My asp.net core web application has redirection applied on statup.cs as:
app.UseHttpsRedirection();
The problem arises when I host it on kubernetes where this redirection does not happens. The app opens on both http and https url.
I am hosting the app on local kubernetes cluster on my pc having kali linus.
This is the ingress which i am using:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: first-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- secretName: ssl
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: first-service
port:
number: 8080
The ingress on opens 2 ports which are - 80, 443.
How should the redirection be done in such a case?
The deployment is:
apiVersion: apps/v1
kind: Deployment
metadata:
name: first-dep
labels:
app: aspnet-core-app
spec:
replicas: 1
selector:
matchLabels:
component: web
template:
metadata:
labels:
component: web
spec:
containers:
- name: csimpleweb
image: simpleweb
imagePullPolicy: Never
ports:
- containerPort: 80
The Service is:
apiVersion: v1
kind: Service
metadata:
name: first-service
spec:
type: NodePort
selector:
component: web
ports:
- port: 8080
targetPort: 80
So in summary I want to ask the following:
- How redirection works in k8s ASP.NET Core. The redirection does not work in my case where I have applied the redirection on the app.
- Should the redirection be done on ingress if so how. In that case I think we have remove app.UseHttpsRedirection() from the app.
- What docker container ports, which the pods will host, we have to open and how?
Thank you
CodePudding user response:
I'm not a Kubernetes guru but it appears that the job of the ingress controller is to act the same as a reverse proxy to the application and terminates (last stop) the SSL connection. So by default K8's is taking some control away from the application correctly.
There are multiple places you can cause an http -> https redirect. In order:
- Content Delivery Network (CDN Edge)
- Load Balancer
- Proxy Web Server (IIS, Apache, Nginx or Kubernetes ingress controller falls here in this case)
- Kestrel
The sooner you can cause this redirect generally the faster the response to the end user.
So while you can allow the traffic to reach allll the way to the application to process the request, you should prefer to do it sooner if and when possible.
CodePudding user response:
According to my research I found the following way.
- Remove the redirection from an ASP.NET Core app when we host it to kubernetes.
- Apply the redirect to Ingress itself. By adding the following 2 lines to it:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
So my ingress code becomes:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: first-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
tls:
- secretName: ssl
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: first-service
port:
number: 8080
Let me know your thoughts. If you have a better answer the kindly add a new answer on the question.