From 87cea3d064b9e6244b4385e143f81b42e401ba97 Mon Sep 17 00:00:00 2001 From: Sanoob Pattanath Date: Fri, 11 Dec 2020 13:07:46 +0100 Subject: [PATCH 1/4] Add support for AWS Load Balancer Controller ssl-redirect using ingress annotations --- charts/athens-proxy/Chart.yaml | 2 +- charts/athens-proxy/README.md | 27 ++++++++++++++++++++++ charts/athens-proxy/templates/ingress.yaml | 7 ++++++ charts/athens-proxy/values.yaml | 10 +++++--- 4 files changed, 42 insertions(+), 4 deletions(-) diff --git a/charts/athens-proxy/Chart.yaml b/charts/athens-proxy/Chart.yaml index f03dcf1ff..341d132f4 100644 --- a/charts/athens-proxy/Chart.yaml +++ b/charts/athens-proxy/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: athens-proxy -version: 0.4.15 +version: 0.4.16 appVersion: 0.9.0 description: The proxy server for Go modules icon: https://raw.githubusercontent.com/gomods/athens/main/docs/static/banner.png diff --git a/charts/athens-proxy/README.md b/charts/athens-proxy/README.md index 032df14ac..f9f694682 100644 --- a/charts/athens-proxy/README.md +++ b/charts/athens-proxy/README.md @@ -48,6 +48,33 @@ Available options: - [.netrc file support](https://docs.gomods.io/install/install-on-kubernetes/#netrc-file-support) - [gitconfig support](https://docs.gomods.io/install/install-on-kubernetes/#gitconfig-support) +### [AWS Load Balancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/) ssl redirect using annotation +Using `.Values.ingress.extraPaths` you can difine extra paths to the each hosts. So now we can define +extraPaths to `use-annotation` like it mentioned [here](https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/tasks/ssl_redirect/) + +The example below shows how to setup ssl-redirect for AWS LoadBalancer Controller. + +```yaml +ingress: + enabled: true + annotations: + alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + # legalone.io wildcard + alb.ingress.kubernetes.io/certificate-arn: ACM ARN + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/tags: Service=athens-proxy,Environment=k-production + alb.ingress.kubernetes.io/target-type: instance + kubernetes.io/ingress.class: alb + # Provide an array of values for the ingress host mapping + hosts: + - athens-proxy.host + extraPaths: + # This will be added to each hosts + - service: ssl-redirect + port: use-annotation + path: /* +``` ### Pass extra configuration environment variables You can pass any extra environment variables supported in [config.dev.toml](../../../config.dev.toml). diff --git a/charts/athens-proxy/templates/ingress.yaml b/charts/athens-proxy/templates/ingress.yaml index 07ddc9d2e..628735c5a 100644 --- a/charts/athens-proxy/templates/ingress.yaml +++ b/charts/athens-proxy/templates/ingress.yaml @@ -1,6 +1,7 @@ {{- if .Values.ingress.enabled -}} {{- $serviceName := include "fullname" . -}} {{- $servicePort := .Values.service.servicePort -}} +{{- $ingressExtraPaths := .Values.ingress.extraPaths -}} {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}} apiVersion: networking.k8s.io/v1beta1 {{- else -}} @@ -24,6 +25,12 @@ spec: - host: {{ $host }} http: paths: + {{- range $ingressExtraPaths }} + - path: {{ default "/" .path | quote }} + backend: + serviceName: {{ default $serviceName .service }} + servicePort: {{ default $servicePort .port }} + {{- end }} - path: / backend: serviceName: {{ $serviceName }} diff --git a/charts/athens-proxy/values.yaml b/charts/athens-proxy/values.yaml index f3507c698..6b05ff32c 100644 --- a/charts/athens-proxy/values.yaml +++ b/charts/athens-proxy/values.yaml @@ -38,11 +38,15 @@ service: ingress: enabled: false # Provide key/value annotations - annotations: + annotations: {} # Provide an array of values for the ingress host mapping - hosts: + hosts: [] # Provide a base64 encoded cert for TLS use - tls: + tls: "" + extraPaths: [] +# - service: ssl-redirect +# port: use-annotation +# path: /* storage: type: disk From 19ed33bb14f76083a5e650b36dfafd659d8a7f8a Mon Sep 17 00:00:00 2001 From: Sanoob Pattanath Date: Fri, 11 Dec 2020 15:26:52 +0100 Subject: [PATCH 2/4] Remove company domain and irrelevant annotations in example --- charts/athens-proxy/README.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/charts/athens-proxy/README.md b/charts/athens-proxy/README.md index f9f694682..b339c8a2f 100644 --- a/charts/athens-proxy/README.md +++ b/charts/athens-proxy/README.md @@ -59,14 +59,11 @@ ingress: enabled: true annotations: alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' - # legalone.io wildcard alb.ingress.kubernetes.io/certificate-arn: ACM ARN alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/scheme: internet-facing - alb.ingress.kubernetes.io/tags: Service=athens-proxy,Environment=k-production alb.ingress.kubernetes.io/target-type: instance kubernetes.io/ingress.class: alb - # Provide an array of values for the ingress host mapping hosts: - athens-proxy.host extraPaths: From bddb007fa1d45cefb2aaeeb48e2e34df709a7bc8 Mon Sep 17 00:00:00 2001 From: Sanoob Pattanath Date: Tue, 15 Dec 2020 15:33:30 +0100 Subject: [PATCH 3/4] Add customPath to add support ALB --- charts/athens-proxy/README.md | 3 +++ charts/athens-proxy/templates/ingress.yaml | 3 ++- charts/athens-proxy/values.yaml | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/charts/athens-proxy/README.md b/charts/athens-proxy/README.md index b339c8a2f..f9f694682 100644 --- a/charts/athens-proxy/README.md +++ b/charts/athens-proxy/README.md @@ -59,11 +59,14 @@ ingress: enabled: true annotations: alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + # legalone.io wildcard alb.ingress.kubernetes.io/certificate-arn: ACM ARN alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/tags: Service=athens-proxy,Environment=k-production alb.ingress.kubernetes.io/target-type: instance kubernetes.io/ingress.class: alb + # Provide an array of values for the ingress host mapping hosts: - athens-proxy.host extraPaths: diff --git a/charts/athens-proxy/templates/ingress.yaml b/charts/athens-proxy/templates/ingress.yaml index 628735c5a..9b3f88527 100644 --- a/charts/athens-proxy/templates/ingress.yaml +++ b/charts/athens-proxy/templates/ingress.yaml @@ -2,6 +2,7 @@ {{- $serviceName := include "fullname" . -}} {{- $servicePort := .Values.service.servicePort -}} {{- $ingressExtraPaths := .Values.ingress.extraPaths -}} +{{- $customPath := .Values.ingress.customPath -}} {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}} apiVersion: networking.k8s.io/v1beta1 {{- else -}} @@ -31,7 +32,7 @@ spec: serviceName: {{ default $serviceName .service }} servicePort: {{ default $servicePort .port }} {{- end }} - - path: / + - path: {{ default "/" $customPath | quote }} backend: serviceName: {{ $serviceName }} servicePort: {{ $servicePort }} diff --git a/charts/athens-proxy/values.yaml b/charts/athens-proxy/values.yaml index 6b05ff32c..6c40479f4 100644 --- a/charts/athens-proxy/values.yaml +++ b/charts/athens-proxy/values.yaml @@ -1,3 +1,4 @@ +--- replicaCount: 1 image: registry: docker.io @@ -43,6 +44,9 @@ ingress: hosts: [] # Provide a base64 encoded cert for TLS use tls: "" + # To customize default path + # This is useful for ALB users. + customPath: "" extraPaths: [] # - service: ssl-redirect # port: use-annotation From 83802ad0011f1f524c6482c06a2ad142bead19d6 Mon Sep 17 00:00:00 2001 From: Sanoob Pattanath <1174257+pshanoop@users.noreply.github.com> Date: Wed, 28 Apr 2021 08:27:02 +0200 Subject: [PATCH 4/4] Fix typo in charts/athens-proxy/README.md Co-authored-by: Aaron Schlesinger <70865+arschles@users.noreply.github.com> --- charts/athens-proxy/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/athens-proxy/README.md b/charts/athens-proxy/README.md index f9f694682..1c9ddc2a8 100644 --- a/charts/athens-proxy/README.md +++ b/charts/athens-proxy/README.md @@ -49,7 +49,7 @@ Available options: - [gitconfig support](https://docs.gomods.io/install/install-on-kubernetes/#gitconfig-support) ### [AWS Load Balancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/) ssl redirect using annotation -Using `.Values.ingress.extraPaths` you can difine extra paths to the each hosts. So now we can define +Using `.Values.ingress.extraPaths` you can define extra paths to the each hosts. So now we can define extraPaths to `use-annotation` like it mentioned [here](https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/tasks/ssl_redirect/) The example below shows how to setup ssl-redirect for AWS LoadBalancer Controller.