k8s-bigip-ctlr: Ingress Resource: Http to Https redirect not working

Description

we are using k8s-bigip-ctlr as a LB for our k8 environment, we are facing issue with http to https redirect, its not working, in pod we are defining below Annotations.

Annotations:
  ingress.kubernetes.io/allow-http:    false
  ingress.kubernetes.io/ssl-redirect:  true

But still our http url is not getting redirect to https url.

Kubernetes Version

1.14.1

Controller Version

1.9.1

BIG-IP Version

BIG-IP 13.1.1.4 Build 0.0.4 Point Release 4

Diagnostic Information

Our Ingress file :

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    ingress.kubernetes.io/allow-http: "false"
    ingress.kubernetes.io/ssl-redirect: "true"
    virtual-server.f5.com/health: '[{"path": "mydns.com/",
      "send": "GET / HTTP/1.1\r\n", "interval": 5, "timeout": 10 }]'
    virtual-server.f5.com/ip: x.x.x.x
    virtual-server.f5.com/partition: k8stest
  creationTimestamp: "2019-06-17T05:11:34Z"
  generation: 2
  labels:
    app: gocd-template
  name: gocd-template
  namespace: k8stest-gocdtemplates
  resourceVersion: "17924672"
  selfLink: /apis/extensions/v1beta1/namespaces/k8stest-gocdtemplates/ingresses/gocd-template
  uid: xxxxxxxxxxxxxxxxxx
spec:
  rules:
  - host: mydns.com
    http:
      paths:
      - backend:
          serviceName: gocd-template
          servicePort: 80
        path: /
  tls:
  - hosts:
    - mydns.com
    secretName: /Common/ssl-intranet
status:
  loadBalancer:
    ingress:
    - ip: x.x.x.x

About this issue

Original URL
State: closed
Created 5 years ago
Comments: 16 (9 by maintainers)

Most upvoted comments

We have created AS3 for you app as bellow.

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
  template: |-
    {
          "class":"AS3",
          "action":"deploy",
          "persist":true,
          "declaration":{
            "class":"ADC",
            "schemaVersion":"3.10.0",
            "id":"1847a369-5a25-4d1b-8cad-5740988d4423",
            "label":"Sample AS3 Template",
            "remark":"HTTP application",
            "stark":{
              "class":"Tenant",
              "blog":{
                "class":"Application",
                "template":"https",
                "serviceMain":{
                  "class":"Service_HTTPS",
                  "virtualAddresses":[
                    "10.191.118.27"
                  ],
                  "virtualPort":443,
                  "pool":"web_pool"
                },
                "web_pool":{
                  "class":"Pool",
                  "monitors":[
                    "https"
                  ],
                  "members":[
                  {
                    "servicePort":443,
                    "serverAddresses":[
                      "10.191.118.27"
                    ]
                  }
                  ]
                }
              }
            }
    }
kind: ConfigMap
metadata:
  creationTimestamp: "2019-06-28T10:17:29Z"
  labels:
    as3: "true"
    f5type: virtual-server
  name: as3-template-https
  namespace: k8sdev-gocdtemplates-dev
  resourceVersion: "98489980"
  selfLink: /api/v1/namespaces/k8sdev-gocdtemplates-dev/configmaps/as3-template-https
  uid: ef774c41-998d-11e9-9f62-0050569aee46

We have certificate install in LB it self and in ingress we define it like this.

  tls:
  - hosts:
    - gocd-templates-k8stest.intranet.mckinsey.com
    secretName: /Common/ssl-intranet
status:
  loadBalancer:
    ingress:
    - ip: x.x.x.x

Can you tell me how we define certificate in AS3 config map as mention above.

amarshaw on Jun 30, 2019

can you try CC/CIS with AS3 ? I know AS3 1.9.1 does not support ingress yet. I have a patch to fix the http to https redirect in CC/CIS itself, but it is not merged in CC/CIS, would you like to try that?

vincentmli on Jun 27, 2019