How to force SSL for Kubernetes Ingress on GKE

ssl kubernetes google-kubernetes-engine kubernetes-ingress
Simon Heinzle picture Simon Heinzle · May 3, 2016 · Viewed 32.5k times · Source

Is there a way to force an SSL upgrade for incoming connections on the ingress load-balancer? Or if that is not possible with, can I disable port :80? I haven't found a good documentation pages that outlines such an option in the YAML file. Thanks a lot in advance!

Answer

Prashanth B picture Prashanth B · May 9, 2016

https://github.com/kubernetes/ingress-gce#frontend-https

You can block HTTP through the annotation kubernetes.io/ingress.allow-http: "false" or redirect HTTP to HTTPS by specifying a custom backend. Unfortunately GCE doesn't handle redirection or rewriting at the L7 layer directly for you, yet. (see https://github.com/kubernetes/ingress-gce#ingress-cannot-redirect-http-to-https)

Update: GCP now handles redirection rules for load balancers, including HTTP to HTTPS. There doesn't appear to be a method to create these through Kubernetes YAML yet.

Related questions

How to get ssl on a kubernetes application?

I have a simple meteor app deployed on kubernetes. I associated an external IP address with the server, so that it's accessible from within the cluster. Now, I am up to exposing it to the internet and securing it (using …

Read More
Kubernetes NGINX Ingress Controller not picking up TLS Certificates

I setup a new kubernetes cluster on GKE using the nginx-ingress controller. TLS is not working, it's using the fake certificates. There is a lot of configuration detail so I made a repo - https://github.com/jobevers/test_ssl_…

Read More
How do I make an HTTPS call in a Busybox Docker container running Go?

I am trying to make an HTTPS call in a Docker container running a Go binary. This gives me the following error: x509: failed to load system roots and no roots provided Having looked this up, it seems the problem …

Read More