Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

how to redirect http to https using a kubernetes ingress controller on Amazon EKS

I have configured amazon certificate manager, ALB Ingress Controller and a domain names for my application. I can access my application through port 80 and port 443 (all certificates works just fine). However I would like to redirect all coming traffic from HTTP to HTTPS automatically so that people who typed the domain name by itself is redirected to HTTPS. I have followed this page and this onebut I cannot make it work

this is my ingress.yaml file:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: metabase
  namespace: bigdata
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:***:certificate/***
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
    alb.ingress.kubernetes.io/scheme: internet-facing

  labels:
    app: metabase
spec:
  rules:
    - http:
        paths:
          - path: /*
            backend:
              serviceName: ssl-redirect
              servicePort: use-annotation
          - path: /*
            backend:
              serviceName: metabase
              servicePort: 3000

this is my service:

apiVersion: v1
kind: Service
metadata:
  name: metabase
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:****:certificate/****
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
  namespace: bigdata
  labels:
    app: metabase
spec:
  ports:
    - name: https
      protocol: TCP
      port: 443
      targetPort: http-server
    - name: http
      protocol: TCP
      port: 80
      targetPort: http-server
  selector:
    app: metabase
  type: LoadBalancer

ad this is my deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: metabase-deployment
  namespace: bigdata
  labels:
    app: metabase
spec:
  replicas: 2
  selector:
    matchLabels:
      app: metabase
  template:
    metadata:
      labels:
        app: metabase
    spec:
      containers:
        - name: metabase
          image: metabase/metabase
          ports:
            - containerPort: 3000
              name: http-server
          resources:
            limits:
              cpu: "1"
              memory: "2Gi"

thanks for your support! :-)

like image 552
juanp_1982 Avatar asked Sep 17 '19 18:09

juanp_1982


People also ask

How to configure SSL redirect in Kubernetes?

Configuring a SSL redirect it is also pretty straightforward but involves two steps: First you need to annotate the Ingres with alb.ingress.kubernetes.io/actions.ssl-redirect telling that you want to redirect traffic to HTTPS:

How to create a Kubernetes secret for ingress?

Before deploying ingress, you need to create a kubernetes secret to host the certificate and private key. You can create a kubernetes secret by running Define the following ingress. In the ingress, specify the name of the secret in the secretName section. Replace <guestbook-secret-name> in the above Ingress Resource with the name of your secret.

How to configure SSL certificate for Alb ingress on AWS?

One of the beauties of using an ALB Ingress controller on AWS is that you can configure SSL certificates for your Ingress by just defining you want to use HTTPS But this is going to serve the same content using HTTP and HTTPS. Configuring a SSL redirect it is also pretty straightforward but involves two steps:

How do I access ingress from outside the AKS cluster?

Without a Kubernetes Ingress Resource, the service is not accessible from outside the AKS cluster. We will use the application and setup Ingress Resources to access the application through HTTP and HTTPS.


1 Answers

I was able to make it work!! basically I modified the ingress.yaml and service.yaml files

ingress.yaml looks like this:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: metabase
  namespace: bigdata
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:***:certificate/****
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/group: metabase # name of my app

  labels:
    app: metabase

spec:
  rules:
    - http:
        paths:
          - path: /*
            backend:
              serviceName: ssl-redirect
              servicePort: use-annotation
          - path: /*
            backend:
              serviceName: metabase
              servicePort: 443

and my service looks like this:

apiVersion: v1
kind: Service
metadata:
  name: metabase
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:***:certificate/***
  namespace: bigdata
  labels:
    app: metabase
spec:
  ports:
    - name: https
      protocol: TCP
      port: 443
      targetPort: http-server
    - name: http
      protocol: TCP
      port: 80
      targetPort: http-server
  selector:
    app: metabase
  type: LoadBalancer
like image 87
juanp_1982 Avatar answered Sep 17 '22 21:09

juanp_1982