How to redirect http to https in Kubernetes service manifest

2/13/2019

I had created a service with the type load balancer and I also configured SSL certificate to it, everything working fine but it's not redirecting my HTTP calls to https until I give https manually before my domain. Here is my svc.yml

apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "True"
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
    dns.alpha.kubernetes.io/external: test.example.com
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: xxxxxxxxxxxxxx
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
  labels:
    app: nginx
spec:
  type: LoadBalancer
  loadBalancerIP:
  ports:
  - port: 80
    name: http
    targetPort: 80
  - port: 443
    name: https
    targetPort: 80
  selector:
    app: nginx
-- satya
amazon-web-services
kubernetes

1 Answer

2/13/2019

I believe, k8s service object does not have redirection functionality, it is designed to provide a static IP (clusterIP) to the pods who has ephemeral IP. It enables pods to have service discovery functionality in the cluster

A Kubernetes Service is an abstraction which defines a logical set of Pods and a policy by which to access them - sometimes called a micro-service. The set of Pods targeted by a Service is (usually) determined by a Label Selector (see below for why you might want a Service without a selector). As an example, consider an image-processing backend which is running with 3 replicas. Those replicas are fungible - frontends do not care which backend they use. While the actual Pods that compose the backend set may change, the frontend clients should not need to be aware of that or keep track of the list of backends themselves. The Service abstraction enables this decoupling.

k8s service

Redirection should happen at the Ingress Level(L7) or at the load balancer(L4) of the cloud provider.

-- Suresh Vishnoi
Source: StackOverflow