K
Q

GCP GCE Ingress doesn't redirect http

2/23/2018

I'm using Kubernetes Engine for my services. I want to use a gce ingress controller with a custom certificate (by now, I'm only testing). My problem is that my ingress controller doesn't redirect http to https. I know that using nginx ingress, redirect works, but I need use GCE.

My ingress is like that:

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-ingress
  namespace: project-dev
  annotations:
    name: project-ingress
    kubernetes.io/ingress.class: "gce"
    kubernetes.io/ingress.allow-http: "false"  
    ingress.kubernetes.io/force-ssl-redirect: "true
spec:
  tls:
   - secretName: mycert
  backend:
    serviceName: testingservice
    servicePort: 3000

kubectl describe ingress my-ingress

Name:             my-ingress
Namespace:        project-dev
Address:          <publicIP>
Default backend:  service:Port (PrivateIP:3000)
TLS:
 mycert terminates 
Rules:
  Host  Path  Backends
  ----  ----  --------
  *     *     service:Port (PrivateIP:3000)
Annotations:
  https-target-proxy:     ****
  ssl-cert:               ****
  static-ip:              ****
  url-map:                ****
  target-proxy:           ****
  backends:               {"k8s-be-30120--0ad2e277d383b39d":"HEALTHY"}
  force-ssl-redirect:     true
  forwarding-rule:        ****
  https-forwarding-rule:  ****
Events:
  Type    Reason   Age               From                     Message
  ----    ------   ----              ----                     -------
  Normal  Service  6m (x12 over 1h)  loadbalancer-controller  default backend set to <backend>

What am I doing wrong?

-- Daniel Palma Genicio
google-cloud-platform
google-compute-engine
kubernetes
ssl

Similar Questions

Should Kubernetes Worker Node have public IP?
ISTIO: enable circuit breaking on egress
Kubernetes MaxVolumeCount is less than max pods per node
Simplest approach to expose a HAProxy (port 80) Docker in IBM Cloud Kubernetes

2 Answers

2/24/2018

You can try to setup it through GCP Load Balance like this:

gcloud compute addresses create myexternalip --region europe-west1
gcloud compute target-pools create kubernetes --region europe-west1
gcloud compute target-pools add-instances kubernetes --instances your_kubernetes_cluster --instances-zone europe-west1-d
gcloud compute forwarding-rules create kubernetes-forward --address myexternalip --region europe-west1 --ports 1-65535 --target-pool kubernetes
gcloud compute forwarding-rules describe kubernetes-forward
--
Source: StackOverflow
2/26/2018

When I create a GCE Ingress, inmediatly it is created and Static External IP, a Load Balancer and it is assigned the k8s cluster. So, it is like I follow your steps. In the load balancer, I can see the allowed HTTP and HTTPS protocols and my SSL certificate in the HTTPS one.

Maybe I have to create a forward rule from HTTP to HTTPS? I mean, at GCP level becuase in k8s it doesn't working.

-- Daniel Palma Genicio
Source: StackOverflow