I am using terraform to deploy a kube cluster to Google Kubernetes Engine.
Here is my ingress config - both http and https are working but I want http to auto redirect to https
resource "kubernetes_ingress_v1" "ingress" {
wait_for_load_balancer = true
metadata {
name = "ingress"
}
spec {
default_backend {
service {
name = kubernetes_service.frontend_service.metadata[0].name
port {
number = 80
}
}
}
rule {
http {
path {
backend {
service {
name = kubernetes_service.api_service.metadata[0].name
port {
number = 80
}
}
}
path = "/api/*"
}
path {
backend {
service {
name = kubernetes_service.api_service.metadata[0].name
port {
number = 80
}
}
}
path = "/api"
}
}
}
tls {
secret_name = "tls-secret"
}
}
depends_on = [kubernetes_secret_v1.tls-secret, kubernetes_service.frontend_service, kubernetes_service.api_service]
}
How can I configure the ingress to auto redirect from http to https?
CodePudding user response:
One of the ways to have the HTTP->HTTPS redirection is to use nginx-ingress. You can deploy it with official documentation.
This Ingress controller will create a service of type LoadBalancer which will be the entry point for your traffic. Ingress objects will respond on LoadBalancer IP. You can download the manifest from the installation part and modify it to support the static IP you have requested in GCP.
You will need to provide your own certificates or use tools like cert-manager to have HTTPS traffic as the annotation: networking.gke.io/managed-certificates will not work with nginx-ingress.
Use this YAML definition and without any other annotations I was always redirected to the HTTPS:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
kubernetes.io/ingress.class: "nginx" # IMPORTANT
spec:
tls: # HTTPS PART
- secretName: ssl-certificate # SELF PROVIDED CERT NAME
rules:
- host:
http:
paths:
- path: /
backend:
serviceName: hello-service
servicePort: hello-port
Refer to the stackpost for more information and there is also a Feature Request for it here
CodePudding user response:
The following worked for me - I got my hints from https://github.com/hashicorp/terraform-provider-kubernetes/issues/1326#issuecomment-910374103
resource "kubernetes_manifest" "app-frontend-config" {
manifest = {
apiVersion = "networking.gke.io/v1beta1"
kind = "FrontendConfig"
metadata = {
name = "ingress-fc"
}
spec = {
redirectToHttps = {
enabled = true
}
}
}
}
resource "kubernetes_ingress_v1" "ingress" {
wait_for_load_balancer = true
metadata {
name = "ingress"
annotations = {
"networking.gke.io/v1beta1.FrontendConfig" = kubernetes_manifest.app-frontend-config.object.metadata.name
}
}
spec {
default_backend {
service {
name = kubernetes_service.frontend_service.metadata[0].name
port {
number = 80
}
}
}
rule {
http {
path {
backend {
service {
name = kubernetes_service.api_service.metadata[0].name
port {
number = 80
}
}
}
path = "/api/*"
}
path {
backend {
service {
name = kubernetes_service.api_service.metadata[0].name
port {
number = 80
}
}
}
path = "/api"
}
}
}
tls {
secret_name = "tls-secret"
}
}
depends_on = [kubernetes_secret_v1.tls-secret, kubernetes_service.frontend_service, kubernetes_service.api_service]
}