From 92fb1696e02d35f46fcc7f218f7f7d2e21052b41 Mon Sep 17 00:00:00 2001
From: Davin <davin@honeycomb.io>
Date: Thu, 15 Aug 2024 16:50:06 -0500
Subject: [PATCH] Limit external paths to actually necessary for sending
 telemetry or validating the configuration (#15)

Signed-off-by: Davin Taddeo <davin@honeycomb.io>
---
 .github/workflows/eu1-deploy.yaml      |  4 ++++
 .github/workflows/refinery-deploy.yaml |  4 ++++
 refinery-values.yaml                   | 12 ++++++++++--
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/eu1-deploy.yaml b/.github/workflows/eu1-deploy.yaml
index bb285f7..5258af0 100644
--- a/.github/workflows/eu1-deploy.yaml
+++ b/.github/workflows/eu1-deploy.yaml
@@ -51,8 +51,12 @@ jobs:
             --set ingress.annotations."alb\.ingress\.kubernetes\.io/certificate-arn"="${{ secrets.EU1_ACM_ARN }}" \
             --set ingress.annotations."external-dns\.alpha\.kubernetes\.io/hostname"="${{ secrets.EU1_DNS_NAME }}" \
             --set ingress.hosts[0].host="${{ secrets.EU1_DNS_NAME }}" \
+            --set ingress.hosts[1].host="${{ secrets.EU1_DNS_NAME }}" \
+            --set ingress.hosts[2].host="${{ secrets.EU1_DNS_NAME }}" \
             --set grpcIngress.annotations."alb\.ingress\.kubernetes\.io/certificate-arn"="${{ secrets.EU1_ACM_ARN }}" \
             --set grpcIngress.annotations."external-dns\.alpha\.kubernetes\.io/hostname"="${{ secrets.EU1_DNS_NAME }}" \
             --set grpcIngress.hosts[0].host="${{ secrets.EU1_DNS_NAME }}" \
+            --set grpcIngress.hosts[1].host="${{ secrets.EU1_DNS_NAME }}" \
+            --set grpcIngress.hosts[2].host="${{ secrets.EU1_DNS_NAME }}" \
             --set config.Network.HoneycombAPI="https://api.eu1.honeycomb.io" \
             --wait --debug
diff --git a/.github/workflows/refinery-deploy.yaml b/.github/workflows/refinery-deploy.yaml
index 78b88ce..a690935 100644
--- a/.github/workflows/refinery-deploy.yaml
+++ b/.github/workflows/refinery-deploy.yaml
@@ -53,7 +53,11 @@ jobs:
             --set ingress.annotations."alb\.ingress\.kubernetes\.io/certificate-arn"="${{ secrets.US1_ACM_ARN }}" \
             --set ingress.annotations."external-dns\.alpha\.kubernetes\.io/hostname"="${{ secrets.US1_DNS_NAME }}" \
             --set ingress.hosts[0].host="${{ secrets.US1_DNS_NAME }}" \
+            --set ingress.hosts[1].host="${{ secrets.US1_DNS_NAME }}" \
+            --set ingress.hosts[2].host="${{ secrets.US1_DNS_NAME }}" \
             --set grpcIngress.annotations."alb\.ingress\.kubernetes\.io/certificate-arn"="${{ secrets.US1_ACM_ARN }}" \
             --set grpcIngress.annotations."external-dns\.alpha\.kubernetes\.io/hostname"="${{ secrets.US1_DNS_NAME }}" \
             --set grpcIngress.hosts[0].host="${{ secrets.US1_DNS_NAME }}" \
+            --set grpcIngress.hosts[1].host="${{ secrets.US1_DNS_NAME }}" \
+            --set grpcIngress.hosts[2].host="${{ secrets.US1_DNS_NAME }}" \
             --wait --debug
diff --git a/refinery-values.yaml b/refinery-values.yaml
index 397db4f..8a26f8e 100644
--- a/refinery-values.yaml
+++ b/refinery-values.yaml
@@ -225,7 +225,11 @@ ingress:
     kubernetes.io/ingress.class: alb
   hosts:
     - host: _replaceme_
-      path: /
+      path: /1/
+    - host: _replaceme_
+      path: /v1/
+    - host: _replaceme_
+      path: /query/
   labels: {}
 
 grpcIngress:
@@ -251,5 +255,9 @@ grpcIngress:
     kubernetes.io/ingress.class: alb
   hosts:
     - host: _replaceme_
-      path: /
+      path: /1/
+    - host: _replaceme_
+      path: /v1/
+    - host: _replaceme_
+      path: /query/
   labels: {}