From 95b3f5afeabec72f38397498f1b6f8cc48c53446 Mon Sep 17 00:00:00 2001
From: Johannes Bornhold <johannes.bornhold.extern@univention.de>
Date: Wed, 25 Sep 2024 18:37:15 +0200
Subject: [PATCH] fix(nubus): Add interim ingress configuration fixing UMC in
 German

---
 helmfile/apps/nubus/values-nubus.yaml.gotmpl | 69 ++++++++++++++++++++
 1 file changed, 69 insertions(+)

diff --git a/helmfile/apps/nubus/values-nubus.yaml.gotmpl b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
index 192fd751..eb0de29b 100644
--- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
@@ -231,6 +231,66 @@ nubusPortalFrontend:
       enabled: {{ .Values.ingress.tls.enabled }}
       secretName: {{ .Values.ingress.tls.secretName }}
 
+    # TODO: Remove the block "items" once the "redirects" section has been
+    # corrected.
+    #
+    # This does override the path configuration of the ingress
+    # "ums-portal-frontend-redirects" to avoid that "/univention/*" is
+    # redirected to "/univention/portal/".
+    items:
+      - name: rewrites
+        # -- Define the Fully Qualified Domain Name (FQDN) where application should be reachable.
+        host: ""
+
+        # -- Define the Ingress paths.
+        paths:
+          - path: /univention/(portal|selfservice)/
+            pathType: ImplementationSpecific
+          - path: /univention/(portal|selfservice)/index.html
+            pathType: ImplementationSpecific
+          - path: /univention/(portal|selfservice)/(css|fonts|i18n|media|js|oidc|custom)(/.*)
+            pathType: ImplementationSpecific
+          - path: /univention/(portal)/(icons)(/.*)$
+            pathType: ImplementationSpecific
+
+        # -- The Ingress controller class name.
+        ingressClassName: ""
+
+        # -- Define custom ingress annotations.
+        # annotations:
+        #   nginx.ingress.kubernetes.io/rewrite-target: /
+        annotations:
+          nginx.ingress.kubernetes.io/rewrite-target: "/$2$3"
+          nginx.ingress.kubernetes.io/use-regex: "true"
+
+        # -- Secure an Ingress by specifying a Secret that contains a TLS private key and certificate.
+        #
+        # Ref.: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+        tls:
+          # enabled: true
+          # Set to override the global secretName
+          secretName: ""
+      - name: redirects
+        host: ""
+        paths:
+          - pathType: Exact
+            path: /$
+          - pathType: Exact
+            path: /univention$
+          - pathType: Exact
+            path: /univention/$
+          - pathType: Exact
+            path: /univention/portal$
+          - pathType: Exact
+            path: /univention/selfservice$
+        ingressClassName: ""
+        annotations:
+          nginx.ingress.kubernetes.io/permanent-redirect: "/univention/portal/"
+        tls:
+          # enabled: true
+          # Set to override the global secretName
+          secretName: ""
+
 nubusKeycloakExtensions:
   keycloak:
     auth:
@@ -453,6 +513,15 @@ nubusUmcGateway:
       enabled: {{ .Values.ingress.tls.enabled }}
       secretName: {{ .Values.ingress.tls.secretName | quote }}
 
+    # TODO: Remove the block "paths" once it has been corrected upstream.
+    paths:
+        - path: /()(univention/)(languages.json|meta.json|theme.css)
+          pathType: ImplementationSpecific
+        - path: /()(univention/)((js|management|themes)/.*)
+          pathType: ImplementationSpecific
+        - path: /()(univention/login/)(dialog.js|main.js|LoginDialog.js|i18n/.*?/main.json)
+          pathType: ImplementationSpecific
+
 nubusKeycloakBootstrap:
   additionalAnnotations:
     argocd.argoproj.io/hook: "Sync"