162 lines
4.0 KiB
YAML
162 lines
4.0 KiB
YAML
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: arti-api
|
|
namespace: {{ .Values.global.Category }}--{{ .Values.global.Name }}--{{ .Values.global.Type }}
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
# Internal network gets full access
|
|
- match: Host(`{{ .Values.global.Api.Url }}`) && ClientIP(`192.168.100.0/24`)
|
|
kind: Rule
|
|
priority: 1000
|
|
services:
|
|
- name: api
|
|
port: 8000
|
|
|
|
# External users only get root path
|
|
- match: Host(`{{ .Values.global.Api.Url }}`) && Path(`/`)
|
|
kind: Rule
|
|
priority: 500
|
|
services:
|
|
- name: api
|
|
port: 8000
|
|
|
|
# Block all other external access
|
|
- match: Host(`{{ .Values.global.Api.Url }}`)
|
|
kind: Rule
|
|
priority: 100
|
|
services:
|
|
- name: blocked-service
|
|
port: 80
|
|
|
|
tls:
|
|
certResolver: letsencrypt
|
|
---
|
|
# Service for blocked requests
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: blocked-service
|
|
namespace: {{ .Values.global.Category }}--{{ .Values.global.Name }}--{{ .Values.global.Type }}
|
|
spec:
|
|
selector:
|
|
app: blocked-nginx
|
|
ports:
|
|
- port: 80
|
|
targetPort: 80
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: blocked-nginx
|
|
namespace: {{ .Values.global.Category }}--{{ .Values.global.Name }}--{{ .Values.global.Type }}
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: blocked-nginx
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: blocked-nginx
|
|
spec:
|
|
containers:
|
|
- name: nginx
|
|
image: nginx:alpine
|
|
ports:
|
|
- containerPort: 80
|
|
volumeMounts:
|
|
- name: nginx-config
|
|
mountPath: /etc/nginx/conf.d
|
|
- name: nginx-html
|
|
mountPath: /usr/share/nginx/html
|
|
volumes:
|
|
- name: nginx-config
|
|
configMap:
|
|
name: blocked-nginx-config
|
|
- name: nginx-html
|
|
configMap:
|
|
name: blocked-nginx-html
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: blocked-nginx-config
|
|
namespace: {{ .Values.global.Category }}--{{ .Values.global.Name }}--{{ .Values.global.Type }}
|
|
data:
|
|
default.conf: |
|
|
server {
|
|
listen 80;
|
|
server_name _;
|
|
root /usr/share/nginx/html;
|
|
index index.html;
|
|
|
|
location / {
|
|
try_files $uri $uri/ /index.html;
|
|
}
|
|
|
|
# Ensure all requests serve the index.html
|
|
error_page 404 /index.html;
|
|
}
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: blocked-nginx-html
|
|
namespace: {{ .Values.global.Category }}--{{ .Values.global.Name }}--{{ .Values.global.Type }}
|
|
data:
|
|
index.html: |
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<title>Access Denied - Artifactory</title>
|
|
<style>
|
|
body {
|
|
font-family: Arial, sans-serif;
|
|
text-align: center;
|
|
padding: 50px;
|
|
background-color: #f8f9fa;
|
|
}
|
|
.container {
|
|
max-width: 600px;
|
|
margin: 0 auto;
|
|
background: white;
|
|
padding: 40px;
|
|
border-radius: 8px;
|
|
box-shadow: 0 2px 10px rgba(0,0,0,0.1);
|
|
}
|
|
.error-code {
|
|
font-size: 4em;
|
|
color: #dc3545;
|
|
margin-bottom: 20px;
|
|
}
|
|
.error-message {
|
|
font-size: 1.5em;
|
|
color: #333;
|
|
margin-bottom: 20px;
|
|
}
|
|
.error-description {
|
|
color: #666;
|
|
margin-bottom: 30px;
|
|
}
|
|
.access-info {
|
|
background: #e3f2fd;
|
|
padding: 20px;
|
|
border-radius: 4px;
|
|
border-left: 4px solid #2196f3;
|
|
}
|
|
</style>
|
|
</head>
|
|
<body>
|
|
<div class="container">
|
|
<div class="error-code">403</div>
|
|
<div class="error-message">Access Denied</div>
|
|
<div class="error-description">
|
|
This endpoint is only accessible from the internal network.
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html>
|