diff --git a/kubernetes/overlays/prod/overlays/askem-production/ingress/private-web-ingress.yaml b/kubernetes/overlays/prod/overlays/askem-production/ingress/private-web-ingress.yaml index 506264b1..a151f058 100644 --- a/kubernetes/overlays/prod/overlays/askem-production/ingress/private-web-ingress.yaml +++ b/kubernetes/overlays/prod/overlays/askem-production/ingress/private-web-ingress.yaml @@ -4,11 +4,11 @@ kind: Ingress metadata: name: private-web-ingress annotations: + alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/scheme: internet-facing - alb.ingress.kubernetes.io/target-type: instance alb.ingress.kubernetes.io/security-groups: askem-prod-web-private, askem-prod-k8s - alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' - alb.ingress.kubernetes.io/actions.ssl-redirect: '443' + alb.ingress.kubernetes.io/target-type: instance spec: ingressClassName: alb rules: @@ -19,21 +19,17 @@ spec: pathType: Prefix backend: service: - name: hmi-server + name: ssl-redirect port: - number: 3000 - - - host: 'beaker.terarium.ai' - http: - paths: + name: use-annotation - path: / pathType: Prefix backend: service: - name: beaker + name: hmi-server port: - number: 3050 + number: 3000 + tls: - hosts: - 'server.terarium.ai' - - 'beaker.terarium.ai' diff --git a/kubernetes/overlays/prod/overlays/askem-production/ingress/private-web-non-ssl-ingress.yaml b/kubernetes/overlays/prod/overlays/askem-production/ingress/private-web-non-ssl-ingress.yaml new file mode 100644 index 00000000..bcd80153 --- /dev/null +++ b/kubernetes/overlays/prod/overlays/askem-production/ingress/private-web-non-ssl-ingress.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: private-web-non-ssl-ingress + annotations: + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/security-groups: askem-prod-web-private, askem-prod-k8s + alb.ingress.kubernetes.io/target-type: instance +spec: + ingressClassName: alb + rules: + - host: 'beaker.terarium.ai' + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: beaker + port: + number: 3050 + tls: + - hosts: + - 'beaker.terarium.ai' diff --git a/kubernetes/overlays/prod/overlays/askem-production/ingress/public-web-ingress.yaml b/kubernetes/overlays/prod/overlays/askem-production/ingress/public-web-ingress.yaml index 349fddea..06c8bb2d 100644 --- a/kubernetes/overlays/prod/overlays/askem-production/ingress/public-web-ingress.yaml +++ b/kubernetes/overlays/prod/overlays/askem-production/ingress/public-web-ingress.yaml @@ -4,11 +4,11 @@ kind: Ingress metadata: name: public-web-ingress annotations: + alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/scheme: internet-facing - alb.ingress.kubernetes.io/target-type: instance alb.ingress.kubernetes.io/security-groups: askem-prod-web, askem-prod-k8s - alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' - alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/target-type: instance spec: ingressClassName: alb rules: diff --git a/kubernetes/overlays/prod/overlays/askem-production/ingress/public-web-ssl-ingress.yaml b/kubernetes/overlays/prod/overlays/askem-production/ingress/public-web-ssl-ingress.yaml index 6c5ee6e5..a3970d7f 100644 --- a/kubernetes/overlays/prod/overlays/askem-production/ingress/public-web-ssl-ingress.yaml +++ b/kubernetes/overlays/prod/overlays/askem-production/ingress/public-web-ssl-ingress.yaml @@ -4,12 +4,12 @@ kind: Ingress metadata: name: public-web-ssl-ingress annotations: + alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/backend-protocol: HTTPS + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' alb.ingress.kubernetes.io/scheme: internet-facing - alb.ingress.kubernetes.io/target-type: instance alb.ingress.kubernetes.io/security-groups: askem-prod-web, askem-prod-k8s - alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' - alb.ingress.kubernetes.io/actions.ssl-redirect: '443' - alb.ingress.kubernetes.io/backend-protocol: HTTPS + alb.ingress.kubernetes.io/target-type: instance spec: ingressClassName: alb rules: diff --git a/kubernetes/overlays/prod/overlays/askem-production/kustomization.yaml b/kubernetes/overlays/prod/overlays/askem-production/kustomization.yaml index ca465cf2..660042aa 100644 --- a/kubernetes/overlays/prod/overlays/askem-production/kustomization.yaml +++ b/kubernetes/overlays/prod/overlays/askem-production/kustomization.yaml @@ -5,6 +5,7 @@ namespace: terarium resources: - ../../base - ingress/private-web-ingress.yaml + - ingress/private-web-non-ssl-ingress.yaml - ingress/public-web-ingress.yaml - ingress/public-web-ssl-ingress.yaml - secrets/secrets-adobe-api-key.yaml diff --git a/kubernetes/overlays/prod/overlays/askem-staging/ingress/private-web-ingress.yaml b/kubernetes/overlays/prod/overlays/askem-staging/ingress/private-web-ingress.yaml index fb42e696..5322cc34 100644 --- a/kubernetes/overlays/prod/overlays/askem-staging/ingress/private-web-ingress.yaml +++ b/kubernetes/overlays/prod/overlays/askem-staging/ingress/private-web-ingress.yaml @@ -7,7 +7,7 @@ metadata: alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/scheme: internet-facing - alb.ingress.kubernetes.io/security-groups: askem-staging-web-private + alb.ingress.kubernetes.io/security-groups: askem-staging-web-private, askem-staging-k8s alb.ingress.kubernetes.io/target-type: instance spec: ingressClassName: alb @@ -66,24 +66,6 @@ spec: port: number: 4046 - - host: 'beaker.staging.terarium.ai' - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: ssl-redirect - port: - name: use-annotation - - path: / - pathType: Prefix - backend: - service: - name: beaker - port: - number: 3050 - - host: 'pyciemss.staging.terarium.ai' http: paths: @@ -212,7 +194,6 @@ spec: tls: - hosts: - - 'beaker.staging.terarium.ai' - 'climate-data.staging.terarium.ai' - 'funman.staging.terarium.ai' - 'graphdb.staging.terarium.ai' diff --git a/kubernetes/overlays/prod/overlays/askem-staging/ingress/private-web-non-ssl-ingress.yaml b/kubernetes/overlays/prod/overlays/askem-staging/ingress/private-web-non-ssl-ingress.yaml new file mode 100644 index 00000000..39e9cdf2 --- /dev/null +++ b/kubernetes/overlays/prod/overlays/askem-staging/ingress/private-web-non-ssl-ingress.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: private-web-non-ssl-ingress + annotations: + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/security-groups: askem-staging-web-private, askem-staging-k8s + alb.ingress.kubernetes.io/target-type: instance +spec: + ingressClassName: alb + rules: + - host: 'beaker.staging.terarium.ai' + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: beaker + port: + number: 3050 + tls: + - hosts: + - 'beaker.staging.terarium.ai' diff --git a/kubernetes/overlays/prod/overlays/askem-staging/ingress/public-web-ssl-ingress.yaml b/kubernetes/overlays/prod/overlays/askem-staging/ingress/public-web-ssl-ingress.yaml index f8efe85f..588bce7b 100644 --- a/kubernetes/overlays/prod/overlays/askem-staging/ingress/public-web-ssl-ingress.yaml +++ b/kubernetes/overlays/prod/overlays/askem-staging/ingress/public-web-ssl-ingress.yaml @@ -4,7 +4,7 @@ kind: Ingress metadata: name: public-web-ssl-ingress annotations: - alb.ingress.kubernetes.io/actions.ssl-redirect: '443' + alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' alb.ingress.kubernetes.io/backend-protocol: HTTPS alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' alb.ingress.kubernetes.io/scheme: internet-facing diff --git a/kubernetes/overlays/prod/overlays/askem-staging/kustomization.yaml b/kubernetes/overlays/prod/overlays/askem-staging/kustomization.yaml index 3d23a12c..e1b0f776 100644 --- a/kubernetes/overlays/prod/overlays/askem-staging/kustomization.yaml +++ b/kubernetes/overlays/prod/overlays/askem-staging/kustomization.yaml @@ -7,6 +7,7 @@ resources: - check-latest - ingress/private-web-grpc-ingress.yaml - ingress/private-web-ingress.yaml + - ingress/private-web-non-ssl-ingress.yaml - ingress/public-web-ingress.yaml - ingress/public-web-ssl-ingress.yaml - secrets/secrets-adobe-api-key.yaml