add ingress aws lb config, request cert for challenge ingresses

detjensrobert · detjensrobert · commit 5b1cad2f1d72 · 2025-05-01T00:00:52.000-07:00
Signed-off-by: Robert Detjens &lt;github@detjens.dev&gt;
diff --git a/src/asset_files/challenge_templates/http.yaml.j2 b/src/asset_files/challenge_templates/http.yaml.j2
@@ -38,4 +38,8 @@ spec:
               name: "rcds-{{ slug }}-{{ pod.name }}-http"
               port:
                 number: {{ p.internal }}
+
+      tls:
+        - hosts: [ "{{ p.expose.http }}.{{ domain }}" ]
+          secretName: "rcds-tls-{{ p.expose.http }}.{{ domain }}"
   {% endfor -%}
diff --git a/src/asset_files/setup_manifests/ingress-nginx.helm.yaml b/src/asset_files/setup_manifests/ingress-nginx.helm.yaml
@@ -3,6 +3,15 @@ controller:
   ingressClassResource:
     name: beavercds
 
+  # set variety of annotations needed for the cloud providers
+
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
+    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
+    service.beta.kubernetes.io/aws-load-balancer-type: nlb
+    service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules: "true"
+
 # nginx values for tcp ports will be set separately in other values file
 # this will make it easier for `deploy` to update those values without
 # subsequent calls to `cluster-setup` overwriting changes.
