Traefik for Kubernetes in Azure (redirect to https for the frontend)

Question

I'm trying to redirect an ingress for the service deployed in Azure Kubernetes to https. Whatever I try doesn't work. I tried configuring Ingress and Traefik itself (via ConfigMap) with no effect.

The config for Traefik looks as the following:

---
# Traefik_config.yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: traefik-conf
  namespace: kube-system
# traefik.toml
data:
  traefik.toml: |
    defaultEntryPoints = ["http","https"]

    [entryPoints]
      [entryPoints.http]
        address = ":80"
        [entryPoints.http.redirect]
          entryPoint = "https"
      [entryPoints.https]
        address = ":443"
        [entryPoints.https.tls]

    [frontends]
      [frontends.frontend2]
        backend = "backend1"
        passHostHeader = true
        # overrides default entry points
        entrypoints = ["http", "https"]

    [backends]
      [backends.backend1]
        [backends.backend1.servers.server1]
           url = "http://auth.mywebsite.com"

The subject for redirection is containerized IdentityServer API website with no TLS encryption. There are a couple of questions on the matter:

• What's the best way to redirect the frontend app in Azure Kubernetes with Traefik
• In the config the frontend is numbered, i.e. "frontend2". I assume this a sequential number of the app on the Traefik's dashboard. The problem is, the dashboard only shows the total sum of apps. If there are many of them, how to figure what the number is?
• When I apply annotations to the Ingress, like "traefik.ingress.kubernetes.io/redirect-permanent: true" the respective labels are not showing up in the Traefik's dashboard for the respective app. Is there any reason for that?

Answer 1

Iv'e stumbled on this question while looking for a solution myself.

We are using traefik as a load balancer and i wanted to add https redirect to an ingress route. To do that I added a https-redirect middleware :

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: https-redirect
  namespace: <your-namespace>
spec:
  redirectScheme:
    scheme: https
    permanent: true

The namespace here is important as you need it for the annotation. You then need to add an annotation to your ingress :

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    traefik.ingress.kubernetes.io/router.middlewares: <your-namespace>-https-redirect@kubernetescrd
    traefik.ingress.kubernetes.io/router.tls: "true"
  ...

I found the explanation here : https://community.traefik.io/t/how-to-configure-middleware-with-kubernetes-ingress-middleware-xyz-does-not-exist/5016

Answer 2

Your configuration for redirecting http to https looks good. If you have followed the official Doc of Traefik to deploy on kubernetes, The Traefik ingress controller service will not have 443. Make sure you have port 443 opened on the Service with service type as LoadBalancer. Once we open a port in service, Then Azure opens the same port in the Azure load balancer. Service yaml is here.

kind: Service
apiVersion: v1
metadata:
  name: traefik-ingress-service
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
    - protocol: TCP
      port: 80
      name: web
    - protocol: TCP
      port: 8080
      name: admin
  type: LoadBalancer

If you want to redirect all the http to https in your cluster, You can go for the redirection in the configuration file. If you want to redirect only some of the services, then add annotations in the Ingress to achieve redirection for specific services.

traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https

After setting up the redirection, Traffic Dashboard reflects that here. You can also set up a permanent rediection using traefik.ingress.kubernetes.io/redirect-permanent: "true