devtron
devtron copied to clipboard
devtron-labs
ALB http to https redirection needs additional backend with custom service
Summary
ALB http to https redirection needs additional backend with custom service and port which can not be defined in the devtron deployment-template ingress section.
Motivation
ALB http to https is a frequent use-case where users will get stuck and will have to use rawYaml as a fallback solution to achieve this.
Proposal
Provision a way to introduce the required section automatically when a flag like enableALBHttpToHttps: true is provided in the ingress section. Or if the following annotations are present in the ingress section:
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
Will need to include the following segment in the ingress as first rule automatically along with the main rule.
paths:
- backend:
serviceName: ssl-redirect
servicePort: use-annotation
path: /*
So the entire ingress will look something like:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig":
{ "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:xxxxxxxxxxxxx:certificate/xxxxxxx-xxxx-xxxx-xxxxxxxxxxx
alb.ingress.kubernetes.io/healthcheck-path: /public/health
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/subnets: subnet-xxxxxxx, subnet-xxxxxx
kubernetes.io/ingress.class: alb
labels:
app: app-name
release: app-name-dev
name: app-name-dev-ingress
spec:
rules:
- host: 'example.com'
http:
paths:
- backend:
serviceName: ssl-redirect
servicePort: use-annotation
path: /*
- backend:
serviceName: app-name-backend-dev-service
servicePort: 80
path: /*
