From 7afe4e54232cd1978a2d865e216c9363114822d8 Mon Sep 17 00:00:00 2001 From: Nick Andreano Date: Wed, 28 Jan 2026 16:09:41 -0400 Subject: [PATCH] updated startup probe and ingress documentation --- charts/iap/values.yaml | 2 +- docs/ingress.md | 26 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/charts/iap/values.yaml b/charts/iap/values.yaml index af4bea5..0e3d943 100644 --- a/charts/iap/values.yaml +++ b/charts/iap/values.yaml @@ -301,7 +301,7 @@ readinessProbe: # probe has succeeded once, the liveness probe takes over. startupProbe: enabled: true - initialDelaySeconds: 90 + initialDelaySeconds: 180 periodSeconds: 30 timeoutSeconds: 10 failureThreshold: 3 diff --git a/docs/ingress.md b/docs/ingress.md index db20d2e..9a267bc 100644 --- a/docs/ingress.md +++ b/docs/ingress.md @@ -68,6 +68,32 @@ ingress: alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=3600 ``` +**SSL/TLS Certificate Configuration:** + +For SSL/TLS termination at the ALB level, specify an AWS Certificate Manager (ACM) certificate using the `certificate-arn` annotation: + +```yaml +annotations: + alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:region:account-id:certificate/certificate-id" +``` + +The `certificate-arn` annotation: +- Specifies the ARN (Amazon Resource Name) of an ACM certificate +- Enables SSL/TLS termination at the load balancer +- Supports multiple certificates by providing comma-separated ARNs +- The certificate must be in the same AWS region as the ALB +- Requires the ALB to have HTTPS listeners configured (via `listen-ports`) + +**Example with certificate:** + +```yaml +ingress: + annotations: + alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012" + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]' + alb.ingress.kubernetes.io/ssl-policy: "ELBSecurityPolicy-TLS-1-2-2017-01" +``` + #### NGINX Ingress Controller - Alternative Option For environments where ALB is not available or preferred, NGINX Ingress Controller can be used as an alternative.