Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AWS Load Balancer Controller ssl redirect using annotation #1686

Closed
wants to merge 7 commits into from
Closed
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/athens-proxy/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v1
name: athens-proxy
version: 0.4.15
version: 0.4.16
appVersion: 0.9.0
description: The proxy server for Go modules
icon: https://raw.githubusercontent.com/gomods/athens/main/docs/static/banner.png
Expand Down
27 changes: 27 additions & 0 deletions charts/athens-proxy/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,33 @@ Available options:
- [.netrc file support](https://docs.gomods.io/install/install-on-kubernetes/#netrc-file-support)
- [gitconfig support](https://docs.gomods.io/install/install-on-kubernetes/#gitconfig-support)

### [AWS Load Balancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/) ssl redirect using annotation
Using `.Values.ingress.extraPaths` you can difine extra paths to the each hosts. So now we can define
pshanoop marked this conversation as resolved.
Show resolved Hide resolved
extraPaths to `use-annotation` like it mentioned [here](https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/tasks/ssl_redirect/)

The example below shows how to setup ssl-redirect for AWS LoadBalancer Controller.

```yaml
ingress:
enabled: true
annotations:
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
# legalone.io wildcard
alb.ingress.kubernetes.io/certificate-arn: ACM ARN
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/tags: Service=athens-proxy,Environment=k-production
alb.ingress.kubernetes.io/target-type: instance
kubernetes.io/ingress.class: alb
# Provide an array of values for the ingress host mapping
hosts:
- athens-proxy.host
extraPaths:
# This will be added to each hosts
- service: ssl-redirect
port: use-annotation
path: /*
```
### Pass extra configuration environment variables

You can pass any extra environment variables supported in [config.dev.toml](../../../config.dev.toml).
Expand Down
10 changes: 9 additions & 1 deletion charts/athens-proxy/templates/ingress.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
{{- if .Values.ingress.enabled -}}
{{- $serviceName := include "fullname" . -}}
{{- $servicePort := .Values.service.servicePort -}}
{{- $ingressExtraPaths := .Values.ingress.extraPaths -}}
{{- $customPath := .Values.ingress.customPath -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
Expand All @@ -24,7 +26,13 @@ spec:
- host: {{ $host }}
http:
paths:
- path: /
{{- range $ingressExtraPaths }}
- path: {{ default "/" .path | quote }}
backend:
serviceName: {{ default $serviceName .service }}
servicePort: {{ default $servicePort .port }}
{{- end }}
- path: {{ default "/" $customPath | quote }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
Expand Down
14 changes: 11 additions & 3 deletions charts/athens-proxy/values.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
replicaCount: 1
image:
registry: docker.io
Expand Down Expand Up @@ -38,11 +39,18 @@ service:
ingress:
enabled: false
# Provide key/value annotations
annotations:
annotations: {}
# Provide an array of values for the ingress host mapping
hosts:
hosts: []
# Provide a base64 encoded cert for TLS use
tls:
tls: ""
# To customize default path
# This is useful for ALB users.
customPath: ""
extraPaths: []
# - service: ssl-redirect
# port: use-annotation
# path: /*

storage:
type: disk
Expand Down