K
Q

Question

EKS Ingress ALB add HTTP listener for some services and HTTPS for others

4/3/2021

I have the following ingress.yaml file

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
    name: in
    annotations:
        kubernetes.io/ingress.class: alb
        alb.ingress.kubernetes.io/scheme: internet-facing
        alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=600
        alb.ingress.kubernetes.io/target-type: ip
        alb.ingress.kubernetes.io/certificate-arn: xxxx
        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
spec:
    rules:
        - http:
            paths:
                - path: /api/bulk-api/*
                  backend:
                    serviceName: dg-bulk-api
                    servicePort: 5000
                - path: /api/adjuster-selection
                  backend:
                    serviceName: dg-adjuster-selection
                    servicePort: 5050
                - path: /api/cockpit/*
                  backend:
                    serviceName: dg-cockpit
                    servicePort: 5050
                - path: /api/regression/*
                  backend:
                    serviceName: dg-regression
                    servicePort: 5005
                - path: /api/lp/task-details*
                  backend:
                    serviceName: lp-task-detail
                    servicePort: 5050
                - path: /api/tool-setup/*
                  backend:
                    serviceName: dg-tool-setup
                    servicePort: 5000
                - path: /api/guideline/*
                  backend:
                    serviceName: dg-guideline
                    servicePort: 5050
                - path: /*
                  backend:
                    serviceName: dg-ui
                    servicePort: 80

The above mentioned yaml creates an ALB with listener at 80 and 443 added for all the routes. However, I want listener 80 for for all routes except dg-ui service and 443 for dg-ui service only. Let me know how can this be done.

-- Gautam Rajotya

amazon-eks

aws-application-load-balancer

kubernetes

kubernetes-ingress

2 Answers

4/4/2021

If you want to ensure some urls working with just https or http you need to define ingress.kubernetes.io/ssl-redirect: "true" annotation for http or ingress.kubernetes.io/ssl-redirect: "false" for using just http. The fact is that declared annotation affect whole path that you define in ingress object that is why you need to seperate Ingress definitions like below examples. So that for http you need to use like below yaml;

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: https-ingress
  annotations:
    ingress.kubernetes.io/ssl-redirect: "true"
spec:
  tls:
  - hosts:
    - example.com
    secretName: tls-secret
  rules:
  - host: example.com
    http:
      paths:
      - path: /secured
        backend:
          serviceName: my-service
          servicePort: 8080

For just http you need to use like below yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: http-ingress
  annotations:
    ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
  - host: example.com
    http:
      paths:
      - path: /unsecured
        backend:
          serviceName: my-service
          servicePort: 8080

-- Kağan Mersin

Source: StackOverflow

4/8/2021

I have been able to solve the issue. Thought it would be helpful for everyone.

Updated my ALB Ingress Controller to v2.1. Instructions can be found at: AWS LoadBalancer Controller
Create separate Ingress Yaml for Http and Https listener rules.
Add annotation: alb.ingress.kubernetes.io/group.name: my-team.awesome-group to both Ingress. This would create 2 Ingress and attach the rules to 1 common ALB. More on this annotation can be found here: IngressGroups

-- Gautam Rajotya

Source: StackOverflow

KQ

EKS Ingress ALB add HTTP listener for some services and HTTPS for others

Similar Questions

2 Answers

K
Q