feature: public exposition ingress are shitty

main.go

@@ -21,10 +21,11 @@ func main() {
 					Health: "/",
 				},
 			},
+			Public: true,
 			Env: map[string]string{
 				"version": "1.0.0",
 			},
-			Dns:            pulumi.StringRef("pulumi-test-nginx.localdomain"),
+			//Dns:            pulumi.StringRef("pulumi-test-nginx.localdomain"),
 			AllowAllOrigin: true,
 		})
 		if err != nil {

pkg/application/generic.go

@@ -20,6 +20,7 @@ type Configuration struct {
 	Replicas       *int
 	Env            map[string]string
 	AllowAllOrigin bool
+	Public         bool
 }
 
 type ImagesConfiguration struct {
@@ -43,6 +44,7 @@ type application struct {
 	Replicas       int
 	Env            map[string]string
 	AllowAllOrigin bool
+	Public         bool
 
 	shouldCreateDns         bool
 	shouldCreateCertificate bool
@@ -64,6 +66,7 @@ func NewApplication(ctx *pulumi.Context, configuration *Configuration) (*Created
 			Namespace:      configuration.Namespace,
 			Env:            configuration.Env,
 			AllowAllOrigin: configuration.AllowAllOrigin,
+			Public:         configuration.Public,
 		}
 
 		var preventDuplicatePath []string
@@ -92,6 +95,10 @@ func NewApplication(ctx *pulumi.Context, configuration *Configuration) (*Created
 			application.Replicas = 1
 		}
 
+		if configuration.Dns != nil && configuration.Public {
+			return nil, errors.New("public exposition and DNS are incompatible")
+		}
+
 		if configuration.Dns != nil {
 			application.Dns = *configuration.Dns
 			application.shouldCreateDns = true
@@ -99,6 +106,12 @@ func NewApplication(ctx *pulumi.Context, configuration *Configuration) (*Created
 			application.shouldCreateIngress = true
 		}
 
+		if configuration.Public {
+			application.shouldCreateDns = false
+			application.shouldCreateCertificate = false
+			application.shouldCreateIngress = true
+		}
+
 		err := ctx.RegisterComponentResource("pkg:application:CreatedApplication", configuration.Name, application)
 		if err != nil {
 			return nil, err
@@ -191,6 +204,7 @@ func (application *application) createResources(ctx *pulumi.Context) (*CreatedAp
 			application.Name,
 			application.Dns,
 			application.AllowAllOrigin,
+			application.Public,
 			ingressServices,
 		)
 

pkg/exposition/ingress.go

@@ -13,6 +13,7 @@ import (
 type IngressConfiguration struct {
 	Name            string
 	Dns             string
+	Public          bool
 	ResponseHeaders *traefik.MiddlewareSpecHeadersArgs
 	services        []IngressServices
 }
@@ -22,11 +23,12 @@ type IngressServices struct {
 	Path    string
 }
 
-func NewIngressConfiguration(name string, dns string, allowAllOrigin bool, services []IngressServices) *IngressConfiguration {
+func NewIngressConfiguration(name string, dns string, allowAllOrigin bool, public bool, services []IngressServices) *IngressConfiguration {
 	ingressConfiguration := &IngressConfiguration{
 		Name:     name,
 		Dns:      dns,
 		services: services,
+		Public:   public,
 	}
 
 	if allowAllOrigin {
@@ -68,7 +70,6 @@ func (ingress *IngressConfiguration) CreateIngress(
 
 	ingressAnnotations := pulumi.StringMap{
 		"traefik.ingress.kubernetes.io/router.middlewares": middlewares,
-		"traefik.ingress.kubernetes.io/router.entrypoints": pulumi.String("websecure"),
 	}
 
 	// https routing
@@ -88,15 +89,48 @@ func (ingress *IngressConfiguration) CreateIngress(
 		})
 	}
 
-	// create http redirect to https
-	err := ingress.createHttpRedirectIngress(ctx, namespace, parentApplication, ingressPaths)
-	if err != nil {
-		return err
+	var hosts pulumi.StringArray
+	var certificateSecretName pulumi.StringOutput
+	var namespaceName pulumi.StringPtrOutput
+	if ingress.Public {
+		ingressAnnotations["traefik.ingress.kubernetes.io/router.entrypoints"] = pulumi.String("exp-websecure")
+		hosts = toPulumiStringArray([]string{"antoine-roux.tk", "antoineroux.tk", "www.antoine-roux.tk", "www.antoineroux.tk"})
+		publicCertificate, err := certManager.GetCertificate(ctx, "nginxfront-certificate", pulumi.ID("default-public/nginxfront"), nil)
+		if err != nil {
+			return err
+		}
+		certificateSecretName = publicCertificate.Spec.SecretName()
+		publicNamespace, err := v1.GetNamespace(ctx, "default-public", pulumi.ID("default-public"), nil)
+		if err != nil {
+			return err
+		}
+		namespaceName = publicNamespace.Metadata.Name()
+
+	} else {
+		ingressAnnotations["traefik.ingress.kubernetes.io/router.entrypoints"] = pulumi.String("websecure")
+		hosts = toPulumiStringArray([]string{ingress.Dns})
+		certificateSecretName = certificate.Spec.SecretName()
+
+		// create http redirect to https
+		err := ingress.createHttpRedirectIngress(ctx, namespace, parentApplication, ingressPaths)
+		if err != nil {
+			return err
+		}
+		namespaceName = namespace.Metadata.Name()
 	}
 
-	_, err = networking.NewIngress(ctx, fmt.Sprintf("%s-https", ingress.Name), &networking.IngressArgs{
+	var ingressRules networking.IngressRuleArray
+	for _, host := range hosts {
+		ingressRules = append(ingressRules, networking.IngressRuleArgs{
+			Host: host,
+			Http: &networking.HTTPIngressRuleValueArgs{
+				Paths: ingressPaths,
+			},
+		})
+	}
+	_, err := networking.NewIngress(ctx, fmt.Sprintf("%s-https", ingress.Name), &networking.IngressArgs{
 		Metadata: &meta.ObjectMetaArgs{
-			Namespace: namespace.Metadata.Name(),
+			Namespace: namespaceName,
 			Labels: pulumi.StringMap{
 				"app.kubernetes.io/part-of":    pulumi.String(ingress.Name),
 				"app.kubernetes.io/managed-by": pulumi.String("pulumi"),
@@ -105,20 +139,11 @@ func (ingress *IngressConfiguration) CreateIngress(
 		},
 		Spec: &networking.IngressSpecArgs{
 			IngressClassName: pulumi.String("traefik-internal"),
-			Rules: &networking.IngressRuleArray{
-				networking.IngressRuleArgs{
-					Host: pulumi.StringPtr(ingress.Dns),
-					Http: &networking.HTTPIngressRuleValueArgs{
-						Paths: ingressPaths,
-					},
-				},
-			},
+			Rules:            &ingressRules,
 			Tls: &networking.IngressTLSArray{
 				networking.IngressTLSArgs{
-					Hosts: pulumi.StringArray{
-						pulumi.String(ingress.Dns),
-					},
-					SecretName: certificate.Spec.SecretName(),
+					Hosts:      hosts,
+					SecretName: certificateSecretName,
 				},
 			},
 		},