Add HTTP-to-HTTPS redirect for Envoy Gateway deployment
What does this MR do?
Add HTTP-to-HTTPS redirect for Envoy Gateway deployment
The Ingress NGINX controller redirects HTTP to HTTPS by default, but the Envoy Gateway deployment did not have this behavior. This adds a global HTTP-to-HTTPS redirect using the Gateway API RequestRedirect filter, matching NGINX's default behavior:
- Add httpToHttpsRedirect toggle (default true) to values.yaml
- Create a single HTTP listener on port 80 for the managed Gateway, reusing the certmanager-http listener when configureCertmanager is enabled to avoid duplicate port 80 listeners
- Create an HTTPRoute with a 301 redirect filter from HTTP to HTTPS
- We do not redirect when the Gateway is externally managed
This does not create the redirect rule for externally managed Gateway:
- We cannot reliably determine if HTTPS is enabled
- We need a
sectionNamefrom the Gateway for the redirect rule
Related issues
Closes: #6285 (closed)
Author checklist
For general guidance, please follow our Contributing guide.
Required
For anything in this list which will not be completed, please provide a reason in the MR discussion.
- Merge Request Title and Description are up to date, accurate, and descriptive.
- MR targeting the appropriate branch.
- MR has a green pipeline.
- Documentation created/updated.
- Tests added/updated, and test plan for scenarios not covered by automated tests.
- Equivalent MR/issue for omnibus-gitlab opened.
Reviewers checklist
- MR has a green pipeline on https://gitlab.com/gitlab-org/charts/gitlab.
- Consider downstream impact to the Operator, as per evaluating impact from changes to GitLab chart.
Edited by Clemens Beck