yaml @@ -4,7 +4,7 @@ metadata: annotations: nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" - nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/" name: prometheus namespace: monitoring spec: diff --git a/kubernetes/namespaces/pixels/pixels-modsite/ingress.yaml b/kubernetes/namespaces/pixels/pixels-modsite/ingress.yaml index d4f3649..aabcb2c 100644 --- a/kubernetes/namespaces/pixels/pixels-modsite/ingress.yaml +++ b/kubernetes/namespaces/pixels/pixels-modsite/ingress.yaml @@ -4,7 +4,7 @@ metadata: annotations: nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" - nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/" name: pixels-modsite namespace: pixels spec: diff --git a/kubernetes/namespaces/pixels/pixels/ingress.yaml b/kubernetes/namespaces/pixels/pixels/ingress.yaml index 65fb03c..350b0ab 100644 --- a/kubernetes/namespaces/pixels/pixels/ingress.yaml +++ b/kubernetes/namespaces/pixels/pixels/ingress.yaml @@ -4,7 +4,7 @@ metadata: annotations: nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" - nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/" name: pixels namespace: pixels spec: diff --git a/kubernetes/namespaces/tooling/bitwarden/ingress.yaml b/kubernetes/namespaces/tooling/bitwarden/ingress.yaml index a1f7d16..ae145cf 100644 --- a/kubernetes/namespaces/tooling/bitwarden/ingress.yaml +++ b/kubernetes/namespaces/tooling/bitwarden/ingress.yaml @@ -4,7 +4,7 @@ metadata: annotations: nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" - nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/" name: bitwarden namespace: tooling spec: diff --git a/kubernetes/namespaces/tooling/ff-bot/ingress.yml b/kubernetes/namespaces/tooling/ff-bot/ingress.yml index 0c3cb4f..e707972 100644 --- a/kubernetes/namespaces/tooling/ff-bot/ingress.yml +++ b/kubernetes/namespaces/tooling/ff-bot/ingress.yml @@ -4,7 +4,7 @@ metadata: annotations: nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" - nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/" name: ff-bot namespace: tooling spec: diff --git a/kubernetes/namespaces/tooling/keycloak/ingress.yaml b/kubernetes/namespaces/tooling/keycloak/ingress.yaml index bfd4669..6d3bbfe 100644 --- a/kubernetes/namespaces/tooling/keycloak/ingress.yaml +++ b/kubernetes/namespaces/tooling/keycloak/ingress.yaml @@ -106,7 +106,8 @@ metadata: # hospital. Very well, you think, and because it's webscale, it books the # spot at two psychiatric hospitals at the same time, for high # availability. Thank you, Kubernetes, for solving this problem. - # nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" nginx.ingress.kubernetes.io/proxy-buffers-number: "4" nginx.ingress.kubernetes.io/proxy-buffer-size: "16k" nginx.ingress.kubernetes.io/server-snippet: | diff --git a/kubernetes/namespaces/tooling/metabase/ingress.yaml b/kubernetes/namespaces/tooling/metabase/ingress.yaml index c2c5436..c6c0aea 100644 --- a/kubernetes/namespaces/tooling/metabase/ingress.yaml +++ b/kubernetes/namespaces/tooling/metabase/ingress.yaml @@ -4,7 +4,7 @@ metadata: annotations: nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" - nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/" name: metabase namespace: tooling spec: diff --git a/kubernetes/namespaces/tooling/policy-bot/ingress.yaml b/kubernetes/namespaces/tooling/policy-bot/ingress.yaml index cd7d529..315c548 100644 --- a/kubernetes/namespaces/tooling/policy-bot/ingress.yaml +++ b/kubernetes/namespaces/tooling/policy-bot/ingress.yaml @@ -4,7 +4,7 @@ metadata: annotations: nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" - nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/" name: policy-bot namespace: tooling spec: diff --git a/kubernetes/namespaces/vault/ingress.yaml b/kubernetes/namespaces/vault/ingress.yaml index 7e42525..089cf90 100644 --- a/kubernetes/namespaces/vault/ingress.yaml +++ b/kubernetes/namespaces/vault/ingress.yaml @@ -4,7 +4,7 @@ metadata: annotations: nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" - nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/" name: vault namespace: vault spec: diff --git a/kubernetes/namespaces/web/pinnwand/ingress.yaml b/kubernetes/namespaces/web/pinnwand/ingress.yaml index 0d26356..39da303 100644 --- a/kubernetes/namespaces/web/pinnwand/ingress.yaml +++ b/kubernetes/namespaces/web/pinnwand/ingress.yaml @@ -4,7 +4,7 @@ metadata: annotations: nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" - nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/" # block HEAD requests nginx.ingress.kubernetes.io/configuration-snippet: | if ($request_method = HEAD) { diff --git a/kubernetes/namespaces/web/public-stats/ingress.yaml b/kubernetes/namespaces/web/public-stats/ingress.yaml index 83ba9e6..6e111d1 100644 --- a/kubernetes/namespaces/web/public-stats/ingress.yaml +++ b/kubernetes/namespaces/web/public-stats/ingress.yaml @@ -4,7 +4,7 @@ metadata: annotations: nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" - nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/" name: public-stats namespace: web spec: diff --git a/kubernetes/namespaces/web/site/ingress.yaml b/kubernetes/namespaces/web/site/ingress.yaml index 7b55d8f..17f261c 100644 --- a/kubernetes/namespaces/web/site/ingress.yaml +++ b/kubernetes/namespaces/web/site/ingress.yaml @@ -4,7 +4,7 @@ metadata: annotations: nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" - nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/" nginx.ingress.kubernetes.io/server-snippet: | location ~* /metrics { deny all; diff --git a/kubernetes/namespaces/web/site/redirect.yaml b/kubernetes/namespaces/web/site/redirect.yaml index 642a6a0..d9458f8 100644 --- a/kubernetes/namespaces/web/site/redirect.yaml +++ b/kubernetes/namespaces/web/site/redirect.yaml @@ -8,7 +8,7 @@ metadata: return 308 https://www.pythondiscord.com$request_uri; } nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" - nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://maintenance.python-discord.workers.dev/" name: www-redirect namespace: web spec: @@ -20,7 +20,7 @@ spec: - host: pythondiscord.com http: paths: - - path: /(.*) + - path: / pathType: Prefix backend: service: |