Ability to add custom ingress rule for ssl

[vinhlh]

We're using alb controller, and we need to add additional rule for ssl

[mcandio]

I have the same problem, did you manage to solve it?
I'm cloning the repo and customizing the ingress.yaml but it is not what I expect, should be a way to solve this.

[nitrocode]

@mcandio @spirosoik @vinhlh

Don't the current ingress rules allow for overriding the highlighted parameters in the above screenshot?

Please confirm if this is still an issue.

https://github.com/runatlantis/helm-charts/blob/main/charts/atlantis/templates/ingress.yaml

[mcandio]

@nitrocode I have this declared in my values.yaml

ingress:
  enabled: true
  ingressClassName:
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  path: /*
## this is in case we want several paths under the same host, with different backend services
  paths:
    - path: "/*"
      service: ssl-redirect
      port: use-annotation
  pathType: ImplementationSpecific
  host: atl.test.io

And I'm getting:

Error: Failed to render chart: exit status 1: Error: unable to build kubernetes objects from release manifest: error validating "": error validating data: ValidationError(Ingress.spec.rules[0].http.paths[0].backend.service.port.number): invalid type for io.k8s.api.networking.v1.ServiceBackendPort.number: got "string", expected "integer"

btw I'm using helmfile to render the templates since it's easier for me.

If you have any doubts please let me know

[mcandio]

by the other hand if I have a cluster with networking.k8s.io/v1 apiVersion I can do the following:

ingress:
  enabled: true
  ingressClassName:
  annotations:
      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:xxxx:certificate/xxxxxx
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
      alb.ingress.kubernetes.io/ssl-redirect: '443'
  path: /*
## this is in case we want several paths under the same host, with different backend services
  paths:
    - path: "/*"
      service: ssl-redirect
      port: 80
  pathType: ImplementationSpecific
  host: atl.test.io

Which leads me to suggest to close this issue since the AWS ALB v2.4 official documentation is updated to v1

doc

[nitrocode]

@mcandio

The value ingress.apiVersion is unset by default

helm-charts/charts/atlantis/values.yaml

Lines 213 to 214 in a4e4678

	ingress:
	enabled: true

So apiVersion defaults to extensions/v1beta1 (line 2) but can also be set to a different value depending on the ingress.apiVersion (line 4) or the .Capabilities.APIVersions (lines 6 and 8).

helm-charts/charts/atlantis/templates/ingress.yaml

Lines 1 to 9 in a4e4678

	{{- if .Values.ingress.enabled -}}
	{{- $apiVersion := "extensions/v1beta1" -}}
	{{- if .Values.ingress.apiVersion -}}
	{{- $apiVersion = .Values.ingress.apiVersion -}}
	{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}}
	{{- $apiVersion = "networking.k8s.io/v1" -}}
	{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta/Ingress" -}}
	{{- $apiVersion = "networking.k8s.io/v1beta" -}}
	{{- end -}}

This is the block that controls whether to use the old port.number style or the new servicePort style. The latter allows the use-annotation value whereas the former does not.

helm-charts/charts/atlantis/templates/ingress.yaml

Lines 57 to 66 in a4e4678

	{{- if eq $apiVersion "networking.k8s.io/v1" }}
	service:
	name: {{ $fullName }}
	port:
	number: {{ .Values.service.port }}
	pathType: {{ .Values.ingress.pathType }}
	{{ else }}
	serviceName: {{ $fullName }}
	servicePort: {{ .Values.service.port }}
	{{- end }}

According to this doc, you should be using extensions/v1beta1 for your API version so I would explicitly set it in your values and see if it works for you.

ingress:
  apiVersion: extensions/v1beta1

[github-actions]

This issue is stale because it has been open for 1 month with no activity. Remove stale label or comment or this will be closed in 1 month.'