Question
Kubernetes LoadBalncer http->https redirection does not work
- Posted January 1, 2020
- KubernetesLoad Balancing
Hi there!
I’m setting up Nginx ingress controller on my Kubernetes Cluster, and I can’t make http->https redirect to work.
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress-controller
labels:
component: "controller"
annotations:
service.beta.kubernetes.io/do-loadbalancer-protocol: "https"
service.beta.kubernetes.io/do-loadbalancer-certificate-id: "d6312b2d-c313-4b03-9030-ccc40f1afed5"
service.beta.kubernetes.io/do-loadbalancer-tls-passthrough: "false"
service.beta.kubernetes.io/do-loadbalancer-redirect-http-to-https: "true"
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: http
selector:
app: nginx-ingress
component: "controller"
type: "LoadBalancer"
As you can see in nginx ingress controller Service definition, I’m using correct annotation, however, when I visit http://mydomain.com, I get ERR_CONNECTION_REFUSED, instead of getting redirection to https.
When I use https://mydomain.com, it works as expected, i.e. response from ingress resource is rendered.
Did I configure nginx ingress correctly? What am I missing? Thank you.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
I had the same issue, using the same YAML as you. I solved it by adding the following annotation
service.beta.kubernetes.io/do-loadbalancer-protocol: “http”
This sets the correct forwarding rules protocol in the load balancer and the http to https now works
Yes, it is very much intentional. Since Load Balancer is performing SSL termination/offloading, only unencrypted traffic lands in Ingress controller (both on port 443 and 80). After SSL termination, requests cannot go to targetPort 443 because of plaintext/SSL transport type mismatch, therefore, they are routed to port 80.
There is no issue with exposed ports on nginx ingress controller deployment, because it works just fine for SSL.
I presume that issue is with Load Balancer itself, because it does not perform http->https redirection, i.e. when I visit load balancer url at port 80 I don’t get redirected to port 443, but when I visit url at port 443 it works as expected.
Is your ingress controller listening on port 80 as well as 443? I see you have both service ports set to:
Is this intentional?
Note that targetPort is the port on the pod that the request hits. Your ingress controller needs to be listening on this port for the service to work.
Are you specifying 80 as an exposed port on your deployment?
Regards,
John Kwiatkoski Senior Developer Support Engineer - Kubernete