0

How to force https traffic only in GKE when using ingress cloud loadbalancer, is there any special annotations or something similar to solve this

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: example-oms-ingress
  namespace: example-oms
  annotations:
    kubernetes.io/ingress.class: "gce"
    kubernetes.io/ingress.global-static-ip-name: "example-gke-oms"
spec:
  tls:
    - hosts:
        - oms-test-gke.example.com
      secretName: test-example-tls
  rules:
    - host: oms-test-gke.example.com
      http:
        paths:
          - path: /*
            backend:
              serviceName: example-oms-svc
              servicePort: 80
    - host: oms-test-gke.example.com

nginx ingress controller is not in the picture

Update:

Was able to solve by creating a new loadbalancer with a rule mentioned in

https://cloud.google.com/load-balancing/docs/https/setting-up-traffic-management#creating_the_url_map_for_handling_http_traffic

make sure you delete the port 80 on front-end LB of ingress before you create the new frwd lb

Tibin
  • 612
  • 1
  • 8
  • 21
  • 1
    Use the annotation `kubernetes.io/ingress.allow-http: "false"` – Hitobat May 14 '20 at 11:42
  • its not being respected – Tibin May 14 '20 at 13:10
  • The annotation will only work on new ingress creation. Also note that GCE ingress does not support htttp to https redirect, so if you disable port 80 on the front end, http requests will be denied, not redirected. http to https redirect must be configured on the backend server – Patrick W May 16 '20 at 06:28
  • Was able to solve by creating a new loadbalancer with a rule mentioned in https://cloud.google.com/load-balancing/docs/https/setting-up-traffic-management#creating_the_url_map_for_handling_http_traffic make sure you delete the port 80 on front-end LB of ingress before you create the new frwd lb – Tibin May 17 '20 at 09:00

0 Answers0