[fix] URL routing for Quay's “private” SATOSA instance

- Use a `Route` object, rather than an `Ingress` - Have SATOSA live and serve under si-quay.epfl.ch/tequila, rather than having a dedicated host name - Eliminate `satosa_hostname` variable
epfl-si · Oct 4, 2023 · 8ce2c8f · 8ce2c8f
1 parent 63cdc96
commit 8ce2c8f
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 17 deletions.
diff --git a/roles/openshift4-registry/templates/satosa/satosa-k8s-objects.yaml b/roles/openshift4-registry/templates/satosa/satosa-k8s-objects.yaml
@@ -168,23 +168,16 @@ spec:
 
 ---
 
-apiVersion: networking.k8s.io/v1
-kind: Ingress
+apiVersion: route.openshift.io/v1
+kind: Route
 metadata:
   name: satosa
   namespace: {{ satosa_namespace }}
-  annotations:
-    kubernetes.io/ingress.class: nginx
-    nginx.ingress.kubernetes.io/ssl-redirect: 'false'
 spec:
-  rules:
-    - host: {{ satosa_hostname }}
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service: 
-                name: satosa
-                port: 
-                  number: 80
+  host: {{ quay_hostname }}
+  port:
+    targetPort: http
+  path: /tequila
+  to:
+    kind: Service
+    name: satosa
diff --git a/roles/openshift4-registry/vars/satosa-vars.yml b/roles/openshift4-registry/vars/satosa-vars.yml
@@ -12,7 +12,7 @@ satosa_keybase:
   saml_private_key: "{{ inventory_quay_satosa_secrets_folder }}/satosa-backend.key"
   saml_certificate: "{{ inventory_quay_satosa_secrets_folder }}/satosa-backend.crt"
 
-satosa_base_url: "https://{{ satosa_hostname }}"
+satosa_base_url: "https://{{ quay_hostname }}"
 satosa_tequila_saml_entity_name: tequila
 satosa_tequila_saml_entity_id: "{{ satosa_base_url }}/{{ satosa_tequila_saml_entity_name }}"
 satosa_tequila_saml_metadata_url: "https://{{ satosa_tequila_hostname }}/metadata.{{ satosa_tequila_hostname_short }}-IdP-new.xml"