Support ALB for web service

Rub21 · Rub21 · commit a351757c293e · 2025-10-06T20:43:12.000-05:00
diff --git a/osm-seed/templates/web/web-ingress.yaml b/osm-seed/templates/web/web-ingress.yaml
@@ -2,54 +2,71 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ template "osm-seed.fullname" . }}-ingress
+  name: {{ .Release.Name }}-ingress-web
   annotations:
+    {{- if eq .Values.ingressClassNameType "nlb" }}
+    kubernetes.io/ingress.class: nginx
     cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer
     nginx.ingress.kubernetes.io/proxy-body-size: 200m
-    nginx.ingress.kubernetes.io/proxy-connect-timeout: "1200"
-    nginx.ingress.kubernetes.io/proxy-read-timeout: "1200"
-    nginx.ingress.kubernetes.io/proxy-send-timeout: "1200"
+    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
+    {{- end }}
+
+    {{- if eq .Values.ingressClassNameType "alb" }}
+    kubernetes.io/ingress.class: alb
+    alb.ingress.kubernetes.io/scheme: {{ .Values.alb.scheme | default "internet-facing" }}
+    alb.ingress.kubernetes.io/target-type: {{ .Values.alb.targetType | default "ip" }}
+    alb.ingress.kubernetes.io/listen-ports: '{{ .Values.alb.listenPorts | default "[{\"HTTP\":80},{\"HTTPS\":443}]" }}'
+    alb.ingress.kubernetes.io/certificate-arn: "{{ .Values.alb.certificateArn }}"
+    alb.ingress.kubernetes.io/ssl-redirect: '443'
+    {{- end }}
 spec:
   ingressClassName: {{ .Values.ingressClassName }}
+  {{- if eq .Values.ingressClassNameType "nlb" }}
+  ingressClassName: {{ .Values.ingressClassNameType }}
   tls:
-  - hosts:
-    {{- if .Values.web.ingressDomain }}
-    - {{ .Values.web.ingressDomain }}
-    {{- else }}
-    - web.{{ .Values.domain }}
-    {{- end }}
-    - api.{{ .Values.domain }}
-    - {{ .Values.domain }}
-    secretName: {{ template "osm-seed.fullname" . }}-tls-secret
+    - hosts:
+        {{- if .Values.web.ingressDomain }}
+        - {{ .Values.web.ingressDomain }}
+        {{- else }}
+        - web.{{ .Values.domain }}
+        {{- end }}
+        - api.{{ .Values.domain }}
+        - {{ .Values.domain }}
+      secretName: {{ .Release.Name }}-tls-secret
+  {{- end }}
   rules:
-  - host: {{ if .Values.web.ingressDomain }}{{ .Values.web.ingressDomain }}{{ else }}web.{{ .Values.domain }}{{ end }}
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: {{ template "osm-seed.fullname" . }}-web
-            port:
-              number: 80
-  - host: api.{{ .Values.domain }}
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: {{ template "osm-seed.fullname" . }}-web
-            port:
-              number: 80
-  - host: {{ .Values.domain }}
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: {{ template "osm-seed.fullname" . }}-web
-            port:
-              number: 80
+    - host: {{ if .Values.web.ingressDomain }}{{ .Values.web.ingressDomain }}{{ else }}web.{{ .Values.domain }}{{ end }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ .Release.Name }}-service-web
+                port:
+                  number: 80
+
+    - host: api.{{ .Values.domain }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ .Release.Name }}-service-web
+                port:
+                  number: 80
+
+    - host: {{ .Values.domain }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ .Release.Name }}-service-web
+                port:
+                  number: 80
 {{- end }}
diff --git a/osm-seed/templates/web/web-service.yaml b/osm-seed/templates/web/web-service.yaml
@@ -2,46 +2,40 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "osm-seed.fullname" . }}-web
+  name: {{ .Release.Name }}-service-web
   labels:
     app: {{ template "osm-seed.name" . }}
     component: web-service
     environment: {{ .Values.environment }}
     release: {{ .Release.Name }}
   annotations:
-    {{- if eq .Values.serviceType "LoadBalancer" }}
+    {{- if and (eq .Values.serviceType "LoadBalancer") (eq .Values.ingressClassNameType "nlb") }}
+    # NLB
+    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
+    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
     service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300"
-    {{- end }}
-    {{- if and (eq .Values.serviceType "LoadBalancer") .Values.AWS_SSL_ARN }}
+    {{- if .Values.AWS_SSL_ARN }}
     service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Values.AWS_SSL_ARN }}
-    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
-    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https    
-    {{- end }}
-    {{- if eq .Values.serviceType "ClusterIP" }}
-    cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer
-    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
-    {{- else }}
-    fake.annotation: fake
+    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
+    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
     {{- end }}
-    {{- with .Values.web.serviceAnnotations }}
-    {{- toYaml . | nindent 4 }}
     {{- end }}
-
 spec:
-  type: {{ .Values.serviceType }}
+  # ALB -> should be ClusterIP; NLB -> LoadBalancer
+  type: {{ if eq .Values.ingressClassNameType "nlb" }}{{ default "LoadBalancer" .Values.serviceType }}{{ else }}ClusterIP{{ end }}
+  selector:
+    app: {{ template "osm-seed.name" . }}
+    release: {{ .Release.Name }}
+    run: {{ .Release.Name }}-web
   ports:
-    - port: 80
+    - name: http
+      port: 80
       targetPort: http
       protocol: TCP
-      name: http
-  {{- if and (eq .Values.serviceType "LoadBalancer") .Values.AWS_SSL_ARN }}
-    - port: 443
+    {{- if and (eq .Values.ingressClassNameType "nlb") .Values.AWS_SSL_ARN }}
+    - name: https
+      port: 443
       targetPort: http
       protocol: TCP
-      name: https
-  {{- end }}
-  selector:
-    app: {{ template "osm-seed.name" . }}
-    release: {{ .Release.Name }}
-    run: {{ .Release.Name }}-web
-{{- end }}
+    {{- end }}
+{{- end }}
