Deprecate disableSSLRedirect with sslRedirect

internal/caddy/ingress/annotations.go

@@ -4,11 +4,16 @@ import v1 "k8s.io/api/networking/v1"
 
 const (
 	annotationPrefix             = "caddy.ingress.kubernetes.io"
-	rewriteToAnnotation          = "rewrite-to"
-	rewriteStripPrefixAnnotation = "rewrite-strip-prefix"
-	disableSSLRedirect           = "disable-ssl-redirect"
 	backendProtocol              = "backend-protocol"
 	insecureSkipVerify           = "insecure-skip-verify"
+	rewriteStripPrefixAnnotation = "rewrite-strip-prefix"
+	rewriteToAnnotation          = "rewrite-to"
+	sslRedirect                  = "ssl-redirect"
+
+	//// Deprecated annotations
+
+	// Use "ssl-redirect" instead, see https://github.com/caddyserver/ingress/issues/102
+	disableSSLRedirect = "disable-ssl-redirect"
 )
 
 func getAnnotation(ing *v1.Ingress, rule string) string {
@@ -22,3 +27,8 @@ func getAnnotationBool(ing *v1.Ingress, rule string, def bool) bool {
 	}
 	return val == "true"
 }
+
+func hasAnnotation(ing *v1.Ingress, rule string) bool {
+	_, ok := ing.Annotations[annotationPrefix+"/"+rule]
+	return ok
+}

internal/caddy/ingress/matcher.go

@@ -21,7 +21,11 @@ func (p MatcherPlugin) IngressPlugin() converter.PluginInfo {
 func (p MatcherPlugin) IngressHandler(input converter.IngressMiddlewareInput) (*caddyhttp.Route, error) {
 	match := caddy.ModuleMap{}
 
-	if getAnnotation(input.Ingress, disableSSLRedirect) != "true" {
+	// Ignore disable-ssl-redirect annotation if ssl-redirect is set or the disable-ssl-redirect is not set / set to false.
+	ignoreDisableSSLRedirect := hasAnnotation(input.Ingress, sslRedirect) || !getAnnotationBool(input.Ingress, disableSSLRedirect, false)
+
+	// If the disable-ssl-redirect annotation is ignored, then the ssl-redirect annotation is used.
+	if ignoreDisableSSLRedirect && getAnnotationBool(input.Ingress, sslRedirect, true) {
 		match["protocol"] = caddyconfig.JSON(caddyhttp.MatchProtocol("https"), nil)
 	}