feat: optional site.yaml 'middlewares' list appended to Ingress middleware annotation
Lets a site opt into extra file-provider middlewares (e.g. authentik-forwardauth to auth-gate a site). Backward-compatible: absent/empty key renders the exact previous annotation.
This commit is contained in:
@@ -48,6 +48,11 @@ type: static # static | hugo | mkdocs
|
|||||||
# # so they're both un-uploaded AND un-deleted. Use this
|
# # so they're both un-uploaded AND un-deleted. Use this
|
||||||
# # for large assets managed out-of-band via aws-cli
|
# # for large assets managed out-of-band via aws-cli
|
||||||
# # (e.g. media files updated more often than the site code).
|
# # (e.g. media files updated more often than the site code).
|
||||||
|
# middlewares: # extra Traefik FILE-PROVIDER middleware names appended to the
|
||||||
|
# - authentik-forwardauth # Ingress annotation (after https-redirect,retry-upstream).
|
||||||
|
# # The middleware must already exist in the traefik-dynamic
|
||||||
|
# # ConfigMap. Use authentik-forwardauth to auth-gate a site
|
||||||
|
# # (also requires an Authentik proxy provider + app for the host).
|
||||||
```
|
```
|
||||||
|
|
||||||
`.gitea/workflows/publish.yaml`:
|
`.gitea/workflows/publish.yaml`:
|
||||||
|
|||||||
@@ -126,6 +126,7 @@ def render_site_manifests(site_name, action_dir, app_dir, manifests_dir, cfg):
|
|||||||
"domain": cfg["domain"],
|
"domain": cfg["domain"],
|
||||||
"aliases": cfg["aliases"],
|
"aliases": cfg["aliases"],
|
||||||
"namespace": NAMESPACE,
|
"namespace": NAMESPACE,
|
||||||
|
"middlewares": cfg["middlewares"],
|
||||||
}
|
}
|
||||||
render_templates(action_dir, template_vars, app_dir, manifests_dir)
|
render_templates(action_dir, template_vars, app_dir, manifests_dir)
|
||||||
|
|
||||||
|
|||||||
@@ -87,6 +87,10 @@ def parse_site_yaml(site_dir):
|
|||||||
if not isinstance(excludes, list) or any(not isinstance(p, str) for p in excludes):
|
if not isinstance(excludes, list) or any(not isinstance(p, str) for p in excludes):
|
||||||
die("excludes must be a list of string patterns")
|
die("excludes must be a list of string patterns")
|
||||||
|
|
||||||
|
middlewares = cfg.get("middlewares") or []
|
||||||
|
if not isinstance(middlewares, list) or any(not isinstance(m, str) for m in middlewares):
|
||||||
|
die("middlewares must be a list of Traefik file-provider middleware names")
|
||||||
|
|
||||||
site = {
|
site = {
|
||||||
"domain": cfg["domain"],
|
"domain": cfg["domain"],
|
||||||
"type": site_type,
|
"type": site_type,
|
||||||
@@ -95,6 +99,7 @@ def parse_site_yaml(site_dir):
|
|||||||
"content_dir": cfg.get("content_dir", ""),
|
"content_dir": cfg.get("content_dir", ""),
|
||||||
"tidy": cfg.get("tidy", True),
|
"tidy": cfg.get("tidy", True),
|
||||||
"excludes": excludes,
|
"excludes": excludes,
|
||||||
|
"middlewares": middlewares,
|
||||||
}
|
}
|
||||||
|
|
||||||
print("Site config:")
|
print("Site config:")
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ metadata:
|
|||||||
namespace: {{ namespace }}
|
namespace: {{ namespace }}
|
||||||
{%- if site_type != "docker" %}
|
{%- if site_type != "docker" %}
|
||||||
annotations:
|
annotations:
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: https-redirect@file,retry-upstream@file
|
traefik.ingress.kubernetes.io/router.middlewares: https-redirect@file,retry-upstream@file{% for m in middlewares %},{{ m }}@file{% endfor %}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
spec:
|
spec:
|
||||||
ingressClassName: traefik
|
ingressClassName: traefik
|
||||||
|
|||||||
Reference in New Issue
Block a user