From f3eee6ae543a6889b9e5dcd5fd509b4e3f0caa7e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gon=C3=A7alo=20Heleno?= <goncalo.heleno@camptocamp.com>
Date: Tue, 27 Feb 2024 13:11:35 +0100
Subject: [PATCH] fix: remove legacy ingress annotations

The SSL redirection is no longer defined by these annotations, I think this is a leftover from ancient code. The HTTP -> HTTPS redirection is handled natively by the Traefik module and is enabled by default (a variable is available to deactivate it if necessary).
---
 locals.tf | 35 ++++++++++++++---------------------
 1 file changed, 14 insertions(+), 21 deletions(-)

diff --git a/locals.tf b/locals.tf
index 553b8d8f..8f89ec77 100644
--- a/locals.tf
+++ b/locals.tf
@@ -1,6 +1,12 @@
 locals {
   oauth2_proxy_image = "quay.io/oauth2-proxy/oauth2-proxy:v7.5.0"
 
+  ingress_annotations = {
+    "cert-manager.io/cluster-issuer"                   = "${var.cluster_issuer}"
+    "traefik.ingress.kubernetes.io/router.entrypoints" = "websecure"
+    "traefik.ingress.kubernetes.io/router.tls"         = "true"
+  }
+
   # values.yaml translated into HCL structures.
   # Possible values available here -> https://github.com/bitnami/charts/tree/master/bitnami/thanos/
   helm_values = [{
@@ -114,16 +120,10 @@ locals {
           }]
         }
         ingress = {
-          enabled = true
-          annotations = {
-            "cert-manager.io/cluster-issuer"                   = "${var.cluster_issuer}"
-            "traefik.ingress.kubernetes.io/router.entrypoints" = "websecure"
-            "traefik.ingress.kubernetes.io/router.tls"         = "true"
-            "ingress.kubernetes.io/ssl-redirect"               = "true"
-            "kubernetes.io/ingress.allow-http"                 = "false"
-          }
-          tls      = false
-          hostname = ""
+          enabled     = true
+          annotations = local.ingress_annotations
+          tls         = false
+          hostname    = ""
           extraRules = [
             {
               host = "thanos-bucketweb.${trimprefix("${var.subdomain}.${var.base_domain}", ".")}"
@@ -247,17 +247,10 @@ locals {
           }]
         }
         ingress = {
-          enabled = true
-          annotations = {
-            "cert-manager.io/cluster-issuer"                   = "${var.cluster_issuer}"
-            "traefik.ingress.kubernetes.io/router.entrypoints" = "websecure"
-            "traefik.ingress.kubernetes.io/router.middlewares" = "traefik-withclustername@kubernetescrd"
-            "traefik.ingress.kubernetes.io/router.tls"         = "true"
-            "ingress.kubernetes.io/ssl-redirect"               = "true"
-            "kubernetes.io/ingress.allow-http"                 = "false"
-          }
-          tls      = false
-          hostname = ""
+          enabled     = true
+          annotations = local.ingress_annotations
+          tls         = false
+          hostname    = ""
           extraRules = [
             {
               host = "thanos-query.${trimprefix("${var.subdomain}.${var.base_domain}", ".")}"