loading...

Practical way to setup redirect HTTP to HTTPS with AWS EKS

iilness2 profile image Andre Aliaman Updated on ・3 min read

AWS+K8S=EKS Series (5 Part Series)

1) Practical Basic Approach for Running AWS EKS with Existing VPC 2) Practical Approach Setup CockroachDB secured and insecured mode with AWS EKS 3) Practical way to setup redirect HTTP to HTTPS with AWS EKS 4) Practical Way How to Routing Requests to External Services Outside of K8s Services with ALB & EKS 5) 3 Practical Way How to Restrict the Access to Our Load Balancer(NLB/ALB) on AWS EKS

Before you read this, the first thing you need is to setup AWS EKS cluster at your AWS account. If you want to deploy at your existing VPC, please follow this tutorial:setup aws eks with existing vpc

Recently, I have a problem when I need to setup HTTP to HTTPS at AWS EKS. All the tutorial to setup is not working as results.

After doing all the debug steps, I realized something. All the LB created from EKS, always have some type, all of them are classic. Even when you already add alb with this annotation.

    kubernetes.io/ingress.class: alb

So after doing other research and having trials and errors, one thing you should do is setup an alb ingress controller before doing another thing. You just need to follow the 9 steps sequentially from this documentation. Straightforward.
alb ingress controller setup

After that, you can start deploying your first ALB with Kubernetes. Since it will create another AWS LB, you need to pay attention to your setup because your existing won't be applicable with SSL and need to have some adjustment.

In ALB ingress setup itself, you can choose to follow from one of this documentation.kubernetes aws docs or follow this aws docs, especially from step number 7. Or you can just use my config below:

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: your-ingress-name
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/certificate-arn: input-your-arn-from-youracm
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/group: your-target-group-name
    alb.ingress.kubernetes.io/target-type: ip | instance choose one
  labels:
    app: your-app-name
spec:
  rules:
   - host: your-domain-service-name
     http:
        paths:
          - path: /*
            backend:
              serviceName: ssl-redirect
              servicePort: use-annotation
          - path: /*
            backend:
              serviceName: your-service-name
              servicePort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: your-service-name
  labels:
    app: your-service-label
spec:
  selector:
    app: your-app-name
  ports:
    - name: http
      port: 80
      targetPort: http
    - name: https
      port: 443
      targetPort: http
  type: LoadBalancer | NodePort Choose one

One thing that you need to know when we want to create new ALB from EKS is that, service spec type can only support LoadBalancer and NodePort. It won't support ClusterIP.

If you follow my config, you need to do two things. First, you need to create an SSL at ACM first since you need to point the SSL and to the ingress. And second one you need to do is pointing our new ALB for AWS EKS to the domain name, If you don't do that, it won't work.

I think that's it for now for this article. Leave a comment below about your thoughts! Thanks.

NOTE: This article I use for DEMO at my AWS Online talk at here and the presentation can see here

AWS+K8S=EKS Series (5 Part Series)

1) Practical Basic Approach for Running AWS EKS with Existing VPC 2) Practical Approach Setup CockroachDB secured and insecured mode with AWS EKS 3) Practical way to setup redirect HTTP to HTTPS with AWS EKS 4) Practical Way How to Routing Requests to External Services Outside of K8s Services with ALB & EKS 5) 3 Practical Way How to Restrict the Access to Our Load Balancer(NLB/ALB) on AWS EKS

Posted on by:

iilness2 profile

Andre Aliaman

@iilness2

Devops Guy, AWS, Container, CI/CD, Automation stuff. Opinions on my own

Discussion

markdown guide