feat: Add option to perform https redirect in gateway (#363)

caraml-dev · Oct 10, 2023 · 517bb40 · 517bb40
1 parent 4656b54
commit 517bb40
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 42 deletions.
diff --git a/charts/routes/Chart.yaml b/charts/routes/Chart.yaml
@@ -1,43 +1,43 @@
 apiVersion: v2
 appVersion: 1.0.0
 dependencies:
-- alias: istiod
-  condition: istiod.enabled
-  name: generic-dep-installer
-  repository: https://caraml-dev.github.io/helm-charts
-  version: 0.1.1
-- alias: base
-  condition: base.enabled
-  name: base
-  repository: https://istio-release.storage.googleapis.com/charts
-  version: 1.13.4
-- alias: istioIngressGateway
-  condition: istioIngressGateway.global.enabled
-  name: generic-dep-installer
-  repository: https://caraml-dev.github.io/helm-charts
-  version: 0.1.0
-- alias: oathkeeper
-  condition: oathkeeper.enabled
-  name: oathkeeper
-  repository: https://k8s.ory.sh/helm/charts
-  version: 0.33.4
-- alias: certManagerBase
-  condition: certManagerBase.enabled
-  name: cert-manager-base
-  repository: https://caraml-dev.github.io/helm-charts
-  version: 1.8.1
-- condition: cert-manager.enabled
-  name: cert-manager
-  repository: https://charts.jetstack.io
-  version: 1.8.1
-- condition: common.enabled
-  name: common
-  repository: https://caraml-dev.github.io/helm-charts
-  version: 0.2.5
+  - alias: istiod
+    condition: istiod.enabled
+    name: generic-dep-installer
+    repository: https://caraml-dev.github.io/helm-charts
+    version: 0.1.1
+  - alias: base
+    condition: base.enabled
+    name: base
+    repository: https://istio-release.storage.googleapis.com/charts
+    version: 1.13.4
+  - alias: istioIngressGateway
+    condition: istioIngressGateway.global.enabled
+    name: generic-dep-installer
+    repository: https://caraml-dev.github.io/helm-charts
+    version: 0.1.0
+  - alias: oathkeeper
+    condition: oathkeeper.enabled
+    name: oathkeeper
+    repository: https://k8s.ory.sh/helm/charts
+    version: 0.33.4
+  - alias: certManagerBase
+    condition: certManagerBase.enabled
+    name: cert-manager-base
+    repository: https://caraml-dev.github.io/helm-charts
+    version: 1.8.1
+  - condition: cert-manager.enabled
+    name: cert-manager
+    repository: https://charts.jetstack.io
+    version: 1.8.1
+  - condition: common.enabled
+    name: common
+    repository: https://caraml-dev.github.io/helm-charts
+    version: 0.2.5
 description: A Helm chart for deploying CaraML networking resources
 maintainers:
-- email: [email protected]
-  name: caraml-dev
+  - email: [email protected]
+    name: caraml-dev
 name: caraml-routes
 type: application
-version: 0.3.1
+version: 0.3.2
diff --git a/charts/routes/README.md b/charts/routes/README.md
@@ -1,7 +1,7 @@
 # caraml-routes
 
 ---
-![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square)
+![Version: 0.3.2](https://img.shields.io/badge/Version-0.3.2-informational?style=flat-square)
 ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
 
 A Helm chart for deploying CaraML networking resources
@@ -104,6 +104,7 @@ The following table lists the configurable parameters of the Routes chart and th
 | https.certificateIssuer.create | bool | `true` |  |
 | https.certificateIssuer.external.kind | string | `"ClusterIssuer"` |  |
 | https.certificateIssuer.external.name | string | `"default"` |  |
+| https.enableRedirect | bool | `true` |  |
 | https.enabled | bool | `true` |  |
 | https.tls.credentialName | string | `"mlp-tls-cert"` |  |
 | https.tls.mode | string | `"SIMPLE"` |  |

diff --git a/charts/routes/templates/gateway.yaml b/charts/routes/templates/gateway.yaml
@@ -19,6 +19,10 @@ spec:
         {{- range $hosts }}
         - {{ include "common.localiseDomain" (list . (include "common.get-external-hostname" $.Values.global) ) }}
         {{- end }}
+      {{- if and $.Values.https.enabled $.Values.https.enableRedirect }}
+      tls:
+        httpsRedirect: true # sends 301 redirect for http requests
+      {{- end }}
 {{- end }}
     {{- if .Values.https.enabled }}
     - port:

diff --git a/charts/routes/values.yaml b/charts/routes/values.yaml
@@ -71,7 +71,6 @@ global:
     serviceName: caraml-authz
     externalPort: "80"
 
-
 #################################################################################################
 # Routes chart specific configuration
 # ###############################################################################################
@@ -154,8 +153,9 @@ mlp:
     authHeader: false
 
 https:
-  # NOTE: Set https to true by default to allow google oauth login, disable from parent chart
+  #  NOTE: Set https to true by default to allow google oauth login, disable from parent chart
   enabled: true
+  enableRedirect: true
   certificateIssuer:
     create: true
     external:
@@ -165,15 +165,15 @@ https:
     mode: SIMPLE
     credentialName: mlp-tls-cert
 
-
 # Configuration for mlp
 mlpGateway:
   name: mlp-gateway
   selector:
     istio: ingressgateway
 
 # configuration for extra mappings in VS (e.g. authentication proxies)
-extraMappings: []
+extraMappings:
+  []
   # - name: auth-proxy
   #   match:
   #     - uri:
@@ -213,7 +213,6 @@ certManagerBase:
 cert-manager:
   enabled: true
 
-
 common:
   enabled: true