I have configured amazon certificate manager, ALB Ingress Controller and a domain names for my application. I can access my application through port 80 and port 443 (all certificates works just fine). However I would like to redirect all coming traffic from HTTP to HTTPS automatically so that people who typed the domain name by itself is redirected to HTTPS. I have followed this page and this onebut I cannot make it work
this is my ingress.yaml file:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: metabase
namespace: bigdata
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:***:certificate/***
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/scheme: internet-facing
labels:
app: metabase
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /*
backend:
serviceName: metabase
servicePort: 3000
this is my service:
apiVersion: v1
kind: Service
metadata:
name: metabase
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:****:certificate/****
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
namespace: bigdata
labels:
app: metabase
spec:
ports:
- name: https
protocol: TCP
port: 443
targetPort: http-server
- name: http
protocol: TCP
port: 80
targetPort: http-server
selector:
app: metabase
type: LoadBalancer
ad this is my deployment:
apiVersion: apps/v1
kind: Deployment
metadata:
name: metabase-deployment
namespace: bigdata
labels:
app: metabase
spec:
replicas: 2
selector:
matchLabels:
app: metabase
template:
metadata:
labels:
app: metabase
spec:
containers:
- name: metabase
image: metabase/metabase
ports:
- containerPort: 3000
name: http-server
resources:
limits:
cpu: "1"
memory: "2Gi"
thanks for your support! :-)
You need to use the nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
annotation:
When using SSL offloading outside of cluster (e.g. AWS ELB) it may be useful to enforce a redirect to HTTPS even when there is no TLS certificate is available. This can be achieved by using the
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
annotation in the particular resource.