bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

comms: harden matrix auth ingress routes for MAS

Browse Source
This commit is contained in:
Brad Stein 2026-03-30 08:21:19 -03:00
parent a0dd349856
commit 661deffe03
1 changed files with 50 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
services/comms/matrix-ingress.yaml
View File

@ -7,6 +7,7 @@ metadata:
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.priority: "120"
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
spec: spec:
ingressClassName: traefik ingressClassName: traefik
@ -43,6 +44,13 @@ spec:
name: matrix-authentication-service name: matrix-authentication-service
port: port:
number: 8080 number: 8080
- path: /_matrix/client/r0/login
pathType: Prefix
backend:
service:
name: matrix-authentication-service
port:
number: 8080
- path: /_matrix/client/v3/logout - path: /_matrix/client/v3/logout
pathType: Exact pathType: Exact
backend: backend:
@ -57,6 +65,41 @@ spec:
name: matrix-authentication-service name: matrix-authentication-service
port: port:
number: 8080 number: 8080
- path: /account
pathType: Prefix
backend:
service:
name: matrix-authentication-service
port:
number: 8080
- path: /authorize
pathType: Prefix
backend:
service:
name: matrix-authentication-service
port:
number: 8080
- path: /oauth2
pathType: Prefix
backend:
service:
name: matrix-authentication-service
port:
number: 8080
- path: /.well-known/openid-configuration
pathType: Exact
backend:
service:
name: matrix-authentication-service
port:
number: 8080
- path: /.well-known/oauth-authorization-server
pathType: Exact
backend:
service:
name: matrix-authentication-service
port:
number: 8080
- path: /_matrix - path: /_matrix
pathType: Prefix pathType: Prefix
backend: backend:
@ -102,6 +145,13 @@ spec:
name: matrix-authentication-service name: matrix-authentication-service
port: port:
number: 8080 number: 8080
- path: /_matrix/client/r0/login
pathType: Prefix
backend:
service:
name: matrix-authentication-service
port:
number: 8080
- path: /_matrix/client/v3/logout - path: /_matrix/client/v3/logout
pathType: Exact pathType: Exact
backend: backend: