diff --git a/docs/install/kubernetes/aws.md b/docs/install/kubernetes/aws.md index a157723046..a519f33720 100644 --- a/docs/install/kubernetes/aws.md +++ b/docs/install/kubernetes/aws.md @@ -114,6 +114,7 @@ controller: configNameSpace: $(POD_NAMESPACE)/udp-services config: proxy-body-size: "0" + use-proxy-protocol: true service: # AWS Annotations for LoadBalaner with Certificate ARN annotations: @@ -122,9 +123,11 @@ controller: service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443" service.beta.kubernetes.io/aws-load-balancer-type: "nlb" service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "120" + service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: proxy_protocol_v2.enabled=true # TLS (https) terminated at ELB, so internal endpoint is 'http' targetPorts: https: http + externalTrafficPolicy: Cluster ingressClassResource: default: true ``` diff --git a/docs/install/kubernetes/aws_terraform.md b/docs/install/kubernetes/aws_terraform.md index 5ced347305..7c7859773e 100644 --- a/docs/install/kubernetes/aws_terraform.md +++ b/docs/install/kubernetes/aws_terraform.md @@ -213,6 +213,7 @@ controller: configNameSpace: $(POD_NAMESPACE)/udp-services config: proxy-body-size: "0" + use-proxy-protocol: true service: # AWS Annotations for LoadBalaner with Certificate ARN annotations: @@ -221,9 +222,11 @@ controller: service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443" service.beta.kubernetes.io/aws-load-balancer-type: "nlb" service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "120" + service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: proxy_protocol_v2.enabled=true # TLS (https) terminated at ELB, so internal endpoint is 'http' targetPorts: https: http + externalTrafficPolicy: Cluster ingressClassResource: default: true ``` diff --git a/docs/install/kubernetes/digital-ocean.md b/docs/install/kubernetes/digital-ocean.md index 0de099ab1e..4a0eef8845 100644 --- a/docs/install/kubernetes/digital-ocean.md +++ b/docs/install/kubernetes/digital-ocean.md @@ -47,6 +47,8 @@ helm --kubeconfig=./k8s-flowforge-kubeconfig.yaml install nginx-ingress \ --set controller.publishService.enabled=true \ --set controller.ingressClassResource.default=true \ --set controller.config.proxy-body-size="0" \ + --set controller.config.use-proxy-protocol="true" \ + --set controller.service.annotations."service\.beta\.kubernetes\.io\/do-loadbalancer-enable-proxy-protocol"="true" \ --wait ``` diff --git a/docs/upgrade/README.md b/docs/upgrade/README.md index 5bdd0f6499..5ac51f01e8 100644 --- a/docs/upgrade/README.md +++ b/docs/upgrade/README.md @@ -24,6 +24,30 @@ Details of how to upgrade can be found for each deployment model: - [Kubernetes](../install/kubernetes/README.md#upgrade) +### Upgrading to 2.6.0 + + +#### Required AWS EKS configuration change + +This release introduces the new Embedded Editor which integrates the Node-RED editor with the FlowFuse dashboard when using Node-RED 4.0. This has required some changes to be made on how certain HTTP headers are passed between the NGINX Ingress controller and AWS NLB. + +The following configuration change must be applied otherwise users will not be able to login to Node-RED 4.0 instances. + +The following configuration needs to be added in the values passed to the ingress-nginx helm chart. See [full configuration](https://flowfuse.com/docs/install/kubernetes/aws/#nginx-ingress) for the reference. + +``` +controller: + config: + use-proxy-protocol: true + service: + annotations: + service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: proxy_protocol_v2.enabled=true + externalTrafficPolicy: Cluster +``` + +The Proxy Protocol feature will be enabled only on newly created Target Groups. +To enable the Proxy Protocol on an existing Target Group, manual intervention is required. For detailed instructions, please refer to the [official AWS documentation](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#enable-proxy-protocol). + ### Upgrading to 2.0.0 > **⚠️** Breaking changes introduced!