From 6f7ae1eabcea23e360543920040953c29f3cd93b Mon Sep 17 00:00:00 2001
From: Lai Jiang <jianglai@google.com>
Date: Tue, 18 Feb 2025 11:57:18 -0500
Subject: [PATCH] Redirect HTTP to HTTPS (#2679)

This opens up port 80 on the load balancer IP and upgrades all HTTP
request to HTTPS.

TESTED=tested on alpha.
---
 jetty/kubernetes/gateway/nomulus-gateway.yaml | 22 +++++++++++++++++++
 .../gateway/nomulus-route-backend.yaml        |  1 +
 .../gateway/nomulus-route-console.yaml        |  1 +
 .../gateway/nomulus-route-frontend.yaml       |  1 +
 .../gateway/nomulus-route-pubapi.yaml         |  1 +
 5 files changed, 26 insertions(+)

diff --git a/jetty/kubernetes/gateway/nomulus-gateway.yaml b/jetty/kubernetes/gateway/nomulus-gateway.yaml
index dee85c876..e59b3fb1d 100644
--- a/jetty/kubernetes/gateway/nomulus-gateway.yaml
+++ b/jetty/kubernetes/gateway/nomulus-gateway.yaml
@@ -5,6 +5,12 @@ metadata:
 spec:
   gatewayClassName: gke-l7-global-external-managed-mc
   listeners:
+  - name: http
+    protocol: HTTP
+    port: 80
+    allowedRoutes:
+      kinds:
+      - kind: HTTPRoute
   - name: https
     protocol: HTTPS
     port: 443
@@ -15,3 +21,19 @@ spec:
     allowedRoutes:
       kinds:
       - kind: HTTPRoute
+---
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: HTTPRoute
+metadata:
+  name: redirect
+spec:
+  parentRefs:
+  - kind: Gateway
+    name: nomulus
+    sectionName: http
+  rules:
+  - filters:
+    - type: RequestRedirect
+      requestRedirect:
+        scheme: https
+
diff --git a/jetty/kubernetes/gateway/nomulus-route-backend.yaml b/jetty/kubernetes/gateway/nomulus-route-backend.yaml
index c632a8cec..b8b0e1612 100644
--- a/jetty/kubernetes/gateway/nomulus-route-backend.yaml
+++ b/jetty/kubernetes/gateway/nomulus-route-backend.yaml
@@ -6,6 +6,7 @@ spec:
   parentRefs:
   - kind: Gateway
     name: nomulus
+    sectionName: https
   hostnames:
     - "backend.BASE_DOMAIN"
   rules:
diff --git a/jetty/kubernetes/gateway/nomulus-route-console.yaml b/jetty/kubernetes/gateway/nomulus-route-console.yaml
index e855f942d..c30f8e8c2 100644
--- a/jetty/kubernetes/gateway/nomulus-route-console.yaml
+++ b/jetty/kubernetes/gateway/nomulus-route-console.yaml
@@ -6,6 +6,7 @@ spec:
   parentRefs:
   - kind: Gateway
     name: nomulus
+    sectionName: https
   hostnames:
     - "console.BASE_DOMAIN"
   rules:
diff --git a/jetty/kubernetes/gateway/nomulus-route-frontend.yaml b/jetty/kubernetes/gateway/nomulus-route-frontend.yaml
index af40395f5..090c130d8 100644
--- a/jetty/kubernetes/gateway/nomulus-route-frontend.yaml
+++ b/jetty/kubernetes/gateway/nomulus-route-frontend.yaml
@@ -6,6 +6,7 @@ spec:
   parentRefs:
   - kind: Gateway
     name: nomulus
+    sectionName: https
   hostnames:
     - "frontend.BASE_DOMAIN"
   rules:
diff --git a/jetty/kubernetes/gateway/nomulus-route-pubapi.yaml b/jetty/kubernetes/gateway/nomulus-route-pubapi.yaml
index e0acfd283..6222929e1 100644
--- a/jetty/kubernetes/gateway/nomulus-route-pubapi.yaml
+++ b/jetty/kubernetes/gateway/nomulus-route-pubapi.yaml
@@ -6,6 +6,7 @@ spec:
   parentRefs:
   - kind: Gateway
     name: nomulus
+    sectionName: https
   hostnames:
     - "pubapi.BASE_DOMAIN"
   rules: