forked from XenitAB/ansible-deploy-aks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
cpx-ingress-apache.yaml
83 lines (83 loc) · 1.57 KB
/
cpx-ingress-apache.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: apache
labels:
name: apache
spec:
selector:
matchLabels:
app: apache
replicas: 6
template:
metadata:
labels:
app: apache
spec:
containers:
- name: apache
image: httpd:latest
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: apache
spec:
ports:
- port: 80
targetPort: 80
selector:
app: apache
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: apache-cert
spec:
secretName: apache-cert
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
commonName: "apache.example.com"
acme:
config:
- dns01:
provider: azure
domains:
- "apache.example.com"
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: apache-ingress
annotations:
kubernetes.io/ingress.class: "citrix-ingress"
ingress.citrix.com/insecure-termination: "allow"
spec:
tls:
- hosts:
- apache.example.com
secretName: apache-cert
rules:
- host: apache.example.com
http:
paths:
- backend:
serviceName: apache
servicePort: 80
---
apiVersion: citrix.com/v1
kind: rewritepolicy
metadata:
name: httpsredirect
spec:
responder-policies:
- servicenames:
- apache
responder-policy:
redirect:
url: '"https://" + HTTP.REQ.HEADER("Host").HTTP_HEADER_SAFE + HTTP.REQ.URL.PATH_AND_QUERY.HTTP_URL_SAFE'
respond-criteria: 'CLIENT.SSL.IS_SSL.NOT'
comment: 'Redirect http to https'