Add https redirect for all ingress controllers (#185)

theketchio · Nov 2, 2021 · f790053 · f790053
1 parent 931bd43
commit f790053
Show file tree

Hide file tree

Showing 8 changed files with 328 additions and 7 deletions.
diff --git a/internal/chart/testdata/charts/dashboard-istio-cluster-issuer.yaml b/internal/chart/testdata/charts/dashboard-istio-cluster-issuer.yaml
@@ -420,6 +420,14 @@ spec:
       credentialName: dashboard-cname-theketch-io
     hosts:
     - theketch.io
+  - port:
+      name: http-to-https-3-theketch.io
+      number: 80
+      protocol: HTTP
+    hosts:
+    - theketch.io
+    tls:
+      httpsRedirect: true
   - port:
       number: 443
       name: https-3-app.theketch.io
@@ -429,6 +437,14 @@ spec:
       credentialName: dashboard-cname-app-theketch-io
     hosts:
     - app.theketch.io
+  - port:
+      name: http-to-https-3-app.theketch.io
+      number: 80
+      protocol: HTTP
+    hosts:
+    - app.theketch.io
+    tls:
+      httpsRedirect: true
   - port:
       number: 443
       name: https-3-darkweb.theketch.io
@@ -438,6 +454,14 @@ spec:
       credentialName: darkweb-ssl
     hosts:
     - darkweb.theketch.io
+  - port:
+      name: http-to-https-3-darkweb.theketch.io
+      number: 80
+      protocol: HTTP
+    hosts:
+    - darkweb.theketch.io
+    tls:
+      httpsRedirect: true
   - port:
       number: 80
       name: http-4
@@ -453,6 +477,14 @@ spec:
       credentialName: dashboard-cname-theketch-io
     hosts:
     - theketch.io
+  - port:
+      name: http-to-https-4-theketch.io
+      number: 80
+      protocol: HTTP
+    hosts:
+    - theketch.io
+    tls:
+      httpsRedirect: true
   - port:
       number: 443
       name: https-4-app.theketch.io
@@ -462,6 +494,14 @@ spec:
       credentialName: dashboard-cname-app-theketch-io
     hosts:
     - app.theketch.io
+  - port:
+      name: http-to-https-4-app.theketch.io
+      number: 80
+      protocol: HTTP
+    hosts:
+    - app.theketch.io
+    tls:
+      httpsRedirect: true
   - port:
       number: 443
       name: https-4-darkweb.theketch.io
@@ -471,6 +511,14 @@ spec:
       credentialName: darkweb-ssl
     hosts:
     - darkweb.theketch.io
+  - port:
+      name: http-to-https-4-darkweb.theketch.io
+      number: 80
+      protocol: HTTP
+    hosts:
+    - darkweb.theketch.io
+    tls:
+      httpsRedirect: true
 ---
 # Source: dashboard/templates/virtualService.yaml
 apiVersion: networking.istio.io/v1alpha3

diff --git a/internal/chart/testdata/charts/dashboard-nginx-cluster-issuer.yaml b/internal/chart/testdata/charts/dashboard-nginx-cluster-issuer.yaml
@@ -340,7 +340,7 @@ spec:
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: dashboard-0-https-ingress
+  name: dashboard-0-http-ingress
   annotations:
     kubernetes.io/ingress.class: "ingress-class"
     theketch.io/metadata-item-kind: Ingress
@@ -364,7 +364,7 @@ spec:
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: dashboard-1-https-ingress
+  name: dashboard-1-http-ingress
   annotations:
     kubernetes.io/ingress.class: "ingress-class"
     nginx.ingress.kubernetes.io/canary: "true"
@@ -393,6 +393,8 @@ metadata:
   name: dashboard-0-https-ingress
   annotations:
     kubernetes.io/ingress.class: "ingress-class"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
   labels:
     theketch.io/app-name: "dashboard"
 spec:
@@ -445,6 +447,8 @@ metadata:
   name: dashboard-1-https-ingress
   annotations:
     kubernetes.io/ingress.class: "ingress-class"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
     nginx.ingress.kubernetes.io/canary: "true"
     nginx.ingress.kubernetes.io/canary-weight: "70"
   labels:

diff --git a/internal/chart/testdata/charts/dashboard-nginx.yaml b/internal/chart/testdata/charts/dashboard-nginx.yaml
@@ -344,7 +344,7 @@ spec:
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: dashboard-0-https-ingress
+  name: dashboard-0-http-ingress
   annotations:
     kubernetes.io/ingress.class: "gke"
     theketch.io/metadata-item-kind: Ingress
@@ -395,7 +395,7 @@ spec:
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: dashboard-1-https-ingress
+  name: dashboard-1-http-ingress
   annotations:
     kubernetes.io/ingress.class: "gke"
     nginx.ingress.kubernetes.io/canary: "true"

diff --git a/internal/chart/testdata/charts/dashboard-traefik-cluster-issuer-shipa.yaml b/internal/chart/testdata/charts/dashboard-traefik-cluster-issuer-shipa.yaml
@@ -415,6 +415,32 @@ spec:
 # Source: dashboard/templates/https-ingress-routes.yaml
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
+metadata:
+  name: dashboard-https-theketch-io-http-redirect
+  annotations:
+    kubernetes.io/ingress.class: "ingress-class"
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+  labels:
+    shipa.io/app-name: "dashboard"
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host("theketch.io")
+      kind: Rule
+      middlewares:
+        - name: dashboard-https-theketch-io-redirect-scheme
+      services:
+      - name: dashboard-web-3
+        port: 9090
+        weight: 30
+      - name: dashboard-web-4
+        port: 9091
+        weight: 70
+---
+# Source: dashboard/templates/https-ingress-routes.yaml
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
 metadata:
   name: dashboard-https-app-theketch-io
   annotations:
@@ -441,6 +467,32 @@ spec:
 # Source: dashboard/templates/https-ingress-routes.yaml
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
+metadata:
+  name: dashboard-https-app-theketch-io-http-redirect
+  annotations:
+    kubernetes.io/ingress.class: "ingress-class"
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+  labels:
+    shipa.io/app-name: "dashboard"
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host("app.theketch.io")
+      kind: Rule
+      middlewares:
+        - name: dashboard-https-app-theketch-io-redirect-scheme
+      services:
+      - name: dashboard-web-3
+        port: 9090
+        weight: 30
+      - name: dashboard-web-4
+        port: 9091
+        weight: 70
+---
+# Source: dashboard/templates/https-ingress-routes.yaml
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
 metadata:
   name: dashboard-https-darkweb-theketch-io
   annotations:
@@ -462,4 +514,60 @@ spec:
       port: 9091
       weight: 70
   tls:
-    secretName: darkweb-ssl
+    secretName: darkweb-ssl
+---
+# Source: dashboard/templates/https-ingress-routes.yaml
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: dashboard-https-darkweb-theketch-io-http-redirect
+  annotations:
+    kubernetes.io/ingress.class: "ingress-class"
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+  labels:
+    shipa.io/app-name: "dashboard"
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host("darkweb.theketch.io")
+      kind: Rule
+      middlewares:
+        - name: dashboard-https-darkweb-theketch-io-redirect-scheme
+      services:
+      - name: dashboard-web-3
+        port: 9090
+        weight: 30
+      - name: dashboard-web-4
+        port: 9091
+        weight: 70
+---
+# Source: dashboard/templates/https-ingress-routes.yaml
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: dashboard-https-theketch-io-redirect-scheme
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true
+---
+# Source: dashboard/templates/https-ingress-routes.yaml
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: dashboard-https-app-theketch-io-redirect-scheme
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true
+---
+# Source: dashboard/templates/https-ingress-routes.yaml
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: dashboard-https-darkweb-theketch-io-redirect-scheme
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true