eks http https 使用入口重定向

Question

This is my ingress file , what I need is how to add https redirection settings here in ingress file , I did it using service file and it works but after to reduce costs I decided to use SINGLE ingress file which manage multiple services with SINGLE AWS CLASSIC load balancer.

   apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
      generation: 4
      name: brain-xx
      namespace: xx
    spec:
      rules:
      - host: app.xx.com
        http:
          paths:
          - backend:
              serviceName: xx-frontend-service
              servicePort: 443
            path: /
    status:
      loadBalancer:
        ingress:
        - ip: xx.xx.xx.xx

Answer 1

I have managed to create http to https redirection on GKE. Let me know if this solution will work for your case on AWS:

Steps to reproduce

• Apply Ingress definitions
• Configure basic HTTP ingress resource
• Create SSL certificate
• Replace old Ingress resource with HTTPS enabled one.

Apply Ingress definitions

Follow this Ingress link to check if there are any needed prerequisites before installing NGINX Ingress controller on your AWS infrastructure and install it.

Configure basic HTTP ingress resource and test it

Example below is Ingress configuration with HTTP traffic only. It will act as starting point:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-http
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
  - host: xx.yy.zz
    http:
      paths:
      - path: /
        backend:
          serviceName: hello-service
          servicePort: hello-port
      - path: /v2/ 
        backend: 
          serviceName: goodbye-service 
          servicePort: goodbye-port

Please change this file to reflect configuration appropriate to your case.

Create SSL certificate

For this to work without browser's security warnings you will need valid SSL certificate and a domain name.

To create this certificate you can use for example: Linode create Let's Encrypt SSL certificates .

Let's Encrypt will create files which will be used later.

Configure HTTPS ingress resource and test it

By default Nginx Ingress will create a self-signed certificate if he's not provided one. To provide him one you will need to add it as a secret to your Kubernetes cluster.

As I said earlier the files ( cert.pem privkey.pem ) that Let's Encrypt created will be added to Kubernetes to configure HTTPS.

Below command will use this files to create secret for Ingress:

$ kubectl create secret tls ssl-certificate --cert cert.pem --key privkey.pem

This Ingress configuration support HTTPS as well as redirects all the traffic to it:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-https
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
  tls:
  - secretName: ssl-certificate
  rules:
  - host: xx.yy.zz 
    http:
      paths:
      - path: /
        backend:
          serviceName: hello-service
          servicePort: hello-port
      - path: /v2/ 
        backend: 
          serviceName: goodbye-service 
          servicePort: goodbye-port 

Please change this file to reflect configuration appropriate to your case.

Take a look at this fragment which will enable HTTPS and redirect all the traffic to it:

    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
  tls:
  - secretName: ssl-certificate

Apply this configuration and check if it worked for you.

Below is part of curl output which shows that connecting to http://xx.yy.zz gives redirection to https://xx.yy.zz

< HTTP/1.1 308 Permanent Redirect
< Server: openresty/1.15.8.2
< Date: Fri, 20 Dec 2019 15:06:57 GMT
< Content-Type: text/html
< Content-Length: 177
< Connection: keep-alive
< Location: https://xx.yy.zz/