As Kestra has these two types of entities accessing the Webserver:
users for UI
webhooks for triggers
They carry distinct purposes, so makes sense to divide their access.
When going to a production environment, we might want to allow public access of the webhook endpoint /api/v1/executions/webhook but restrict all the other paths to the UI.
Currently a single ingress is provided allowing us to define a specific annotation for the webhook endpoint within Helm chart
Feature description
As Kestra has these two types of entities accessing the Webserver:
They carry distinct purposes, so makes sense to divide their access.
When going to a production environment, we might want to allow public access of the webhook endpoint
/api/v1/executions/webhookbut restrict all the other paths to the UI.Currently a single ingress is provided allowing us to define a specific annotation for the webhook endpoint within Helm chart
Could be interesting to support another ingress for general UI access in order to restrict access using IAP or to a VPN.
This would facilitate deployment process.