Get X-Forwarded-* headers for apps on k8s

[glogiotatidis]

I'd very much like to get X-Forwarded headers down to the app level for all our k8s deployed apps. I believe this was never accomplished due to a number of reasons:

• Using TCP instead of HTTP on the ELB level
• Beta or unavailable k8s annotations for ELBs
• maybe others?

Getting those headers will allow apps to identify secure connections without monkey patching them and it secures us better against mis-configurations.

Do the reasons posted still hold or is it a matter of somebody figuring this out? If the later happy to devote some time.

See also #101

[bookshelfdave]

It's been a long time since our first iteration of K8s ELBs, I can't remember the reason why the ELB protocols were set the way they were. We can fully customize ELB params with our new automation, so I'd like to get this sorted out.

[glogiotatidis]

It's been a long time since our first iteration of K8s ELBs, I can't remember the reason why the ELB protocols were set the way they were. We can fully customize ELB params with our new automation, so I'd like to get this sorted out.

you're my favorite person

[bookshelfdave]

@glogiotatidis @jgmize and I tested a new ELB in with HTTP/HTTPS listeners for bedrock-dev in Oregon-B. Forwarding appears to be working correctly without the K8s-based redirector service.

We'd like to test a similar configuration for snippets in Oregon-B.

[jgmize]

@pmac and I did further testing with bedrock in Frankfurt and Tokyo, and bedrock is now using the HTTP{,S} listeners in production and I believe we should be able to make the switch for snippets and other apps as well.