headlamp: serve over HTTPS at headlamp.roysland.net
Move ingress from headlamp.local (plain HTTP) to headlamp.roysland.net with a Let's Encrypt cert (cert-manager) and a Traefik HTTP->HTTPS redirect. Fixes the browser HTTPS-upgrade breaking the API calls against the self-signed Traefik default cert. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
teddy
parent
3d22ced62d
commit
0e3bb28bef
1 changed files with 19 additions and 1 deletions
|
|
@ -91,15 +91,33 @@ spec:
|
||||||
- port: 80
|
- port: 80
|
||||||
targetPort: 4466
|
targetPort: 4466
|
||||||
---
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: https-redirect
|
||||||
|
namespace: kube-system
|
||||||
|
spec:
|
||||||
|
redirectScheme:
|
||||||
|
scheme: https
|
||||||
|
permanent: true
|
||||||
|
---
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
name: headlamp
|
name: headlamp
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt
|
||||||
|
# Force HTTP->HTTPS at Traefik (proxy-level, no app redirect loop).
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
|
||||||
spec:
|
spec:
|
||||||
ingressClassName: traefik
|
ingressClassName: traefik
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- headlamp.roysland.net
|
||||||
|
secretName: headlamp-tls
|
||||||
rules:
|
rules:
|
||||||
- host: headlamp.local
|
- host: headlamp.roysland.net
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue