Kubernetes Ingress Annotation: alb.ingress.kubernetes.io/actions.ssl-redirect
In the world of Kubernetes, an Ingress is an API object that manages external access to services in a cluster. It acts as a reverse proxy and exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. One of the powerful features of Kubernetes Ingress is the ability to add annotations to customize its behavior. In this article, we will explore one such annotation: alb.ingress.kubernetes.io/actions.ssl-redirect
.
Background
Amazon Web Services (AWS) provides a managed Kubernetes service called Amazon Elastic Kubernetes Service (EKS). When deploying applications in EKS, you can utilize an Application Load Balancer (ALB) to route traffic to your services. Ingress resources in EKS support various annotations specific to AWS ALB.
SSL Redirect
SSL (Secure Sockets Layer) is a protocol that provides secure and encrypted communication between a client and a server. By enforcing SSL, all HTTP requests to an application are automatically redirected to their HTTPS counterparts. This ensures that sensitive information transmitted over the network remains secure.
The alb.ingress.kubernetes.io/actions.ssl-redirect
annotation allows you to configure SSL redirection for your application's Ingress resource. When this annotation is applied, any HTTP request to the specified host is automatically redirected to HTTPS.
Code Example
Let's take a look at a code example to understand how to apply the alb.ingress.kubernetes.io/actions.ssl-redirect
annotation:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-ingress
annotations:
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
spec:
rules:
- host: example.com
http:
paths:
- path: /
backend:
serviceName: my-service
servicePort: 80
In the above example, we have defined an Ingress resource with the name my-ingress
. The alb.ingress.kubernetes.io/actions.ssl-redirect
annotation is applied with the value {"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}
. This configuration specifies that any HTTP request to example.com
should be redirected to HTTPS
on port 443
with the status code 301
.
The rules
section defines the routing rules for incoming requests. In this case, we have a single rule that matches requests with the host example.com
and any path. These requests are then forwarded to the my-service
running on port 80
.
Conclusion
The alb.ingress.kubernetes.io/actions.ssl-redirect
annotation is a powerful tool for enforcing SSL redirection in Kubernetes Ingress resources on AWS EKS. By applying this annotation, all HTTP requests to your application can be automatically redirected to their HTTPS counterparts, ensuring secure communication between clients and servers.
Using the provided code example, you can easily configure SSL redirection for your own Ingress resources in AWS EKS. This annotation is just one of the many available options to customize and enhance the behavior of your Kubernetes Ingress resources.