fix(mozcloud): Allow frontendConfig redirect overrides (remove default hardcode http>https redirect)#290
Merged
Merged
Conversation
…t hardcode http>https redirect)
Chart Version PreviewThe following charts will be bumped when this PR is merged:
Apply |
…t hardcode http>https redirect); remove deprecated flag from unit test
…t hardcode http>https redirect); bumping chart version
…t hardcode http>https redirect); bumping chart version in README files
grahamalama
requested changes
Jun 23, 2026
grahamalama
left a comment
grahamalama
left a comment
Contributor
There was a problem hiding this comment.
Could you provide:
- a description for this PR -- what's changing and why?
- some documentation for how to add this config. Don't know the best place for that at the moment. Perhaps commented out in a values.yaml file if there's no better place?
| # mozcloud | ||
|
|
||
|   | ||
|   |
Contributor
There was a problem hiding this comment.
I'm pretty sure you want to remove these chart bump changes in the READMEs and charts themselves and let the automated release process handle that.
Addresses PR feedback: - Reverts chart-version bumps and helm-docs README regenerations on the three touched charts (mozcloud, mozcloud-ingress-lib, mozcloud-ingress). The repo's automated release process handles version bumps and README regeneration; doing it manually conflicts with that flow. - Adds a commented-out frontendConfig example block to mozcloud/application/values.yaml under the host configuration, between the existing tls and options blocks. Documents when to use the field (migration support, not new applications), the defaults that apply when unset, and the special case where responseCodeName is omitted from the render when redirect is disabled.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
What
Adds per-host frontendConfig overrides to mozcloud so tenants can set
redirectToHttps.enabled, redirectToHttps.responseCodeName, and sslPolicy
on individual hosts. Defaults are unchanged — tenants who don't specify these options see no behavior change.
Two bugs prevented the override capability the library already mentioned from
actually working:
Surfaced while migrating bouncer prod (MZCLD-2307), which intentionally serves HTTP directly without an LB-side redirect and needs to maintain that legacy behavior.
When redirectToHttps.enabled: false, responseCodeName is omitted from the rendered spec (matches the legacy chart shape so migrations get a byte-identical FrontendConfig).
Also drops the deprecated --verify=false flag from the helm-unittest install in CI / Makefile (it was removed in helm 3.13+ and was breaking the unit-test job).
Related Tickets & Documents