easylinux/Maison
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initialisation depot

Browse Source
This commit is contained in:
Serge NOEL
2026-02-10 12:12:11 +01:00
commit c3176e8d79
818 changed files with 52573 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

161
arti-api/traefik-simple.yaml Normal file
View File

@@ -0,0 +1,161 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: arti-api
namespace: {{ .Values.global.Category }}--{{ .Values.global.Name }}--{{ .Values.global.Type }}
spec:
entryPoints:
- websecure
routes:
# Internal network gets full access
- match: Host(`{{ .Values.global.Api.Url }}`) && ClientIP(`192.168.100.0/24`)
kind: Rule
priority: 1000
services:
- name: api
port: 8000
# External users only get root path
- match: Host(`{{ .Values.global.Api.Url }}`) && Path(`/`)
kind: Rule
priority: 500
services:
- name: api
port: 8000
# Block all other external access
- match: Host(`{{ .Values.global.Api.Url }}`)
kind: Rule
priority: 100
services:
- name: blocked-service
port: 80
tls:
certResolver: letsencrypt
---
# Service for blocked requests
apiVersion: v1
kind: Service
metadata:
name: blocked-service
namespace: {{ .Values.global.Category }}--{{ .Values.global.Name }}--{{ .Values.global.Type }}
spec:
selector:
app: blocked-nginx
ports:
- port: 80
targetPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: blocked-nginx
namespace: {{ .Values.global.Category }}--{{ .Values.global.Name }}--{{ .Values.global.Type }}
spec:
replicas: 1
selector:
matchLabels:
app: blocked-nginx
template:
metadata:
labels:
app: blocked-nginx
spec:
containers:
- name: nginx
image: nginx:alpine
ports:
- containerPort: 80
volumeMounts:
- name: nginx-config
mountPath: /etc/nginx/conf.d
- name: nginx-html
mountPath: /usr/share/nginx/html
volumes:
- name: nginx-config
configMap:
name: blocked-nginx-config
- name: nginx-html
configMap:
name: blocked-nginx-html
---
apiVersion: v1
kind: ConfigMap
metadata:
name: blocked-nginx-config
namespace: {{ .Values.global.Category }}--{{ .Values.global.Name }}--{{ .Values.global.Type }}
data:
default.conf: |
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
# Ensure all requests serve the index.html
error_page 404 /index.html;
}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: blocked-nginx-html
namespace: {{ .Values.global.Category }}--{{ .Values.global.Name }}--{{ .Values.global.Type }}
data:
index.html: |
<!DOCTYPE html>
<html>
<head>
<title>Access Denied - Artifactory</title>
<style>
body {
font-family: Arial, sans-serif;
text-align: center;
padding: 50px;
background-color: #f8f9fa;
}
.container {
max-width: 600px;
margin: 0 auto;
background: white;
padding: 40px;
border-radius: 8px;
box-shadow: 0 2px 10px rgba(0,0,0,0.1);
}
.error-code {
font-size: 4em;
color: #dc3545;
margin-bottom: 20px;
}
.error-message {
font-size: 1.5em;
color: #333;
margin-bottom: 20px;
}
.error-description {
color: #666;
margin-bottom: 30px;
}
.access-info {
background: #e3f2fd;
padding: 20px;
border-radius: 4px;
border-left: 4px solid #2196f3;
}
</style>
</head>
<body>
<div class="container">
<div class="error-code">403</div>
<div class="error-message">Access Denied</div>
<div class="error-description">
This endpoint is only accessible from the internal network.
</div>
</div>
</body>
</html>