DEV Community

andre aliaman
andre aliaman

Posted on • Edited on

Practical way to setup redirect HTTP to HTTPS with AWS EKS

Before you read this, the first thing you need is to setup AWS EKS cluster at your AWS account. If you want to deploy at your existing VPC, please follow this tutorial:setup aws eks with existing vpc

Recently, I have a problem when I need to setup HTTP to HTTPS at AWS EKS. All the tutorial to setup is not working as results.

After doing all the debug steps, I realized something. All the LB created from EKS, always have some type, all of them are classic. Even when you already add alb with this annotation.

    kubernetes.io/ingress.class: alb
Enter fullscreen mode Exit fullscreen mode

So after doing other research and having trials and errors, one thing you should do is setup an alb ingress controller before doing another thing. You just need to follow the 9 steps sequentially from this documentation. Straightforward.
alb ingress controller setup

After that, you can start deploying your first ALB with Kubernetes. Since it will create another AWS LB, you need to pay attention to your setup because your existing won't be applicable with SSL and need to have some adjustment.

In ALB ingress setup itself, you can choose to follow from one of this documentation.kubernetes aws docs or follow this aws docs, especially from step number 7. Or you can just use my config below:

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: your-ingress-name
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/certificate-arn: input-your-arn-from-youracm
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/group: your-target-group-name
    alb.ingress.kubernetes.io/target-type: ip | instance choose one
  labels:
    app: your-app-name
spec:
  rules:
   - host: your-domain-service-name
     http:
        paths:
          - path: /*
            backend:
              serviceName: ssl-redirect
              servicePort: use-annotation
          - path: /*
            backend:
              serviceName: your-service-name
              servicePort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: your-service-name
  labels:
    app: your-service-label
spec:
  selector:
    app: your-app-name
  ports:
    - name: http
      port: 80
      targetPort: http
    - name: https
      port: 443
      targetPort: http
  type: LoadBalancer | NodePort Choose one

Enter fullscreen mode Exit fullscreen mode

One thing that you need to know when we want to create new ALB from EKS is that, service spec type can only support LoadBalancer and NodePort. It won't support ClusterIP.

If you follow my config, you need to do two things. First, you need to create an SSL at ACM first since you need to point the SSL and to the ingress. And second one you need to do is pointing our new ALB for AWS EKS to the domain name, If you don't do that, it won't work.

I think that's it for now for this article. Leave a comment below about your thoughts! Thanks.

NOTE: This article I use for DEMO at my AWS Online talk at here and the presentation can see here

Top comments (0)