Skip to content

✨(helm) redirecting system #1697

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
AntoLC wants to merge 8 commits into
base: main
Choose a base branch
from
+117 −16
Open

✨(helm) redirecting system #1697

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
f0dae52
♻️(frontend) replace auth redirect logic for home
AntoLC Dec 10, 2025
6be9978
✨(helm) create ingress-redirects template
AntoLC Dec 11, 2025
dc4f84a
testing-purpose-will-not-be-merged
AntoLC Dec 11, 2025
f8b3cbe
fixup! ✨(helm) create ingress-redirects template
AntoLC Dec 15, 2025
593ea27
fixup! testing-purpose-will-not-be-merged
AntoLC Dec 15, 2025
8f8d467
🔧(helm) add OIDC_REDIRECT_ALLOWED_HOSTS to fix authentication flow
AntoLC Dec 15, 2025
e9ef806
🐛(helm) fix OIDC authentication with standard scopes
AntoLC Dec 15, 2025
bec57db
fixup! ✨(helm) create ingress-redirects template
AntoLC Dec 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ and this project adheres to
### Added

- ✨(backend) allow to create a new user in a marketing system
- ✨(helm) redirecting system #1697

### Changed

Expand Down
2 changes: 1 addition & 1 deletion src/frontend/apps/impress/src/features/auth/components/Auth.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ export const Auth = ({ children }: PropsWithChildren) => {
if (config?.FRONTEND_HOMEPAGE_FEATURE_ENABLED) {
if (pathname !== HOME_URL) {
setIsRedirecting(true);
void replace(HOME_URL).then(() => setIsRedirecting(false));
window.location.replace(HOME_URL);
}

return;
Expand Down
2 changes: 1 addition & 1 deletion src/frontend/apps/impress/src/features/auth/conf.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import { baseApiUrl } from '@/api';

export const HOME_URL = '/home';
export const HOME_URL = '/home/';
export const LOGIN_URL = `${baseApiUrl()}authenticate/`;
export const LOGOUT_URL = `${baseApiUrl()}logout/`;
export const PATH_AUTH_LOCAL_STORAGE = 'docs-path-auth';
5 changes: 1 addition & 4 deletions src/frontend/apps/impress/src/pages/login/index.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,7 @@
import { useRouter } from 'next/router';

import { HOME_URL } from '@/features/auth';

const Page = () => {
const { replace } = useRouter();
void replace(HOME_URL);
window.location.replace(HOME_URL);
};

export default Page;
5 changes: 3 additions & 2 deletions src/helm/env.d/dev/values.impress.yaml.gotmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,16 +32,17 @@ backend:
LOGGING_LEVEL_LOGGERS_ROOT: INFO
LOGGING_LEVEL_LOGGERS_APP: INFO
OIDC_USERINFO_SHORTNAME_FIELD: "given_name"
OIDC_USERINFO_FULLNAME_FIELDS: "given_name,usual_name"
OIDC_USERINFO_FULLNAME_FIELDS: "given_name,family_name"
OIDC_OP_JWKS_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/certs
OIDC_OP_AUTHORIZATION_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/auth
OIDC_OP_TOKEN_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/token
OIDC_OP_USER_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/userinfo
OIDC_OP_LOGOUT_ENDPOINT: https://docs-keycloak.127.0.0.1.nip.io/realms/docs/protocol/openid-connect/logout
OIDC_REDIRECT_ALLOWED_HOSTS: "docs.127.0.0.1.nip.io"
OIDC_RP_CLIENT_ID: docs
OIDC_RP_CLIENT_SECRET: ThisIsAnExampleKeyForDevPurposeOnly
OIDC_RP_SIGN_ALGO: RS256
OIDC_RP_SCOPES: "openid email given_name usual_name"
OIDC_RP_SCOPES: "openid email profile"
LOGIN_REDIRECT_URL: https://docs.127.0.0.1.nip.io
LOGIN_REDIRECT_URL_FAILURE: https://docs.127.0.0.1.nip.io
LOGOUT_REDIRECT_URL: https://docs.127.0.0.1.nip.io
Expand Down
16 changes: 14 additions & 2 deletions src/helm/env.d/feature/values.impress.yaml.gotmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,16 +33,17 @@ backend:
LOGGING_LEVEL_LOGGERS_ROOT: INFO
LOGGING_LEVEL_LOGGERS_APP: INFO
OIDC_USERINFO_SHORTNAME_FIELD: "given_name"
OIDC_USERINFO_FULLNAME_FIELDS: "given_name,usual_name"
OIDC_USERINFO_FULLNAME_FIELDS: "given_name,family_name"
OIDC_OP_JWKS_ENDPOINT: https://{{ .Values.feature }}-docs-keycloak.{{ .Values.domain }}/realms/docs/protocol/openid-connect/certs
OIDC_OP_AUTHORIZATION_ENDPOINT: https://{{ .Values.feature }}-docs-keycloak.{{ .Values.domain }}/realms/docs/protocol/openid-connect/auth
OIDC_OP_TOKEN_ENDPOINT: https://{{ .Values.feature }}-docs-keycloak.{{ .Values.domain }}/realms/docs/protocol/openid-connect/token
OIDC_OP_USER_ENDPOINT: https://{{ .Values.feature }}-docs-keycloak.{{ .Values.domain }}/realms/docs/protocol/openid-connect/userinfo
OIDC_OP_LOGOUT_ENDPOINT: https://{{ .Values.feature }}-docs-keycloak.{{ .Values.domain }}/realms/docs/protocol/openid-connect/logout
OIDC_REDIRECT_ALLOWED_HOSTS: "{{ .Values.feature }}-docs.{{ .Values.domain }}"
OIDC_RP_CLIENT_ID: docs
OIDC_RP_CLIENT_SECRET: ThisIsAnExampleKeyForDevPurposeOnly
OIDC_RP_SIGN_ALGO: RS256
OIDC_RP_SCOPES: "openid email given_name usual_name"
OIDC_RP_SCOPES: "openid email profile"
LOGIN_REDIRECT_URL: https://{{ .Values.feature }}-docs.{{ .Values.domain }}
LOGIN_REDIRECT_URL_FAILURE: https://{{ .Values.feature }}-docs.{{ .Values.domain }}
LOGOUT_REDIRECT_URL: https://{{ .Values.feature }}-docs.{{ .Values.domain }}
Expand Down Expand Up @@ -141,6 +142,17 @@ yProvider:
COLLABORATION_SERVER_SECRET: my-secret
Y_PROVIDER_API_KEY: my-secret

ingressRedirects:
enabled: true
host: {{ .Values.feature }}-docs.{{ .Values.domain }}
rules:
- name: home
from: /home
to: https://lasuite.numerique.gouv.fr/produits/docs
- name: google
from: /google
to: https://docs.google.com

ingress:
enabled: true
host: {{ .Values.feature }}-docs.{{ .Values.domain }}
Expand Down
20 changes: 14 additions & 6 deletions src/helm/impress/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,14 @@
| `ingressCollaborationWS.annotations.nginx.ingress.kubernetes.io/proxy-read-timeout` | | `86400` |
| `ingressCollaborationWS.annotations.nginx.ingress.kubernetes.io/proxy-send-timeout` | | `86400` |
| `ingressCollaborationWS.annotations.nginx.ingress.kubernetes.io/upstream-hash-by` | | `$arg_room` |
| `ingressRedirects.enabled` | whether to enable the Ingress Redirects or not | `false` |
| `ingressRedirects.className` | IngressClass to use for the Ingress Redirects | `nil` |
| `ingressRedirects.host` | Host for the Ingress Redirects | `impress.example.com` |
| `ingressRedirects.tls.enabled` | Weather to enable TLS for the Ingress Redirects | `true` |
| `ingressRedirects.tls.secretName` | Secret name for TLS config | `nil` |
| `ingressRedirects.tls.additional[].secretName` | Secret name for additional TLS config | |
| `ingressRedirects.tls.additional[].hosts[]` | Hosts for additional TLS config | |
| `ingressRedirects.rules` | Rules for the Ingress Redirects | `[]` |
| `ingressCollaborationApi.enabled` | whether to enable the Ingress or not | `false` |
| `ingressCollaborationApi.className` | IngressClass to use for the Ingress | `nil` |
| `ingressCollaborationApi.host` | Host for the Ingress | `impress.example.com` |
Expand Down Expand Up @@ -113,15 +121,15 @@
| `backend.job.annotations` | Annotations to add to the job [default: argocd.argoproj.io/hook: PostSync] | |
| `backend.cronjobs` | Cronjob name, schedule, command | `[]` |
| `backend.probes.liveness.path` | Configure path for backend HTTP liveness probe | `/__heartbeat__` |
| `backend.probes.liveness.targetPort` | Configure port for backend HTTP liveness probe | `undefined` |
| `backend.probes.liveness.targetPort` | Configure port for backend HTTP liveness probe | `nil` |
| `backend.probes.liveness.initialDelaySeconds` | Configure initial delay for backend liveness probe | `10` |
| `backend.probes.liveness.initialDelaySeconds` | Configure timeout for backend liveness probe | `10` |
| `backend.probes.startup.path` | Configure path for backend HTTP startup probe | `undefined` |
| `backend.probes.startup.targetPort` | Configure port for backend HTTP startup probe | `undefined` |
| `backend.probes.startup.initialDelaySeconds` | Configure initial delay for backend startup probe | `undefined` |
| `backend.probes.startup.initialDelaySeconds` | Configure timeout for backend startup probe | `undefined` |
| `backend.probes.startup.path` | Configure path for backend HTTP startup probe | `nil` |
| `backend.probes.startup.targetPort` | Configure port for backend HTTP startup probe | `nil` |
| `backend.probes.startup.initialDelaySeconds` | Configure initial delay for backend startup probe | `nil` |
| `backend.probes.startup.initialDelaySeconds` | Configure timeout for backend startup probe | `nil` |
| `backend.probes.readiness.path` | Configure path for backend HTTP readiness probe | `/__lbheartbeat__` |
| `backend.probes.readiness.targetPort` | Configure port for backend HTTP readiness probe | `undefined` |
| `backend.probes.readiness.targetPort` | Configure port for backend HTTP readiness probe | `nil` |
| `backend.probes.readiness.initialDelaySeconds` | Configure initial delay for backend readiness probe | `10` |
| `backend.probes.readiness.initialDelaySeconds` | Configure timeout for backend readiness probe | `10` |
| `backend.resources` | Resource requirements for the backend container | `{}` |
Expand Down
63 changes: 63 additions & 0 deletions src/helm/impress/templates/ingress-redirects.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
{{- if .Values.ingressRedirects.enabled }}
{{- $fullName := include "impress.fullname" . -}}
{{- $ns := .Release.Namespace -}}

{{- range $i, $r := .Values.ingressRedirects.rules }}
{{- $host := $r.host | default $.Values.ingressRedirects.host -}}
{{- $from := $r.from | default "/home" -}}
{{- $to := required (printf "ingressRedirects.rules[%d].to is required" $i) $r.to -}}
{{- $name := printf "%s-redirect-%s" $fullName (replace "/" "-" (trimAll "/" $from)) | trunc 63 | trimSuffix "-" -}}
{{- if $i }}
---
{{- end }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $name }}
namespace: {{ $ns }}
annotations:
{{- if or (not $r.code) (eq (toString $r.code) "301") }}
nginx.ingress.kubernetes.io/permanent-redirect: "{{ $to }}"
{{- else }}
nginx.ingress.kubernetes.io/temporal-redirect: "{{ $to }}"
nginx.ingress.kubernetes.io/temporal-redirect-code: "{{ $r.code }}"
{{- end }}
spec:
{{- if $.Values.ingressRedirects.className }}
ingressClassName: {{ $.Values.ingressRedirects.className }}
{{- end }}
{{- if $.Values.ingressRedirects.tls.enabled }}
tls:
{{- if $host }}
- secretName: {{ $.Values.ingressRedirects.tls.secretName | default (printf "%s-tls" $fullName) | quote }}
hosts:
- {{ $host | quote }}
{{- end }}
{{- range $.Values.ingressRedirects.tls.additional }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
- host: {{ $host }}
http:
paths:
- path: {{ $from }}
pathType: Exact
backend:
service:
name: {{ include "impress.frontend.fullname" $ }}
port:
number: {{ $.Values.frontend.service.port }}
- path: {{ printf "%s/" (trimSuffix "/" $from) }}
pathType: Exact
backend:
service:
name: {{ include "impress.frontend.fullname" $ }}
port:
number: {{ $.Values.frontend.service.port }}
{{- end }}
{{- end }}
19 changes: 19 additions & 0 deletions src/helm/impress/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,25 @@ ingressCollaborationWS:
nginx.ingress.kubernetes.io/proxy-send-timeout: "86400"
nginx.ingress.kubernetes.io/upstream-hash-by: $arg_room

## @param ingressRedirects.enabled whether to enable the Ingress Redirects or not
## @param ingressRedirects.className IngressClass to use for the Ingress Redirects
## @param ingressRedirects.host Host for the Ingress Redirects
ingressRedirects:
Copy link
Member

@lunika lunika Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You have to add the documentation before thisblock (take a look at the other) and then run

$ cd src/helm/impress
$ ./generate-readme.sh

enabled: false
className: null
host: impress.example.com
## @param ingressRedirects.tls.enabled Weather to enable TLS for the Ingress Redirects
## @param ingressRedirects.tls.secretName Secret name for TLS config
## @skip ingressRedirects.tls.additional
## @extra ingressRedirects.tls.additional[].secretName Secret name for additional TLS config
## @extra ingressRedirects.tls.additional[].hosts[] Hosts for additional TLS config
tls:
enabled: true
secretName: null
additional: []
## @param ingressRedirects.rules Rules for the Ingress Redirects
rules: []

## @param ingressCollaborationApi.enabled whether to enable the Ingress or not
## @param ingressCollaborationApi.className IngressClass to use for the Ingress
## @param ingressCollaborationApi.host Host for the Ingress
Expand Down
Loading