#
# Note: Make sure AWS Load Balancer Controller is installed and configured
#       https://kubernetes-sigs.github.io/aws-load-balancer-controller
#       also, make istio-ingressgateway service as NodePort in istio-system namespace.
#
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/healthcheck-path: /healthz/ready
    alb.ingress.kubernetes.io/healthcheck-port: status-port
    alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
    alb.ingress.kubernetes.io/backend-protocol: HTTPS
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    {{- if .Values.certificate_arn }}
    alb.ingress.kubernetes.io/actions.ssl-redirect: |
      {
        "Type": "redirect", 
        "RedirectConfig": { 
          "Protocol": "HTTPS", 
          "Port": "443", 
          "StatusCode": "HTTP_301"
        }
      }
    alb.ingress.kubernetes.io/certificate-arn: |
      {{ .Values.certificate_arn }}
    {{- end }}
  name: gw-ingress
  namespace: istio-system
spec:
  rules:
  {{- if .Values.host }}
  - host: {{ .Values.host }}
    http:   
  {{- else }}
  - http:
  {{- end }}
      paths:
     {{- if .Values.certificate_arn }}      
      - backend:
          service:
            name: ssl-redirect
            port: 
              name: use-annotation
        path: /    
        pathType: Prefix  
      {{- end }}  
      - backend:
          service:
            name: istio-ingressgateway
            port: 
              number: 443
        path: /
        pathType: Prefix