Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 13da8ff2f198880745bf185dabc430b67063ea35^! / .
commit13da8ff2f198880745bf185dabc430b67063ea35[log] [tgz]
authorGiorgi Lekveishvili <giolekva@gmail.com>Tue Mar 26 12:12:24 2024 +0400
committerGitHub <noreply@github.com>Tue Mar 26 12:12:24 2024 +0400
tree56964586e719a79cdfa9075f9a84d5453fd5631d
parent9fe49184b20ae766397260e9cd2f5b60f717d716 [diff]
ingress: force ssl for both private and public ingresses (#124)

Co-authored-by: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>
diff --git a/charts/ingress/templates/install.yaml b/charts/ingress/templates/install.yaml
index 173186c..3268fc0 100644
--- a/charts/ingress/templates/install.yaml
+++ b/charts/ingress/templates/install.yaml

@@ -7,6 +7,7 @@
   annotations:
     acme.cert-manager.io/http01-edit-in-place: "true"
     cert-manager.io/cluster-issuer: {{ .Values.certificateIssuer }}
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
   {{- end }}
 spec:
   ingressClassName: {{ .Values.ingressClassName }}

diff --git a/core/installer/values-tmpl/core-auth.cue b/core/installer/values-tmpl/core-auth.cue
index 391f127..0e9f26f 100644
--- a/core/installer/values-tmpl/core-auth.cue
+++ b/core/installer/values-tmpl/core-auth.cue

@@ -230,8 +230,6 @@
 							allowed_return_urls: [
 								"https://*.\(global.domain)/",
 								"https://*.\(global.privateDomain)",
-								"http://*.\(global.domain)/", // TODO(gio): configure ingress nginx private to autoredirect
-								"http://*.\(global.privateDomain)",
 						    ]
 							methods: {
 								password: {

diff --git a/core/installer/values-tmpl/private-network.cue b/core/installer/values-tmpl/private-network.cue
index 2438c25..94c73a1 100644
--- a/core/installer/values-tmpl/private-network.cue
+++ b/core/installer/values-tmpl/private-network.cue

@@ -64,6 +64,9 @@
 					default: false
 					controllerValue: "k8s.io/\(_ingressPrivate)"
 				}
+				config: {
+					"force-ssl-redirect": "true"
+				}
 				extraArgs: {
 					"default-ssl-certificate": "\(_ingressPrivate)/cert-wildcard.\(global.privateDomain)"
 				}