From 83a113eccdef8cdca707bbec3197e89e9021a56e Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Sat, 23 Nov 2024 23:15:14 +0800
Subject: [PATCH] fix(ingress-nginx): rm L7 HTTP 80 netpols, force-ssl-redirect

---
 .../core/ingress/ingress-nginx/app/common-values.yaml       | 1 +
 kube/deploy/core/ingress/ingress-nginx/app/netpol.yaml      | 6 ------
 2 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/kube/deploy/core/ingress/ingress-nginx/app/common-values.yaml b/kube/deploy/core/ingress/ingress-nginx/app/common-values.yaml
index 2e030c99..1699684c 100644
--- a/kube/deploy/core/ingress/ingress-nginx/app/common-values.yaml
+++ b/kube/deploy/core/ingress/ingress-nginx/app/common-values.yaml
@@ -18,6 +18,7 @@ controller:
     disable-access-log: "false"
     log-format-escape-json: "true"
     # hardening
+    force-ssl-redirect: "true"
     hsts-max-age: "31449600"
     hsts-preload: "true"
     ssl-protocols: "TLSv1.3 TLSv1.2"
diff --git a/kube/deploy/core/ingress/ingress-nginx/app/netpol.yaml b/kube/deploy/core/ingress/ingress-nginx/app/netpol.yaml
index 4ffd3208..97156548 100644
--- a/kube/deploy/core/ingress/ingress-nginx/app/netpol.yaml
+++ b/kube/deploy/core/ingress/ingress-nginx/app/netpol.yaml
@@ -30,9 +30,6 @@ spec:
         - ports:
             - port: "80"
               protocol: TCP
-          rules:
-            http:
-              - {}
         - ports:
             - port: "443"
               protocol: TCP
@@ -155,9 +152,6 @@ spec:
               protocol: TCP
             - port: "80"
               protocol: TCP
-          rules:
-            http:
-              - {}
     # connect to Rook-Ceph RGW/S3 object store in-cluster
     - toServices:
         - k8sServiceSelector: