I have configured amazon certificate manager, ALB Ingress Controller and a domain names for my application. I can access my application through port 80 and port 443 (all certificates works just fine). However I would like to redirect all coming traffic from HTTP to HTTPS automatically so that people who typed the domain name by itself is redirected to HTTPS. I have followed this page and this onebut I cannot make it work
this is my ingress.yaml file:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: metabase
namespace: bigdata
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:***:certificate/***
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/scheme: internet-facing
labels:
app: metabase
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /*
backend:
serviceName: metabase
servicePort: 3000
this is my service:
apiVersion: v1
kind: Service
metadata:
name: metabase
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:****:certificate/****
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
namespace: bigdata
labels:
app: metabase
spec:
ports:
- name: https
protocol: TCP
port: 443
targetPort: http-server
- name: http
protocol: TCP
port: 80
targetPort: http-server
selector:
app: metabase
type: LoadBalancer
ad this is my deployment:
apiVersion: apps/v1
kind: Deployment
metadata:
name: metabase-deployment
namespace: bigdata
labels:
app: metabase
spec:
replicas: 2
selector:
matchLabels:
app: metabase
template:
metadata:
labels:
app: metabase
spec:
containers:
- name: metabase
image: metabase/metabase
ports:
- containerPort: 3000
name: http-server
resources:
limits:
cpu: "1"
memory: "2Gi"
thanks for your support! :-)
Configuring a SSL redirect it is also pretty straightforward but involves two steps: First you need to annotate the Ingres with alb.ingress.kubernetes.io/actions.ssl-redirect telling that you want to redirect traffic to HTTPS:
Before deploying ingress, you need to create a kubernetes secret to host the certificate and private key. You can create a kubernetes secret by running Define the following ingress. In the ingress, specify the name of the secret in the secretName section. Replace <guestbook-secret-name> in the above Ingress Resource with the name of your secret.
One of the beauties of using an ALB Ingress controller on AWS is that you can configure SSL certificates for your Ingress by just defining you want to use HTTPS But this is going to serve the same content using HTTP and HTTPS. Configuring a SSL redirect it is also pretty straightforward but involves two steps:
Without a Kubernetes Ingress Resource, the service is not accessible from outside the AKS cluster. We will use the application and setup Ingress Resources to access the application through HTTP and HTTPS.
I was able to make it work!! basically I modified the ingress.yaml and service.yaml files
ingress.yaml looks like this:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: metabase
namespace: bigdata
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:***:certificate/****
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/group: metabase # name of my app
labels:
app: metabase
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /*
backend:
serviceName: metabase
servicePort: 443
and my service looks like this:
apiVersion: v1
kind: Service
metadata:
name: metabase
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:***:certificate/***
namespace: bigdata
labels:
app: metabase
spec:
ports:
- name: https
protocol: TCP
port: 443
targetPort: http-server
- name: http
protocol: TCP
port: 80
targetPort: http-server
selector:
app: metabase
type: LoadBalancer
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With