ingress: force ssl for both private and public ingresses (#124)
Co-authored-by: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>
diff --git a/core/installer/values-tmpl/core-auth.cue b/core/installer/values-tmpl/core-auth.cue
index 391f127..0e9f26f 100644
--- a/core/installer/values-tmpl/core-auth.cue
+++ b/core/installer/values-tmpl/core-auth.cue
@@ -230,8 +230,6 @@
allowed_return_urls: [
"https://*.\(global.domain)/",
"https://*.\(global.privateDomain)",
- "http://*.\(global.domain)/", // TODO(gio): configure ingress nginx private to autoredirect
- "http://*.\(global.privateDomain)",
]
methods: {
password: {
diff --git a/core/installer/values-tmpl/private-network.cue b/core/installer/values-tmpl/private-network.cue
index 2438c25..94c73a1 100644
--- a/core/installer/values-tmpl/private-network.cue
+++ b/core/installer/values-tmpl/private-network.cue
@@ -64,6 +64,9 @@
default: false
controllerValue: "k8s.io/\(_ingressPrivate)"
}
+ config: {
+ "force-ssl-redirect": "true"
+ }
extraArgs: {
"default-ssl-certificate": "\(_ingressPrivate)/cert-wildcard.\(global.privateDomain)"
}