Skip to content

✨(helm) redirecting system #1697

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
AntoLC wants to merge 7 commits into
base: main
Choose a base branch
from
Open

✨(helm) redirecting system #1697

AntoLC wants to merge 7 commits into from

Conversation

@AntoLC
Copy link
Collaborator

@AntoLC AntoLC commented Dec 5, 2025
edited
Loading

Purpose

We want to replace the LaSuite Docs landing page (https://docs.numerique.gouv.fr/home/) by the new one (https://lasuite.numerique.gouv.fr/produits/docs).
We will redirect to it if the app targets /home/ page.
To target only our instance it will be configurable thanks to the helm charts.

How to use

In your env.d folder set the ingressRedirects as you want, it can be a array of redirections, redirecting with a special code (default code 301):

example: ./src/helm/env.d/feature/values.impress.yaml.gotmpl

ingressRedirects:
  enabled: true
  defaultHost: {{ .Values.feature }}-docs.{{ .Values.domain }}
  rules:
    - name: home        
      from: /home
      to: https://lasuite.numerique.gouv.fr/produits/docs
    - name: visio        
      from: /visio
      to: https://lasuite.numerique.gouv.fr/produits/visio
    - name: error-404        
      from: /404
      to: https://lasuite.numerique.gouv.fr/404
      code: 404

@AntoLC AntoLC self-assigned this Dec 5, 2025
@AntoLC AntoLC added frontend feature add a new feature preview labels Dec 5, 2025
@github-actions
Copy link

github-actions bot commented Dec 5, 2025
edited by AntoLC
Loading

🚀 Preview will be available at https://1697-docs.ppr-docs.beta.numerique.gouv.fr/

You can use the existing account with these credentials:

  • username: docs
  • password: docs

You can also create a new account if you want to.

Once this Pull Request is merged, the preview will be destroyed.

image

When clicking on "Se Connecter", the url is the production one (https://docs.numerique.gouv.fr/api/v1.0/authenticate/).

If you want to go inside the preview app, here is the url: https://1697-docs.ppr-docs.beta.numerique.gouv.fr/api/v1.0/authenticate/

@github-actions
Copy link

github-actions bot commented Dec 5, 2025
edited
Loading

Size Change: -23 B (0%)

Total Size: 4.14 MB

Filename Size Change
apps/impress/out/_next/static/822b1238/_buildManifest.js 0 B -903 B (removed) 🏆
apps/impress/out/_next/static/bdadfada/_buildManifest.js 903 B +903 B (new file) 🆕

compressed-size-action

@AntoLC AntoLC added the FAST Issues that will improve the AARR (acquisition, activation, retention and recommendation) label Dec 5, 2025
@AntoLC AntoLC force-pushed the feat/new-home branch 2 times, most recently from a458cf8 to 77adea5 Compare December 9, 2025 16:38
@AntoLC AntoLC marked this pull request as draft December 9, 2025 17:13
@AntoLC AntoLC linked an issue Dec 10, 2025 that may be closed by this pull request
♻️ Replace old Docs landing by the new one #1692
Open
@AntoLC AntoLC force-pushed the feat/new-home branch 3 times, most recently from dbba4a3 to 3b0cfce Compare December 11, 2025 09:06
@AntoLC AntoLC changed the title ♻️ Replace old Docs landing by the new one ✨(helm) redirecting system Dec 11, 2025
@AntoLC AntoLC marked this pull request as ready for review December 11, 2025 09:11
@AntoLC AntoLC requested review from lunika and rouja December 11, 2025 09:21
@AntoLC AntoLC added the helm label Dec 11, 2025
lunika
lunika reviewed Dec 15, 2025
View reviewed changes
src/helm/impress/templates/ingress-redirects.yaml Outdated
Comment on lines 22 to 23
nginx.ingress.kubernetes.io/configuration-snippet: |
return {{ $r.code }} {{ $to }};
Copy link
Member

@lunika lunika Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not using nginx.ingress.kubernetes.io/temporal-redirect annotation ? We would like to avoid usage of configuration-snippet annotation

Copy link
Contributor

@rouja rouja Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with @lunika

Image

You should manage the return code with the specific annotation instead of using configuration-snippet

rouja
rouja reviewed Dec 15, 2025
View reviewed changes
src/helm/impress/templates/ingress-redirects.yaml Outdated
Comment on lines 22 to 23
nginx.ingress.kubernetes.io/configuration-snippet: |
return {{ $r.code }} {{ $to }};
Copy link
Contributor

@rouja rouja Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with @lunika

Image

You should manage the return code with the specific annotation instead of using configuration-snippet

src/helm/impress/templates/ingress-redirects.yaml Outdated
name: {{ include "impress.frontend.fullname" $ }}
port:
number: {{ $.Values.frontend.service.port }}
---
Copy link
Contributor

@rouja rouja Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I prefer when the TLS configuration is explicit, because right now HTTPS is working thanks to other ingress.

Copy link
Collaborator Author

@AntoLC AntoLC Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have a look in the fixup commits if it seems ok. Feel free to improve if it needs. 🙏

@AntoLC
♻️(frontend) replace auth redirect logic for home
f0dae52 
To be intercepted by ingress redirects, we need
to redirect using window.location instead of
using Next.js router. The Next.js router does not
trigger a full page reload, so the ingress
redirect logic is not executed.
@AntoLC
✨(helm) create ingress-redirects template
6be9978 
Create a new Helm template for ingress redirects
and update the values.yaml file accordingly.
We will be able to manage ingress redirects
through Helm charts easily.
@AntoLC
testing-purpose-will-not-be-merged
dc4f84a
@AntoLC AntoLC force-pushed the feat/new-home branch 3 times, most recently from f3d32c3 to dc4f84a Compare December 15, 2025 15:07
@AntoLC AntoLC force-pushed the feat/new-home branch 3 times, most recently from 5590418 to bddada1 Compare December 15, 2025 15:39
@AntoLC
fixup! ✨(helm) create ingress-redirects template
f8b3cbe
@AntoLC
fixup! testing-purpose-will-not-be-merged
593ea27
@AntoLC
🔧(helm) add OIDC_REDIRECT_ALLOWED_HOSTS to fix authentication flow
8f8d467 
Add OIDC_REDIRECT_ALLOWED_HOSTS setting to dev and
feature environments to properly allow Keycloak
redirect callbacks after authentication.
@AntoLC
🐛(helm) fix OIDC authentication with standard scopes
e9ef806 
Replace custom OIDC scopes with standard OpenID Connect scopes to fix
Keycloak authentication flow.

Changes:
- Replace OIDC_RP_SCOPES from "openid email given_name usual_name"
  to "openid email profile"
- Update OIDC_USERINFO_FULLNAME_FIELDS from "given_name,usual_name"
  to "given_name,family_name"
- Add OIDC_REDIRECT_ALLOWED_HOSTS to allow Keycloak callback redirects

The previous configuration used custom scopes (given_name, usual_name)
that were not configured in Keycloak, causing authentication to fail
with "invalid_scope" error. Using the standard "profile" scope includes
all necessary user claims (given_name, family_name, etc.) and works
with default Keycloak configuration.

This fixes the issue where users were redirected to /home after
authentication instead of staying logged in, because the OIDC flow
was failing and session cookies were not being set properly.
@suitenumerique suitenumerique deleted a comment from github-actions bot Dec 15, 2025
@AntoLC AntoLC requested review from lunika and rouja December 15, 2025 16:00
lunika
lunika reviewed Dec 16, 2025
View reviewed changes
src/helm/impress/values.yaml
nginx.ingress.kubernetes.io/proxy-send-timeout: "86400"
nginx.ingress.kubernetes.io/upstream-hash-by: $arg_room

ingressRedirects:
Copy link
Member

@lunika lunika Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You have to add the documentation before thisblock (take a look at the other) and then run

$ cd src/helm/impress
$ ./generate-readme.sh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lunika lunika lunika left review comments

@rouja rouja Awaiting requested review from rouja

At least 1 approving review is required to merge this pull request.

Assignees

@AntoLC AntoLC

Labels

FAST Issues that will improve the AARR (acquisition, activation, retention and recommendation) feature add a new feature frontend helm preview

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

♻️ Replace old Docs landing by the new one

4 participants

@AntoLC @lunika @rouja