[k8s] Ingress + TLS (cert-manager) для webhook и Web #73

New Issue

Open

opened 2026-05-13 22:07:49 +03:00 by Toutsu · 0 comments

Toutsu commented 2026-05-13 22:07:49 +03:00

Owner

Copy Link

Copy Source

Контекст

Для работы webhook Telegram требует HTTPS. В Kubernetes нужен Ingress с автоматическим TLS от Let's Encrypt.

Что нужно

1. cert-manager в кластер (Helm: jetstack/cert-manager)
2. ClusterIssuer letsencrypt-prod и letsencrypt-staging
3. Ingress для бота (bot.gmrelay.ru или api.gmrelay.ru/bot/webhook)
4. Ingress для Web (gmrelay.ru, www.gmrelay.ru)
5. Webhook path в Telegram Bot API зарегистрирован на https://<domain>/webhook

Технические детали

• Ingress controller: nginx или traefik (рекомендую nginx — проще с Telegram)
• Certificate ресурс с dnsNames или secretName
• Проверка: curl -v https://api.telegram.org/bot<token>/getWebhookInfo

Критерии приёмки

• cert-manager поднимает сертификаты автоматически
• getWebhookInfo показывает активный URL с HTTPS
• Ingress route работает и проксирует POST на pod бота
• Staging и prod используют разные домены/сертификаты

## Контекст Для работы webhook Telegram требует HTTPS. В Kubernetes нужен Ingress с автоматическим TLS от Let's Encrypt. ## Что нужно 1. **cert-manager** в кластер (Helm: `jetstack/cert-manager`) 2. **ClusterIssuer** `letsencrypt-prod` и `letsencrypt-staging` 3. **Ingress** для бота (`bot.gmrelay.ru` или `api.gmrelay.ru/bot/webhook`) 4. **Ingress** для Web (`gmrelay.ru`, `www.gmrelay.ru`) 5. **Webhook path** в Telegram Bot API зарегистрирован на `https://<domain>/webhook` ## Технические детали - Ingress controller: nginx или traefik (рекомендую nginx — проще с Telegram) - Certificate ресурс с `dnsNames` или `secretName` - Проверка: `curl -v https://api.telegram.org/bot<token>/getWebhookInfo` ## Критерии приёмки - [ ] cert-manager поднимает сертификаты автоматически - [ ] `getWebhookInfo` показывает активный URL с HTTPS - [ ] Ingress route работает и проксирует POST на pod бота - [ ] Staging и prod используют разные домены/сертификаты

Toutsu added this to the Этап — Kubernetes / k8s Production milestone 2026-05-13 22:07:49 +03:00

Toutsu referenced this issue 2026-05-13 22:08:24 +03:00

[k8s] Staging окружение (gmrelay-staging namespace) #75

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feature/telegram-game-card-fields

feature/issue-136-wizard-format-location

fix/issue-135-wizard-publish-schedule

fix/issue-133-on-conflict-inference

fix/issue-130-no-limit-complete

fix/issue-129-libgssapi

fix/issue-127-wizard-capacity-club

fix/issue-125-test-cleanup

fix/issue-123-no-limit-wizard

feat/issue-112-wizard-refactor

feat/issue-111-game-creation-wizard

fix/issue-110-showcase-500

feat/issue-110-private-club-showcases

codex/feature-issue-108-portfolio

feat/profile-design-system

codex/fix-public-pages-500

feature/issue-40-master-profiles

feature/issue-39-game-catalog

codex/feature/issue-38-public-club-pages

refactor/issue-37-platform-neutral-handlers

codex/fix-template-topic-release

refactor/issue-36-platform-migration

fix/discord-nullable-telegram-columns

fix/discord-dapper-aot-missing

fix/discord-console-logging-deferred

fix/discord-guildinteractionuser-permissions

fix/discord-count-bigint-cast

fix/discord-slash-commands-guild-context

fix/discord-slash-command-registration

feature/issue-35-identity-linking

fix/discord-oauth-diagnostics

feature/issue-34-discord-oauth-dashboard

test/issue-33-regression-tests

chore/issue-32-discord-compose-wiring

codex/issue-31-platform-messenger-scheduler

feature/discord-reschedule-voting

codex/feature-issue-29-discord-join-leave

feature/issue-28-discord-newsession-listsessions

feature/issue-27-discord-session-batch-renderer

feature/issue-26-discord-netcord-gateway

codex/refactor-issue-25-platform-neutral-join-leave

feature/dashboard-design-refresh

feature/issue-58-health-checks

feature/issue-23-platform-identity

fix/issue-60-add-license

feature/issue-57-postgresql-backup

feature/trivy-security-scan

codex/feature/issue-21-telegram-topics

feature/issue-20-rsvp-reminders

feature/issue-15-session-audit-log

feature/issue-19-batch-join-link

fix/navmenu-mobile-overlap

feature/new-logo

issue-47-navmenu-icon-fix

issue-15-session-audit-log

issue-14-attendance-stats

issue-22-neutral-rendering

codex/ftest-telegram-landing-smoke

feat/player-list-kick-waitlist

codex/co-gm-delegation

v3.10.0

v3.9.9

v3.9.8

v3.9.7

v3.9.6

v3.9.5

v3.9.4

v3.9.3

v3.9.2

v3.9.1

v3.9.0

v3.8.0

v3.7.1

v3.7.0

v3.6.0

v3.5.1

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v3.1.1

v3.1.0

v3.0.10

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.8.0

v2.7.2

v2.7.1

v2.7.0

v2.6.0

v2.5.0

v2.4.0

v2.3.0

v2.2.0

v2.1.1

v2.1.0

v2.0.1

v2.0.0

v1.15.1

v1.15.0

v1.14.0

v1.13.0

v1.11.0

v1.10.6

v1.10.5

v1.10.4

v1.10.3

v1.10.2

v1.10.1

v1.10.0

v1.9.9

v1.9.8

v1.9.7

v1.9.6

v1.9.5

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.8.2

v1.8.1

v1.8.0

v1.7.0

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.0

v1.2.0

v1.1.5

v1.1.4

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.1

v1.0.0

Labels

Clear labels

area:bot

Telegram bot and worker logic

area:data

Database schema, migrations and persistence model

area:discord

Discord bot service and Discord adapter

area:infra

Infrastructure, runtime and deployment

area:miniapp

Telegram Mini App dashboard

area:platform

Platform-neutral abstractions and adapter boundaries

area:shared

Shared domain and rendering contracts

area:web

Blazor web dashboard

in-progress

В работе (issue взят агентом)

next-up

Recommended immediate backlog

pending-approval

Ждёт согласования плана решения

platform:discord

Discord-specific behavior or adapter work

platform:multi

Cross-platform or platform-neutral work

platform:telegram

Telegram-specific behavior or adapter work

priority:p0

Critical priority

priority:p0

Блокирующий приоритет: задача должна быть выполнена до признания решения production-ready

priority:p1

High priority

priority:p2

Medium priority

priority:p3

Lower priority

security

Security-sensitive work

type:bug

Bug fix or corrective work

type:chore

Maintenance and supporting work

type:feature

New product functionality

type:refactor

Structural change without direct feature growth

type:test

Testing and coverage work

No Label

Milestone

No items

No Milestone Этап — Kubernetes / k8s Production

Projects

Clear projects

No project

Assignees

Clear assignees

Toutsu

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Toutsu/GmRelayBot#73