andormarkus commented on issue #16010: URL: https://github.com/apache/airflow/issues/16010#issuecomment-846557324
Hi @potiuk and @mik-laj Thank you for the idea to shifting the SSL into the Ingress. We are using AWS Load Balancer Controller which supports ingress side certificates. I think more people might have the same issue who are new into Kubernetes and Airflow. Can we extended [Helm chart documentation](http://airflow.apache.org/docs/helm-chart/stable/index.html) with mik-laj's recommendation? I have followed Marc Lamberti's 'Apache Airflow on AWS EKS: The Hands-On Guide' which clearly won't work with the newly released official chart. Helm chart myconf.yaml looks like this ```yaml ingress: enabled: true web: precedingPaths: - path: "/*" serviceName: "ssl-redirect" servicePort: "use-annotation" path: "/airflow/*" annotations: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internal alb.ingress.kubernetes.io/target-type: ip alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=3600 alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:eu-central-1:XXXXXXXXXX:certificate/XXXXXXXXXXX alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
