viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(ingress): wire up backend_protocol, remove dead ssl_redirect variable

Browse source 
Post nginx→Traefik migration cleanup:
- backend_protocol now sets serversscheme + serverstransport annotations
  for HTTPS backends (k8s-dashboard, pfsense, nas, idrac, proxmox, etc.)
- Remove ssl_redirect variable (nginx-only, silently ignored by Traefik)
  and all 9 caller references

[ci skip]

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin 2026-03-18 08:45:56 +00:00
parent 8c4942779f
commit e097b7eb29
9 changed files with 3 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

8
modules/kubernetes/ingress_factory/main.tf
View file

@ -35,10 +35,6 @@ variable "max_body_size" {
variable "extra_annotations" {
default = {}
}
variable "ssl_redirect" {
default = true
type = bool
}
variable "allow_local_access_only" {
default = false
type = bool
@ -125,7 +121,9 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
var.custom_content_security_policy != null ? "${var.namespace}-custom-csp-${var.name}@kubernetescrd" : null,
"${var.namespace}-body-size-${var.name}@kubernetescrd",
], var.extra_middlewares)))
"traefik.ingress.kubernetes.io/router.entrypoints" = "websecure"
"traefik.ingress.kubernetes.io/router.entrypoints" = "websecure"
"traefik.ingress.kubernetes.io/service.serversscheme" = var.backend_protocol == "HTTPS" ? "https" : null
"traefik.ingress.kubernetes.io/service.serverstransport" = var.backend_protocol == "HTTPS" ? "traefik-insecure-skip-verify@kubernetescrd" : null
}, var.extra_annotations)
}