Skip to content

Redirect Traffic from HTTP to HTTPS

We'll use the alb.ingress.kubernetes.io/actions.${action-name} annotation to setup an ingress to redirect http traffic into https

Example Ingress Manifest

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  namespace: default
  name: ingress
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:xxxx:certificate/xxxxxx
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
spec:
  rules:
    - http:
        paths:
         - path: /*
           backend:
             serviceName: ssl-redirect
             servicePort: use-annotation
         - path: /users/*
           backend:
             serviceName: user-service
             servicePort: 80
         - path: /*
           backend:
             serviceName: default-service
             servicePort: 80

Note

  • alb.ingress.kubernetes.io/listen-ports annotation must at least include [{"HTTP": 80}, {"HTTPS":443}] to listen on 80 and 443.
  • alb.ingress.kubernetes.io/certificate-arn annotation must be set to allow listen for HTTPS traffic
  • the ssl-redirect action must be be first rule(which will be evaluated first by ALB)

How it works

By default, all rules specified in ingress spec will be applied to all listeners(one listener per port) on ALB.

If there is an redirection rule, the AWS Load Balancer controller will check it against every listener(port) to see whether it will introduce infinite redirection loop, and will ignore that rule for specific listener.

So for our above example, the rule by ssl-redirect will only been applied to http(80) listener.