Aqib Rahman
Aqib Rahman

Aqib Rahman

Set up Traefik Kubernetes Ingress for HTTP and HTTPS with redirect to HTTPS

Set up Traefik Kubernetes Ingress for HTTP and HTTPS with redirect to HTTPS

Aqib Rahman's photo
Aqib Rahman
·Sep 17, 2021·

3 min read

When services are deployed to kubernetes, it is necessary to configure how to expose and redirect traffic to them from outside the cluster.

In this blog post I will show you how you can set up Traefik ingress routers to redirect HTTP traffic to HTTPS.

This post assumes you have Traefik deployed in your cluster with the kubernetes ingress and kubernetescrd provider, as well as the TLS certificate you want to use loaded on to it.

Ensure you have entrypoints defined in your kubernetes deployment, with ports 80 and 443 defined for web and websecure traffic respectively.

EntryPoints are the network entry points into Traefik. They define the port which will receive the packets, and whether to listen for TCP or UDP.

Deploy first router

In order to have Traefik listen to requests on HTTPS, you'll need to include a TLS section in your ingress definition. Here is an example definition of our first router:

---
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: traefik-ingress
  namespace: example
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"

spec:
  rules:
  - host: websecure.example.io
    http:
      paths:
      - backend:
          service:
            name: example
            port:
              number: 80
        path: /
        pathType: ImplementationSpecific
  tls:
  - hosts:
    - websecure.example.io

We incorporate the traefik.ingress.kubernetes.io/router.entrypoints annotation with value websecure only.

However, as per the Traefik documentation, this will instruct our router to ignore HTTP (non TLS) requests.

We want to have our service listen on both HTTP and HTTPS. To do this we'll need to deploy a second router dedicated to HTTP traffic, but first let's have a look at Middleware.

Middleware

The documentation explains it well, so I'll just copy the definition here:

Attached to the routers, pieces of middleware are a means of tweaking the requests before they are sent to your service (or before the answer from the services are sent to the clients).

That sounds good, we want to redirect all HTTP requests to HTTPS, so lets deploy the Middleware:

---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: redirect
  namespace: example

spec:
  redirectScheme:
    scheme: https
    permanent: true

Now we need to attach this to our HTTP router, so let's proceed with it's creation.

Deploy second router

Here is the definition for our second router:

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-redirect
  namespace: example
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: web
    traefik.ingress.kubernetes.io/router.middlewares: example-redirect@kubernetescrd

spec:
  rules:
    - host: websecure.example.io
      http:
        paths:
          - backend:
              service:
                name: example
                port:
                  number: 80
            path: /
            pathType: ImplementationSpecific

We specify the entrypoint as web this time as it will listen for HTTP requests only.

Our middleware is attached with the traefik.ingress.kubernetes.io/router.middlewares annotation.

The value we associate is in the format <namespace>-<middleware-name>@kubernetescrd By doing this we also avoid global redirection for all our other services in the cluster

Great, I hope that helps with how you can redirect requests from outside your kubernetes cluster into your services.

 
Share this