I am trying to route all HTTP
traffic to HTTPS
. I have a ALB ingress resource and following the guide here https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/tasks/ssl_redirect/#how-it-works but its not working. When i try to access http://www.myhost.in it stays with http but does not redirect to https
below is my ingress resource file
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: eks-learning-ingress
namespace: production
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/certificate-arn: arn878ef678df
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
labels:
app: eks-learning-ingress
spec:
rules:
- host: www.myhost.in
http:
paths:
- path: /*
backend:
serviceName: eks-learning-service
servicePort: 80
Any help in this would be really great, Thanks.
For anyone stumbling on this post. I was missing adding this as my http paths. Have in mind this needs to be the first specified path.
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
Once i added this redirection started working.
So the final config in question should look like this:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: eks-learning-ingress
namespace: production
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/certificate-arn: arn878ef678df
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
labels:
app: eks-learning-ingress
spec:
rules:
- host: www.myhost.in
http:
paths:
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /*
backend:
serviceName: eks-learning-service
servicePort: 80
In case anyone else is setting up a cluster with a newer API version; apiVersion: networking.k8s.io/v1
, where the syntax is different, this is the way to go:
- path: /
pathType: Prefix
backend:
service:
name: ssl-redirect
port:
name: use-annotation
Note: path
must not contain a wildcard, as you are using pathType: Prefix
that will fail to configure the ALB.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With