Setting up HTTP to HTTPS Redirection with Alibaba Cloud Container Service

Image for post
Image for post

By Andre Aliaman, independent consultant.

In this article, I’m going to share how I set up my first services on Alibaba Cloud Container Service for Kubernetes to redirect HTTP to HTTPS.

Just by reading Alibaba Cloud’s official documentation, you can find the settings for some interesting configurations, which really shows off the flexibility of Alibaba Cloud Container Service for Kubernetes. Container Service offers support for several configurations, including using an NGINX ingress controller. But, my curiosity didn’t end there. I wanted to set up HTTP to HTTPS redirection for my services.

For more things you can change and configure with Container Service, check out this document. It shows how you can use Alibaba Cloud Server Load Balancer (SLB) to access your services. This document is pretty detailed and covers a lot of things. Or, you can wait for me to cover this and other similar topics in later blog posts in the future.

Setting up HTTP to HTTPS Redirection

When I create my first clusters in Alibaba Cloud Container Service, I saw in the control panel that my clusters were already supporting the official ingress controller. All I needed to do was activate the ingress controller. For some reference, check out this image below:

Image for post
Image for post

Note: At the time of writing this article, only managed and dedicated clusters support this mode. However, this may change in the future.

After that, you can finish your setup and wait until everything has been settled, then you’ll be ready for creating your first services at your new cluster. As the first step to setting up HTTP to HTTPS redirection, what you need is to have two YAML files. The first of these files is for deployment. In this file, you’ll need to define your deployment name, label, metadata, and how many containers you’ll need, as well as the container images you want to use. And when it comes to images, You can use your images or use NGINX official images (for testing purposes) like what I did below:

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: your-deployment-name
namespace: default
labels:
app: your-label-for-deployment
spec:
replicas: 1
selector:
matchLabels:
app: your-container-name-label
template:
metadata:
labels:
app: your-container-name-label
spec:
containers:
- name: your-container-name
image: nginx or your-images
imagePullPolicy: Always
ports:
- containerPort: 80
name: service-port

If you want to use your own image, you can use the example YAML above and change it accordingly with your needs. The second YAML file you need to create is for services. The interesting part here is you can use Alibaba Cloud annotations directly in this YAML file. See the example below:

apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/alibaba-cloud-loadbalancer-protocol-port: "https:443,http:80"
service.beta.kubernetes.io/alibaba-cloud-loadbalancer-cert-id: YOUR_CERT_ID
service.beta.kubernetes.io/alibaba-cloud-loadbalancer-forward-port: "80:443"
name: YOUR-KUBERNETES-SERVICE
namespace: default
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: service-port
- name: http
port: 80
protocol: TCP
targetPort: service-port
selector:
run: YOUR_PODS_LABEL
type: LoadBalancer

After creating the two files, you can start to implement them with this command kubectl apply -f<name-of-your-deployment-yaml and then use kubectl apply -f<name-of-your-service-yaml command, too, and last you will be able to see your new services by using the kubectl get svc command.

Now when it comes to verifying everything, you can do the following. Copy the EXTERNAL-IP for your services paste it into a browser window. If you use NGNIX official images like me, you'll have a result like this:

So, if everything went smoothly, you should be done. You have your first simple services that can be automatically accessed to HTTPS encryption.

Some Thoughts

As detailed in the page I linked above, Alibaba Cloud Container Service and Server Load Balancer itself has many other options and configuration settings you can play with. The document I shared above provides several options so that you can customize the settings of your services using Container Service to your exact needs. I’ll share my configuration set up in a future post.

Original Source:

Written by

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store