When services are deployed to kubernetes, it is necessary to configure how to expose and redirect traffic to them from outside the cluster.
In this blog post I will show you how you can set up Traefik ingress routers to redirect HTTP traffic to HTTPS.
This post assumes you have Traefik deployed in your cluster with the kubernetes ingress and kubernetescrd provider, as well as the TLS certificate you want to use loaded on to it.
Ensure you have entrypoints defined in your kubernetes deployment, with ports 80 and 443 defined for web and websecure traffic respectively.
EntryPoints are the network entry points into Traefik. They define the port which will receive the packets, and whether to listen for TCP or UDP.
Deploy first router
In order to have Traefik listen to requests on HTTPS, you'll need to include a TLS section in your ingress definition. Here is an example definition of our first router:
kind: Ingress apiVersion: networking.k8s.io/v1 metadata: name: traefik-ingress namespace: example annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" spec: rules: - host: websecure.example.io http: paths: - backend: service: name: example port: number: 80 path: / pathType: ImplementationSpecific tls: - hosts: - websecure.example.io
We incorporate the
traefik.ingress.kubernetes.io/router.entrypoints annotation with value
However, as per the Traefik documentation, this will instruct our router to ignore HTTP (non TLS) requests.
We want to have our service listen on both HTTP and HTTPS. To do this we'll need to deploy a second router dedicated to HTTP traffic, but first let's have a look at Middleware.
The documentation explains it well, so I'll just copy the definition here:
Attached to the routers, pieces of middleware are a means of tweaking the requests before they are sent to your service (or before the answer from the services are sent to the clients).
That sounds good, we want to redirect all HTTP requests to HTTPS, so lets deploy the Middleware:
apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: name: redirect namespace: example spec: redirectScheme: scheme: https permanent: true
Now we need to attach this to our HTTP router, so let's proceed with it's creation.
Deploy second router
Here is the definition for our second router:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: ingress-redirect namespace: example annotations: traefik.ingress.kubernetes.io/router.entrypoints: web traefik.ingress.kubernetes.io/router.middlewares: example-redirect@kubernetescrd spec: rules: - host: websecure.example.io http: paths: - backend: service: name: example port: number: 80 path: / pathType: ImplementationSpecific
We specify the entrypoint as web this time as it will listen for HTTP requests only.
Our middleware is attached with the
The value we associate is in the format
<namespace>-<middleware-name>@kubernetescrd By doing this we also avoid global redirection for all our other services in the cluster
Great, I hope that helps with how you can redirect requests from outside your kubernetes cluster into your services.