From 2830b510d052b8575fa41bdccec32cc193a72f5f Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Tue, 13 Aug 2024 10:47:20 +0800
Subject: [PATCH] fix(piped): expose backend for feed refresh webhook

---
 kube/deploy/apps/piped/app/hr.yaml                     | 5 ++++-
 kube/deploy/core/ingress/cloudflare/tunnel/hr.yaml     | 4 ++++
 kube/deploy/core/ingress/cloudflare/tunnel/secret.yaml | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/kube/deploy/apps/piped/app/hr.yaml b/kube/deploy/apps/piped/app/hr.yaml
index 35356caf8d..ff11a8faa9 100644
--- a/kube/deploy/apps/piped/app/hr.yaml
+++ b/kube/deploy/apps/piped/app/hr.yaml
@@ -92,10 +92,13 @@ spec:
           - hosts:
               - *frontend
       backend:
-        ingressClassName: "nginx-internal"
+        ingressClassName: "nginx-external"
         annotations:
           nginx.ingress.kubernetes.io/enable-cors: "true"
           nginx.ingress.kubernetes.io/cors-allow-origin: "https://${APP_DNS_PIPED_FRONTEND}, https://${APP_DNS_PIPED_BACKEND}, https://${APP_DNS_PIPED_YTPROXY}"
+          # for Google pubsub webhook for refreshing feeds in realtime, path and source limiting done on Cloudflare side
+          external-dns.alpha.kubernetes.io/target: "${DNS_CF}"
+          external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
         hosts:
           - host: &backend "${APP_DNS_PIPED_BACKEND:=piped-backend}"
             paths:
diff --git a/kube/deploy/core/ingress/cloudflare/tunnel/hr.yaml b/kube/deploy/core/ingress/cloudflare/tunnel/hr.yaml
index 601491ee91..ab57cf17ea 100644
--- a/kube/deploy/core/ingress/cloudflare/tunnel/hr.yaml
+++ b/kube/deploy/core/ingress/cloudflare/tunnel/hr.yaml
@@ -72,6 +72,10 @@ spec:
                 #originRequest:
                 #  originServerName: "social.jjgadgets.tech"
 
+              - hostname: "${APP_DNS_PIPED_BACKEND}"
+                path: "^/webhooks"
+                service: http://piped-backend.piped.svc.cluster.local:8080
+
               - hostname: "${APP_DNS_HEADSCALE}"
                 service: https://headscale.headscale.svc.cluster.local.:8080
                 originRequest:
diff --git a/kube/deploy/core/ingress/cloudflare/tunnel/secret.yaml b/kube/deploy/core/ingress/cloudflare/tunnel/secret.yaml
index 47c67a1a94..6755dc02de 100644
--- a/kube/deploy/core/ingress/cloudflare/tunnel/secret.yaml
+++ b/kube/deploy/core/ingress/cloudflare/tunnel/secret.yaml
@@ -6,4 +6,4 @@ metadata:
   namespace: cloudflare
 stringData:
   credentials.json: |
-    ${SECRET_CLOUDFLARE_TUNNEL_CREDS}
+    ${SECRET_CLOUDFLARE_TUNNEL_CREDS:=sample}