feat: cluster-admin route

Implement cluster-admin/ HTTP route with set-route action as other
routes.

imageroot/actions/create-module/50create

@@ -15,48 +15,6 @@ exec 1>&2
 #
 mkdir -p configs
 
-
-#
-# Configure HTTPS access to the API server with the auto-generated certificate, under the /cluster-admin
-# URL path prefix. The header "X-Forwarded-Prefix" is added to the forwarded request
-#
-cat <<EOF > configs/_api_server.yml
-http:
-  middlewares:
-    ApiServer-stripprefix:
-      stripPrefix:
-        prefixes:
-        - /cluster-admin
-    ApiServerMw2:
-      redirectRegex:
-        regex: ^.*/cluster-admin$
-        replacement: /cluster-admin/
-  routers:
-    ApiServer-http:
-      entrypoints:
-      - http
-      middlewares:
-      - http2https-redirectscheme
-      rule: Path(\`/cluster-admin\`) || PathPrefix(\`/cluster-admin/\`)
-      service: ApiServer
-      priority: '100000'
-    ApiServer-https:
-      entrypoints:
-      - https
-      middlewares:
-      - ApiServerMw2
-      - ApiServer-stripprefix
-      priority: '100000'
-      rule: Path(\`/cluster-admin\`) || PathPrefix(\`/cluster-admin/\`)
-      service: ApiServer
-      tls: {}
-  services:
-    ApiServer:
-      loadBalancer:
-        servers:
-        - url: http://127.0.0.1:9311
-EOF
-
 #
 # Prepare middleware for HTTP to HTTPS redirect
 #
@@ -103,7 +61,7 @@ http:
       middlewares:
       - ApisEndpointMw1
       - ApisEndpointMw0
-      priority: '100000'
+      priority: 100000
       rule: PathPrefix(\`/${API_PATH}/api\`)
       service: api@internal
 EOF
@@ -114,5 +72,8 @@ mkdir -p custom_certificates
 # Create acme storage folder
 mkdir -p acme
 
+# Keep track of HTTP routes created by users
+mkdir -p manual_flags
+
 # Enable and start the services
 systemctl --user enable --now traefik.service

imageroot/actions/create-module/60cluster_admin

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+#
+# Copyright (C) 2025 Nethesis S.r.l.
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+
+set -e
+exec 1>&2
+
+[[ -f "configs/cluster-admin.yml" ]] || exit 0 # Nothing to do
+
+echo 'Creating HTTP route for cluster-admin...'
+api-cli --endpoint=http://127.0.0.1:9311 run "module/${MODULE_ID}/set-route" --data - <<'EOF'
+{
+  "instance": "cluster-admin",
+  "path": "/cluster-admin",
+  "url": "http://127.0.0.1:9311",
+  "priority": 100000,
+  "lets_encrypt": false,
+  "skip_cert_verify": false,
+  "http2https": true,
+  "strip_prefix": true,
+  "slash_redirect":true,
+  "user_created": false
+}
+EOF
+
+rm -vf "configs/_api_server.yml"

imageroot/actions/list-routes/20readconfig

@@ -27,9 +27,6 @@ except urllib.error.URLError as e:
 # Gernerate the list of routes
 routes = [ route['name'].removesuffix('-https@file') for route in traefik_routes if route['name'].endswith('-https@file') ]
 
-# Don't list custom `/cluster-admin` route
-routes = list(filter(lambda route: route != "ApiServer", routes))
-
 if data != None and data.get('expand_list'):
     routes = [ get_route({'instance': route}) for route in routes ]
 

imageroot/update-module.d/60cluster_admin

@@ -0,0 +1 @@
+../actions/create-module/60cluster_admin