HTTPS redirection for Ingress resources in multiple namespaces

danuka92 · April 2, 2020, 9:19am

Hi All,

I am facing an issues with ‘HTTPS redirect using KongIngress’ for applications running in different namespaces. Below I have shared the relevant configurations of KongIngress resource. Despite I am using ’ configuration.konghq.com: “https-only” annotation for the application’s Ingress resource in a different name space, I can still access the API with HTTP protocol. But if the application is running in the same namespace as KongIngress, then this HTTPS only feature get applied properly.

echo "
apiVersion: configuration.konghq.com/v1
kind: KongIngress
metadata:
name: https-only
route:
protocols:

https
https_redirect_status_code: 302
" | oc apply -f -

Can you help me point to any missing configurations or the relevant component that can be used to enable HTTPS only requests for selected Ingress resources in different namespaces.

Thanks!

hbagdi · April 2, 2020, 3:03pm

Please create KongIngress resource in the same namespace as your Ingress resource.

danuka92 · April 2, 2020, 4:01pm

@hbagdi,

Appreciate your feedback. But that doesn’t seem to be a viable option for my use case as I am having large number of micro services distributed across number of different name spaces. Then I will need to maintain the same KongIngress resource copy in each of those namespaces. So definitely it is the not the most convenient way to configure it.

Is there any way to use a single KongIngress resource to cater selected Ingress resources in different namespaces ?
If this feature is not available, will there be a similar feature coming in the near future?
If the only available option is to create KongIngress for each of the namespaces, then what is your recommendation to manage this single copy of KongIngress resource in multiple namespaces ?

Thanks!

hbagdi · April 7, 2020, 5:42am

You can use annotations on Ingress resource as well:

github.com

Kong/kubernetes-ingress-controller/blob/master/docs/references/annotations.md#konghqcomhttps-redirect-status-code

# Kong Ingress Controller annotations

Kong Ingress Controller supports the following annotations on various resources:

## Ingress resource

Following annotations are supported on Ingress resources:

| Annotation name | Description |
|-----------------|-------------|
| [`kubernetes.io/ingress.class`](#kubernetesioingressclass) | Restrict the Ingress rules that Kong should satisfy |
| [`konghq.com/plugins`](#konghqcomplugins) | Run plugins for specific Ingress. |
| [`konghq.com/protocols`](#konghqcomprotocols) | Set protocols to handle for each Ingress resource. |
| [`konghq.com/preserve-host`](#konghqcompreserve-host) | Pass the `host` header as is to the upstream service. |
| [`konghq.com/strip-path`](#konghqcomstrip-path) | Strip the path defined in Ingress resource and then forward the request to the upstream service. |
| [`konghq.com/https-redirect-status-code`](#konghqcomhttps-redirect-status-code) | Set the HTTPS redirect status code to use when an HTTP request is recieved. |
| [`konghq.com/override`](#konghqcomoverride) | Control other routing attributes via `KongIngress` resource. |
| DEPRECATED [`plugins.konghq.com`](#pluginskonghqcom) | Please use [`konghq.com/plugins`](#konghqcomplugins) |
| DEPRECATED [`configuration.konghq.com`](#configurationkonghqcom) | Please use [`konghq.com/override`](#konghqcomoverride) |
| DEPRECATED [`configuration.konghq.com/protocols`](#configurationkonghqcomprotocols) | Please use [`konghq.com/protocols`](#konghqcomprotocols) |

This file has been truncated. show original

Topic		Replies	Views
KongIngress in different namespace Questions	2	1215	July 22, 2020
HTTPS redirect not working with annotation Kubernetes	2	1472	July 28, 2020
Kong Ingress Annotations (Redirect) Kubernetes	5	3746	May 22, 2022
K8S - KongIngress - Redirect HTTP to HTTPS Kubernetes	1	1308	December 2, 2019
Redirecting HTTP to HTTPS Installation/Setup	35	20875	March 29, 2023

HTTPS redirection for Ingress resources in multiple namespaces

Related Topics