DevFW-CICD/ingress-nginx-helm
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add port for plain HTTP to HTTPS redirection

Browse source
This commit is contained in:
Manuel Alejandro de Brito Fontes 2020-04-14 19:48:18 -04:00
parent 5b8d4baf5c
commit 7da08be741
2 changed files with 30 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
deploy/static/provider/aws/deploy-tls-termination.yaml
View file

@ -36,7 +36,13 @@ metadata:
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
data: data:
force-ssl-redirect: 'true' http-snippet: |
server {
listen 2443;
return 308 https://$host$request_uri;
}
proxy-real-ip-cidr: XXX.XXX.XXX/XX
use-forwarded-headers: 'true'
--- ---
# Source: ingress-nginx/templates/clusterrole.yaml # Source: ingress-nginx/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
@ -263,9 +269,8 @@ metadata:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '60' service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '60'
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: '443' service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
service.beta.kubernetes.io/aws-load-balancer-type: elb service.beta.kubernetes.io/aws-load-balancer-type: elb
labels: labels:
helm.sh/chart: ingress-nginx-2.0.0 helm.sh/chart: ingress-nginx-2.0.0
@ -283,7 +288,7 @@ spec:
- name: http - name: http
port: 80 port: 80
protocol: TCP protocol: TCP
targetPort: http targetPort: tohttps
- name: https - name: https
port: 443 port: 443
protocol: TCP protocol: TCP
@ -382,7 +387,10 @@ spec:
containerPort: 80 containerPort: 80
protocol: TCP protocol: TCP
- name: https - name: https
containerPort: 443 containerPort: 80
protocol: TCP
- name: tohttps
containerPort: 2443
protocol: TCP protocol: TCP
- name: webhook - name: webhook
containerPort: 8443 containerPort: 8443

41
hack/generate-deploy-scripts.sh
View file

@ -46,10 +46,6 @@ controller:
publishService: publishService:
enabled: false enabled: false
rbac:
create: true
EOF EOF
echo "${NAMESPACE_VAR} echo "${NAMESPACE_VAR}
@ -62,10 +58,6 @@ controller:
service: service:
type: LoadBalancer type: LoadBalancer
externalTrafficPolicy: Local externalTrafficPolicy: Local
rbac:
create: true
EOF EOF
echo "${NAMESPACE_VAR} echo "${NAMESPACE_VAR}
@ -87,10 +79,6 @@ controller:
# NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be # NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
# increased to '3600' to avoid any potential issues. # increased to '3600' to avoid any potential issues.
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60" service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
rbac:
create: true
EOF EOF
echo "${NAMESPACE_VAR} echo "${NAMESPACE_VAR}
@ -107,9 +95,8 @@ controller:
annotations: annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443" service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX" service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
service.beta.kubernetes.io/aws-load-balancer-type: elb service.beta.kubernetes.io/aws-load-balancer-type: elb
# Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default, # Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default,
# NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be # NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
@ -117,21 +104,27 @@ controller:
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60" service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
targetPorts: targetPorts:
http: http http: tohttps
https: http https: http
tohttps: tohttps
# Configures the ports the nginx-controller listens on
containerPort:
http: 80
https: 80
tohttps: 2443
config: config:
# Force 80 -> 443
force-ssl-redirect: "true"
# use-forwarded-headers: "true"
# Obtain IP ranges from AWS and configure the defaults # Obtain IP ranges from AWS and configure the defaults
# curl https://ip-ranges.amazonaws.com/ip-ranges.json | cat ip-ranges.json | jq -r '.prefixes[] .ip_prefix'| paste -sd "," - # curl https://ip-ranges.amazonaws.com/ip-ranges.json | cat ip-ranges.json | jq -r '.prefixes[] .ip_prefix'| paste -sd "," -
# proxy-real-ip-cidr: [] # DO NOT FORGET TO SET YOUR VPC CIDR
proxy-real-ip-cidr: XXX.XXX.XXX/XX
rbac: use-forwarded-headers: "true"
create: true http-snippet: |
server {
listen 2443;
return 308 https://\$host\$request_uri;
}
EOF EOF
echo "${NAMESPACE_VAR} echo "${NAMESPACE_VAR}