andormarkus commented on issue #16010:
URL: https://github.com/apache/airflow/issues/16010#issuecomment-847929472
@Anirudhaagrawal During my initial comment I was'n fully familiar with the
helm chart values file. potiuk and mik-laj recommended: we should not use HTTPS
inside kubernetes, it will fail on the liveness and readiness probes.
Recommended traffic flow looks like this:
internet --> HTTPS --> K8s ingress controller --> HTTP --> Airflow webserver
my configuration looks like this (AWS EKS with
`aws-load-balancer-controller`):
```yaml
config:
webserver:
base_url: https://k8s.foobaa.com/airflow
ingress:
enabled: true
web:
precedingPaths:
- path: "/*"
serviceName: "ssl-redirect"
servicePort: "use-annotation"
path: "/airflow/*"
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/target-group-attributes:
stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=3600
alb.ingress.kubernetes.io/certificate-arn: ${aws_acm_certificate_arn}
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect",
"RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode":
"HTTP_301"}}'
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
