kubernetes ingress TLS validation and redirection issue
I would suggest you have 2 separate Ingress
objects. One for SSL Host and another one for non-SSL host. Please check the below 2 ingress objects.
For HostOne - where redirection is not needed
apiVersion: extensions/v1beta1kind: Ingressmetadata: annotations: nginx.ingress.kubernetes.io/proxy-connect-timeout: "70" nginx.ingress.kubernetes.io/proxy-read-timeout: "1000" nginx.ingress.kubernetes.io/proxy-send-timeout: "1000" nginx.ingress.kubernetes.io/rewrite-target: /$1 generation: 9 labels: app: myapp chart: myapp-0.1.0 heritage: Helm release: myapp-ingress name: myapp-ingress-non-ssl namespace: myapp-namespacespec: rules: - host: hostOne http: paths: - backend: serviceName: myapp-front servicePort: 8080 path: /(.*) - backend: serviceName: myapp-backend servicePort: 8080 path: /myappapi/(.+) tls: - hosts: - hostOnestatus: loadBalancer: ingress: - {}
For HostTwo - where Redirection is needed #Added the redirection annotation
apiVersion: extensions/v1beta1kind: Ingressmetadata: annotations: nginx.ingress.kubernetes.io/proxy-connect-timeout: "70" nginx.ingress.kubernetes.io/proxy-read-timeout: "1000" nginx.ingress.kubernetes.io/proxy-send-timeout: "1000" nginx.ingress.kubernetes.io/rewrite-target: /$1 nginx.ingress.kubernetes.io/force-ssl-redirect: "true" generation: 9 labels: app: myapp chart: myapp-0.1.0 heritage: Helm release: myapp-ingress name: myapp-ingress-ssl namespace: myapp-namespacespec: rules: - host: hostTwo http: paths: - backend: serviceName: myapp-front servicePort: 8080 path: /(.*) - backend: serviceName: myapp-backend servicePort: 8080 path: /myappapi/(.+) tls: - hosts: - hostTwo secretName: tlsSecretstatus: loadBalancer: ingress: - {}
I found it.https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/
just adding nginx.ingress.kubernetes.io/force-ssl-redirect: "false", because the default value it is true.@nischay, your solution does not work because in the first ingress should be necesary to add nginx.ingress.kubernetes.io/force-ssl-redirect: "false" and its more complex to split the ingress than just adding the annotation, Anyway thank you so much.