From 17a74ca750fa5be3db22399a11ef8bb2b8fa97ef Mon Sep 17 00:00:00 2001 From: Khwezi Mngoma Date: Sun, 14 Jun 2026 17:48:39 +0200 Subject: [PATCH] Refactore the entire k8s manifest for pure https routing --- MidrandBookshop/Program.cs | 20 +++++++++ .../Properties/launchSettings.json | 2 +- midrandbooks-uat.yml | 41 +++++++++++-------- 3 files changed, 46 insertions(+), 17 deletions(-) diff --git a/MidrandBookshop/Program.cs b/MidrandBookshop/Program.cs index 99ed5e5..ed665b4 100644 --- a/MidrandBookshop/Program.cs +++ b/MidrandBookshop/Program.cs @@ -4,6 +4,7 @@ using LiteCharms.Features.MidrandBooks.Extensions; using LiteCharms.Features.MidrandBooks.Payments; using LiteCharms.Features.Postgres; using MidrandBookshop.Components; +using System.Security.Cryptography.X509Certificates; using static LiteCharms.Features.Extensions.Quartz; var builder = WebApplication.CreateBuilder(args); @@ -49,6 +50,25 @@ builder.Services.Configure(options => var app = builder.Build(); +builder.WebHost.ConfigureKestrel(options => +{ + var certBase64 = builder.Configuration["DataProtection:Certificate"]; + var certPassword = builder.Configuration["DataProtection:Password"]; + + if (!string.IsNullOrWhiteSpace(certBase64)) + { + var rawBytes = Convert.FromBase64String(certBase64); + var kestrelCert = X509CertificateLoader.LoadPkcs12(rawBytes, certPassword); + + options.ListenAnyIP(8443, listenOptions => + { + listenOptions.UseHttps(kestrelCert); + }); + } + else + options.ListenAnyIP(8080); +}); + app.UseForwardedHeaders(); app.UseCookiePolicy(); diff --git a/MidrandBookshop/Properties/launchSettings.json b/MidrandBookshop/Properties/launchSettings.json index 244d0fb..3a5b85d 100644 --- a/MidrandBookshop/Properties/launchSettings.json +++ b/MidrandBookshop/Properties/launchSettings.json @@ -14,7 +14,7 @@ "commandName": "Project", "dotnetRunMessages": true, "launchBrowser": false, - "applicationUrl": "https://localhost:7021;http://localhost:5053", + "applicationUrl": "https://localhost:8440;http://localhost:8083", "environmentVariables": { "ASPNETCORE_ENVIRONMENT": "Development" } diff --git a/midrandbooks-uat.yml b/midrandbooks-uat.yml index bdb8541..6d59b54 100644 --- a/midrandbooks-uat.yml +++ b/midrandbooks-uat.yml @@ -10,8 +10,8 @@ metadata: name: midrandbooks-config namespace: midrandbooks-uat data: - ASPNETCORE_ENVIRONMENT: "Development" - ASPNETCORE_URLS: "http://0.0.0.0:8080" + ASPNETCORE_ENVIRONMENT: "Development" + ASPNETCORE_URLS: "https://0.0.0.0:8443" Monitoring__Address: "http://aspire-dashboard-service.aspire.svc.cluster.local:18889" Monitoring__ServiceName: "MidrandBooks.Uat" HasherSettings__MinHashLength: "11" @@ -27,7 +27,6 @@ data: PayfastSettings__ValidHosts__4: "payment.payfast.io" LiteCharmsSettings__Authority: "https://sts.security.khongisa.co.za" LiteCharmsSettings__Audience: "midrandbooks-api" - ASPNETCORE_FORWARDEDHEADERS_ENABLED: "true" LiteCharmsClientSettings__Authority: "https://sts.security.khongisa.co.za" LiteCharmsClientSettings__GrantType: "client_credentials" LiteCharmsClientSettings__Scope: "midrandbooks-api" @@ -53,7 +52,7 @@ data: payfast-merchantkey: anU2bmF2bjBqY2JmMA== litecharms-client-clientid: bWlkcmFuZGJvb2tzLWFwaS1zY2FsZXItdWF0 litecharms-client-clientsecret: c2VjcmV0XzBhOGRjMWY5OTA2MTU5MGE1MmIxMjcyZGIzYTE4NzFkMjc2MWM3OWZiZDA1OGIyYTk2ODkxMTAyOWU0YjIwOGE= - dataprotection-cert: TUlJS2dBSUJBekNDQ2pZR0NTcUdTSWIzRFFFSEFhQ0NDaWNFZ2dvak1JSUtIekNDQkZJR0NTcUdTSWIzRFFFSEJxQ0NCRU13Z2dRL0FnRUFNSUlFT0FZSktvWklodmNOQVFjQk1GY0dDU3FHU0liM0RRRUZEVEJLTUNrR0NTcUdTSWIzRFFFRkREQWNCQWg5cWthVmdHbXovZ0lDQ0FBd0RBWUlLb1pJaHZjTkFna0ZBREFkQmdsZ2hrZ0JaUU1FQVNvRUVLYjJDeXJVTDZCVFpqVUY1cHk4QkxXQWdnUFE3YzBNNnBMejhwSDVCM3hmY0MxMURldGVZOWl4VDlocHl4WVRnY0JDZnh4djBodW5HTXhvaTBPWmMrWUdwN1lFcDhYU0FmR2QzNGc5eERzMlRtQW53alFxVmliR0xHUjNmcElTWkgyMFQ1REhhU3dnV3BweGVGVkU3VXZlZGl4Q25rd0g2VzlFTjhjVUhWZDJJU1ZOK0VocnJPSlJWSTZYKzYydUpRd3EzQm1ZOUlvdXVhSDhkcE1xbXRWMXhTa1ZkM1c1NGdvWTMweVp0QmxQOHMxN2xSd0hYbllKUlBhMlF5djBxY2x5VEs0Nmt0bW01ZU5qV2hOWndZbXJGZ1g3eXhacVB3L3prMlExZjB0bUU3eUpwR0M2eG5wYlBoUVh4SFIyWDg5T0NCNlM5aE1tM3VpRWljMDFmVHNhVEVCSVZvU3dUNzFJWlZVQ2E0d1phZXIweFMwN29XUUszWWwwbnUvSWZtYkpDaytJSFJIckJNWit1T2s3RVcxMzNuK0NyNDhtcGdyMmd2Q2UvVjNLZWlEY0FRWVZmaHQ3aWhnTUUyN0dWNlZEN1ozMEptakY3RGhPTjkyMXpoLzdOaG9JaUxLb0lNbFIxa0lEMzlNNzh5RzRuNVhmNllkUWJkV0UyUFR0UHRCTkpkazBDMXZMTU9jS1ZmbTRNVm5WL0I0dWlZWlh6dGQwbktNRDR2L2tnQXB4RE9wdy9IWU41cHNWYkFlQzNZMWNscFAwVXNiTUovL1ZXUE1Ba3BibS9HeklNSGxlaWQ1ckxQN1VJZ3h4b3BVWU93SVA2aGw4d25zb3NPbExvMDlYTklBUm9QcUFOb3JoNngrOVFsaE4rNThKU1lJTGpuRm5rcjQ3RVl4WkhxQ0l6Q0x2MVZaZG1mcGJROGZLSjAyTGpHdTlTR1hzUUQzcXZRa3ZMR3llZ0JjcDMrOGdYa2ExVGlhS1RPS0h3eTg1UmhIM3VxMXFXNWZWNG54UXB2VjMrTWxFVlBSc2g3RmNNaFNlSys2NkNIT0NaN0pFRzRKUUE3b2NkMFVrYXRYa3NGK2RzOHlYMDJ1Z0xYNDB0bUZ2bmxEZzRYWHpKMXlFcEhjMHUrNzNxcUMrOXM1NnFHc204NFZaMGhuN1pkYzk4RHJYWitVN0hrbFp5Y1BudnRwUHd4enZsSXBmRHJiWWJVK3lqLytpcmlZRGhGdDk0R3phakVLc21scTlIdFc4d1NXZzYwbUpvVUlsejVBVi9aU3dUN1M4eTJXcGxFK1RNRkZ5ZzFUak9iNEpxL1RIcEluVUluZnorb1FqcjZ3NTZmUGRVa0RXN2Y1K1NpM1lZV3ZWZlREZ0FxVDcveFZ2bGlNYzhwUTdnWmViemVCQmpaQ21WNXFUTGVlT3BoalJMOXlNTndIa3JWaDFxVzVlR3ZIVUVTZ05WZFU1Qi9tMVZyY3RXMk5QY1ZmWE1xRGczaHZmd2FwTWxFbTlMWHcvYlh0TmZLOExKWjBmSTdTOFVTVFA4YVgvQlZrTi93YWQ3VjBHakxHSmdxNWtaVEtSRnFaRGZJeTdsSDhGY1VNWjIyRXgwSUkydXYwb2hBbmltWnRVWWtCTFBYUmlZZzRBZE9WMFlzUDZLd1UvNjJ1VUZpWHgvR0JtS1k0QUkyK3FUMkRjSjB1bWVkOXFXL1UyNUg5MXo5aWFzck52RStoWE52NHRFekpldyt0SVlwVXZLMGpScUxlVDFXamJrOGVwclRDQ0JjVUdDU3FHU0liM0RRRUhBYUNDQmJZRWdnV3lNSUlGcmpDQ0Jhb0dDeXFHU0liM0RRRU1DZ0VDb0lJRk1UQ0NCUzB3VndZSktvWklodmNOQVFVTk1Fb3dLUVlKS29aSWh2Y05BUVVNTUJ3RUNOVjB6VkRNUjIxL0FnSUlBREFNQmdncWhraUc5dzBDQ1FVQU1CMEdDV0NHU0FGbEF3UUJLZ1FRbUZRdjhNNFBKTk96c25rVEFqK0tXQVNDQk5EMDZNQi8vTTBWQWxBT2YyazhIWWlUZy9UM1NhRnhvaFpXaWEwcmt5b0svYktZSWdoZWhVelN5aVEwanNzQ3JBUC93TnorQ3BBM1dUTFhyT2lEaDhXWC8yRWpSMi9qc3Z0VEtDZGJqYjA3SktXRVFwNFE1SG81dWYxY2F0VDU5ZEFzZStJdWVWTjk0bGlFVkV0SVNXTmFJWGgrZVhwQm0yb3paOERJUjRDbjNKdTRPZC9vRjQ1cEhZZ09HaUIva21Nb0FDMDJ3TU9kc1Z2dEtvWFBNWXNGZncwWmpwOWZMNXVybzZyV1hEaDlhNnY4TEtocmtIdll0c3lZVmlFMmg4bzltbGlUZ3Rram92NGU2TGo2blViRW4zSXlEZTdtcmxaNU1lMjdLVzVmV1lyanNYTTloUUx2TGt1VUh3bTZnS2tVcXZaeWdlejc3QklrTzBrSCs4V3czb08wWExYWU9IaGdBbCsrd0NMR0wvQlhWMytDOUdiNWR2UVFHa0t5UDdlWkRLRi9URjZqU3pLN2tHdlkxSWs2MUFLSHcxcWc3TkRIZTZHYTNUWFEwRDZVdXVtL3UwdFptRGNsak9UalZXWlIvSkRRa25GNlVOUGVCOVE4RjN3b1RpeFR6eXVpaFI5dnhnNXJ5NldwZnAzK2RTdXQ1d3duNm1TV0lkanZKckphNThGcE1EbnBadGxFRXdkM2g0RnZhNllzd3NKRDI0VGZaVFhRVUlpVlhSWlRjaUI5U29tTHAwbjJva2p6UlpvcDY3Mnl4WGVSQ0tmb3d4REpIU1NBbThQWUFGMGUyeDZRcmV3TVp4UUV2dWVDOHVrNis3Y2p1enE4VmJQRng4T0FPSzdsaUlBZUdzaE9oTXJOOEJsNXYwUjAweWJpSDhTM1NTcDhvcC93RWNBV0ZyaFhNMWVwUzhBeUlqTlJYU2hCM0taaE5QVWg4WHBKSDRBVFhnbXlJbkk5TVZ0NUZZaGVwamo4UHNCRWJEVFN2UU4yY3p4aTBZYWJjM3ZxTWUrcSt1Tm9LOWtYbm9JOGNWSzBSanNXbS9DZjVRQU5nUEVVWDhrY0ZCdVpiZ1E2OHhMMS9KZVg5YlJYL1FJUzRZb2pRWTdGNG1adWxIUkpRaHNlT3VNUndlMnlhZk1na3VzakJQU2dEME5tdzU1L2t6V3NzWUxxb29jTFowOERGVjdlQ1FnYW11MFNXZGplSVZHbW8yN1BuYlF1TFVuSk1jNm5jQkxJcmJwNzExTmZHaWxDYjRqNzcvb2wxU2ZmM0tOaXBoa29JYzUxbGZIUTNRcUJMWmJib3NSQmFQeElsSDhzb1pQOFpyMVIvc0dqVHl0aDRlcEtJQlpMNi9SMGlvcHpKY1RNYnJVY3FyTW1ISVBDdVlkY1graEhGaFNFb2NoU0g5d0plZTRCZDgvVDh0WG1NVW1CVXZLVFJSZkhrYzdzL2V4Q2ZMTGY4cU9YMjNSVXBrZEk1dWZvTFFFT2VwUk9qN2VrUFVHeU15T3hyd2tDUHRhYVJqT3B2OU1LYmRMNnA1RUJHekowVGxyK3p0Q2xlcmhnTkZ1OWVnLzV0OVdhTFhybCtLQlRoc2F5anpTN3FacHBQa3h2RWlTQmdDRmVSSzg2M2wrdVcydVFubU44bTUzaUdMUDg0SzJOQ0JQUG1KM3V6cDFQYkgvTUJ3WHpGbm1sK29qTEw0Qm9vclRtZ1NQVGhoSHZMbk1QMTF0T1lrTjJXQUh2elAySksxQTJadjZWTVZuQU9HYkcrd0RtcXNBbVFaN0J1eVFyeGZBU3FwZytITFR4cWFkNzc2L3p2cDR6dVkzSlZicmxtNmNUNnBEbit1Skc1SEtGdHAvcEE1WDlvQVluU2JJRFdNalJoYVRMSXdlQ2JsTUVFTVRzUzk1aUVjb2JodlU2czNuVFNBU0ZJWjk1UmhhQkhjbHVRMXlkTlllYVpNUkZXeDlTUHJLRVVPSml6OUx3aVRMMWpLdEF0bndockJkTzZpMFM3SmJiK1VXNGJnR3I1WFJyVFRHSkRXSUw3enJ3LzUzYXhDejZUS2dyV0sxTmJjQ3VHS2t0WDV3QitWcTFlUVlQNFYyYWJvYWJyeUppQWlvOGdGQ3RnQTdiRTBwMU9XczJWY0N5MnpXditVTTdrWnlYRXllOHZYajVDMUN5cG5FK241cjM2TzJaU3pGbU1DTUdDU3FHU0liM0RRRUpGVEVXQkJRMWxRK3RvdHJrWmtRYjd1RTZsT3ovZ1B6cUtUQS9CZ2txaGtpRzl3MEJDUlF4TWg0d0FFd0FhUUIwQUdVQVF3Qm9BR0VBY2dCdEFITUFSQUJoQUhRQVlRQlFBSElBYndCMEFHVUFZd0IwQUdrQWJ3QnVNRUV3TVRBTkJnbGdoa2dCWlFNRUFnRUZBQVFnQVc3T3QrNmo5WHU0blQ3cEw5ckY0M2lPblNkNXFMZCt5Sk01QTVxMndEQUVDSDFwTy9oVUV6bE5BZ0lJQUE9PQ== + dataprotection-cert: TUlJS2dBSUJBekNDQ2pZR0NTcUdTSWIzRFFFSEFhQ0NDaWNFZ2dvak1JSUtIekNDQkZJR0NTcUdTSWIzRFFFSEJxQ0NCRU13Z2dRL0FnRUFNSUlFT0FZSktvWklodmNOQVFjQk1GY0dDU3FHU0liM0RRRUZEVEJLTUNrR0NTcUdTSWIzRFFFUkREUWEwZ0F3RUFBaUFCQURBTkJnbGdoa2dCWlFNRUFnRUZBQUFTb0VFS2Y2bE55USt1REU4ZjNCOWw5T3pGNG9mSmw5cUtkK3lKTTVBNXEy d0RBRUNIMXBPL2hVRXpsTkFnSUlBQT09 dataprotection-password: OWlIUSMmcl41eWZYRXc= --- apiVersion: v1 @@ -74,7 +73,7 @@ metadata: name: midrandbooks namespace: midrandbooks-uat spec: - replicas: 2 + replicas: 1 selector: matchLabels: app: midrandbooks @@ -102,7 +101,7 @@ spec: memory: "256Mi" cpu: "100m" ports: - - containerPort: 8080 + - containerPort: 8443 envFrom: - configMapRef: name: midrandbooks-config @@ -194,13 +193,15 @@ spec: livenessProbe: httpGet: path: /health - port: 8080 + port: 8443 + scheme: HTTPS initialDelaySeconds: 5 periodSeconds: 10 readinessProbe: httpGet: path: /health - port: 8080 + port: 8443 + scheme: HTTPS initialDelaySeconds: 3 periodSeconds: 5 volumes: @@ -214,14 +215,20 @@ metadata: name: midrandbooks-service namespace: midrandbooks-uat spec: - type: ClusterIP + ports: + - name: https + port: 443 + targetPort: 8443 selector: app: midrandbooks - ports: - - name: http - protocol: TCP - port: 80 - targetPort: 8080 +--- +apiVersion: traefik.io/v1alpha1 +kind: ServersTransport +metadata: + name: midrandbooks-bypass-backend-validation + namespace: midrandbooks-uat +spec: + insecureSkipVerify: true --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute @@ -236,10 +243,12 @@ spec: kind: Rule services: - name: midrandbooks-service - port: 80 + port: 443 + scheme: https + serversTransport: midrandbooks-bypass-backend-validation sticky: cookie: name: "lp-sticky-session" httpOnly: true secure: true - tls: {} \ No newline at end of file + tls: {} -- 2.47.3