K
Q

Traefik for Kubernetes in Azure (redirect to https for the frontend)

3/18/2019

I'm trying to redirect an ingress for the service deployed in Azure Kubernetes to https. Whatever I try doesn't work. I tried configuring Ingress and Traefik itself (via ConfigMap) with no effect.

The config for Traefik looks as the following:

---
# Traefik_config.yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: traefik-conf
  namespace: kube-system
# traefik.toml
data:
  traefik.toml: |
    defaultEntryPoints = ["http","https"]

    [entryPoints]
      [entryPoints.http]
        address = ":80"
        [entryPoints.http.redirect]
          entryPoint = "https"
      [entryPoints.https]
        address = ":443"
        [entryPoints.https.tls]

    [frontends]
      [frontends.frontend2]
        backend = "backend1"
        passHostHeader = true
        # overrides default entry points
        entrypoints = ["http", "https"]

    [backends]
      [backends.backend1]
        [backends.backend1.servers.server1]
           url = "http://auth.mywebsite.com"

The subject for redirection is containerized IdentityServer API website with no TLS encryption. There are a couple of questions on the matter:

  • What's the best way to redirect the frontend app in Azure Kubernetes with Traefik
  • In the config the frontend is numbered, i.e. "frontend2". I assume this a sequential number of the app on the Traefik's dashboard. The problem is, the dashboard only shows the total sum of apps. If there are many of them, how to figure what the number is?
  • When I apply annotations to the Ingress, like "traefik.ingress.kubernetes.io/redirect-permanent: true" the respective labels are not showing up in the Traefik's dashboard for the respective app. Is there any reason for that?
-- Alex
azure
kubernetes
traefik

Similar Questions

MongoError: no mongos proxy available
"No resources found" from kubectl get for remote cluster
Advantage of using volume secrets over usual volume mounting
Kubernetes php-fpm missing ingress nginx configuration with minikube
kubernetes nginx ingress server-snippet annotation not taking effect
How to apply patch/put rest api for kubernetes Pod env variables

1 Answer

3/26/2019

Your configuration for redirecting http to https looks good. If you have followed the official Doc of Traefik to deploy on kubernetes, The Traefik ingress controller service will not have 443. Make sure you have port 443 opened on the Service with service type as LoadBalancer. Once we open a port in service, Then Azure opens the same port in the Azure load balancer. Service yaml is here.

kind: Service
apiVersion: v1
metadata:
  name: traefik-ingress-service
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
    - protocol: TCP
      port: 80
      name: web
    - protocol: TCP
      port: 8080
      name: admin
  type: LoadBalancer

If you want to redirect all the http to https in your cluster, You can go for the redirection in the configuration file. If you want to redirect only some of the services, then add annotations in the Ingress to achieve redirection for specific services.

traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https

After setting up the redirection, Traffic Dashboard reflects that here. You can also set up a permanent rediection using traefik.ingress.kubernetes.io/redirect-permanent: "true enter image description here

-- jakaruna-msft
Source: StackOverflow