helm-charts icon indicating copy to clipboard operation
helm-charts copied to clipboard

Published 20 hours ago verified publisher icon kestra-io

Provide support for 2 ingress: public webhook endpoint & private UI

Open aballiet opened this issue 2 years ago • 0 comments
trafficstars

Feature description

As Kestra has these two types of entities accessing the Webserver:

  • users for UI
  • webhooks for triggers

They carry distinct purposes, so makes sense to divide their access.

When going to a production environment, we might want to allow public access of the webhook endpoint /api/v1/executions/webhook but restrict all the other paths to the UI.

Currently a single ingress is provided allowing us to define a specific annotation for the webhook endpoint within Helm chart

ingress:
  enabled: true
  className: ""
  annotations:
    kubernetes.io/ingress.class: nginx
  hosts:
    - host: kestra.webhook.${load-balancer-ip}.nip.io
      paths:
        - path: /api/v1/executions/webhook
          pathType: Prefix

Could be interesting to support another ingress for general UI access in order to restrict access using IAP or to a VPN.

This would facilitate deployment process.

aballiet avatar Aug 09 '23 10:08 aballiet