openova/openova
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity
5fdd33b7c0
openova/products/catalyst/chart/templates/ingress.yaml
e3mrah e051200fb2
fix(catalyst-ui): add /assets + /component-logos ingress rules for Kustomize path (#616) 
With Vite base: '/' (issue #596/#599), the HTML at /sovereign/ references
static assets as /assets/*.js — the browser sends the request as
console.openova.io/assets/* without the /sovereign/ prefix. The existing
console-sovereign Ingress only matches /sovereign/*, so /assets/* fell
through to the SME console's catch-all → 404, leaving the page blank.

Add a second Ingress (console-sovereign-assets, priority 90) that routes
/assets/*, /component-logos/*, and /favicon.svg directly to catalyst-ui
without a strip-prefix middleware. nginx receives the exact path the
browser sent, which is what it expects when base: '/'.

Also fixes the magic-link login page (#608) which was blank for the same
reason.

Co-authored-by: alierenbaysal <alierenbaysal@openova.io>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-02 18:36:38 +04:00

94 lines
3.0 KiB
YAML
Raw Blame History

# Contabo-mkt only — applied via Flux Kustomization. Sovereigns skip via .helmignore.
# Catalyst UI (Sovereign tier console) is served at
# https://console.openova.io/sovereign/*.
#
# The TLS cert for console.openova.io is owned by the sme namespace
# (console-openova-tls managed by cert-manager on the console-nova
# ingress). Having another TLS-terminating ingress in this namespace
# caused Traefik to present different certs per SNI connection ->
# intermittent SSL errors in the browser.
#
# Fix: this ingress exposes the HTTP-only route with the strip-sovereign
# middleware. Traefik serves TLS using the sme-owned cert because it
# aggregates cert providers by hostname.
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: strip-sovereign
namespace: catalyst
spec:
stripPrefix:
prefixes:
- /sovereign
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: console-sovereign
namespace: catalyst
annotations:
traefik.ingress.kubernetes.io/router.priority: "100"
traefik.ingress.kubernetes.io/router.middlewares: "catalyst-strip-sovereign@kubernetescrd"
spec:
ingressClassName: traefik
rules:
- host: console.openova.io
http:
paths:
- path: /sovereign
pathType: Prefix
backend:
service:
name: catalyst-ui
port:
number: 80
---
# Static asset routing for the Catalyst-Zero UI.
#
# With Vite base: '/' (issue #596/#599), the HTML at /sovereign/ references
# assets as /assets/*.js — the browser requests console.openova.io/assets/*
# directly (no /sovereign/ prefix). The strip-sovereign middleware on
# console-sovereign only applies to /sovereign/* paths, so /assets/* would
# fall through to the SME console's catch-all and return 404.
#
# This ingress routes /assets/* and /favicon.svg to catalyst-ui WITHOUT
# stripping any prefix (no middleware), so nginx receives /assets/* directly.
# Priority 90 (below console-sovereign at 100) ensures /sovereign/* is
# handled first; /assets/* only reaches this rule when there is no /sovereign
# prefix on the request — which is exactly the Vite static-asset case.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: console-sovereign-assets
namespace: catalyst
annotations:
traefik.ingress.kubernetes.io/router.priority: "90"
spec:
ingressClassName: traefik
rules:
- host: console.openova.io
http:
paths:
- path: /assets
pathType: Prefix
backend:
service:
name: catalyst-ui
port:
number: 80
- path: /favicon.svg
pathType: Exact
backend:
service:
name: catalyst-ui
port:
number: 80
- path: /component-logos
pathType: Prefix
backend:
service:
name: catalyst-ui
port:
number: 80
Reference in New Issue View Git Blame Copy Permalink