how to redirect http to https using a kubernetes ingress controller on Amazon EKS

kubernetes kubernetes-ingress amazon-eks
juanp_1982 picture juanp_1982 · Sep 17, 2019 · Viewed 11.3k times · Source

I have configured amazon certificate manager, ALB Ingress Controller and a domain names for my application. I can access my application through port 80 and port 443 (all certificates works just fine). However I would like to redirect all coming traffic from HTTP to HTTPS automatically so that people who typed the domain name by itself is redirected to HTTPS. I have followed this page and this onebut I cannot make it work

this is my ingress.yaml file:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: metabase
  namespace: bigdata
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:***:certificate/***
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
    alb.ingress.kubernetes.io/scheme: internet-facing

  labels:
    app: metabase
spec:
  rules:
    - http:
        paths:
          - path: /*
            backend:
              serviceName: ssl-redirect
              servicePort: use-annotation
          - path: /*
            backend:
              serviceName: metabase
              servicePort: 3000

this is my service:

apiVersion: v1
kind: Service
metadata:
  name: metabase
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:****:certificate/****
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
  namespace: bigdata
  labels:
    app: metabase
spec:
  ports:
    - name: https
      protocol: TCP
      port: 443
      targetPort: http-server
    - name: http
      protocol: TCP
      port: 80
      targetPort: http-server
  selector:
    app: metabase
  type: LoadBalancer

ad this is my deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: metabase-deployment
  namespace: bigdata
  labels:
    app: metabase
spec:
  replicas: 2
  selector:
    matchLabels:
      app: metabase
  template:
    metadata:
      labels:
        app: metabase
    spec:
      containers:
        - name: metabase
          image: metabase/metabase
          ports:
            - containerPort: 3000
              name: http-server
          resources:
            limits:
              cpu: "1"
              memory: "2Gi"

thanks for your support! :-)

Answer

Eduardo Baitello picture Eduardo Baitello · Sep 17, 2019

You need to use the nginx.ingress.kubernetes.io/force-ssl-redirect: "true" annotation:

When using SSL offloading outside of cluster (e.g. AWS ELB) it may be useful to enforce a redirect to HTTPS even when there is no TLS certificate is available. This can be achieved by using the nginx.ingress.kubernetes.io/force-ssl-redirect: "true" annotation in the particular resource.

Related questions

Kubernetes ingress-nginx gives 502 error (Bad Gateway)

I have an EKS cluster for which I want : - 1 Load Balancer per cluster, - Ingress rules to direct to the right namespace and the right service. I have been following this guide : https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes …

Read More
Updating kubernetes helm values

I'd like to update a value config for a helm release on my cluster. Something like helm update -f new_values.yml nginx-controller

Read More
Empty ADDRESS kubernetes ingress

I tried configuring ingress on my kubernetes cluster. I followed the documentation to install ingress controller and ran the following commands kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml kubectl apply -f https://raw.githubusercontent.…

Read More