The VIALES blog in the DangerZone

301 redirection using Kubernetes ingress NGINX

aaa
<TLDR;>

Create a new ingress controller. Add the following annotation nginx.ingress.kubernetes.io/permanent-redirect: 'https://newdomain'. Replace the url target. Point your DNS to your ingress load balancer.

Following the recent re-naming and re-addressing of my online resume from the url mathieu.viales.fr to resume-mathieu.viales.fr I needed to setup a 301 redirection for SEO reasons.

DNS configuration

Ensure that both domains have an A record (or whatever) pointing to your ingress load balancer

Application ingress config

The site's ingress is currently defined as follows

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: ssl-termination-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    cert-manager.io/cluster-issuer: letsencrypt-prod-custom
spec:
  tls:
    - hosts:
        - resume-mathieu.viales.fr
      secretName: resume-mathieu.viales.fr-cert
  rules:
    - host: resume-mathieu.viales.fr
      http:
        paths:
          - path: /
            backend:
              serviceName: resume-mathieu-viales
              servicePort: 80

Classic stuff, a cluster issuer and a secret are referenced to get the SSL certificate, a back-end is mapped on port 80 for the root path of the domain.

Redirection ingress

To perform the redirection, configure an other ingress as follows (details after the code)

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: dns-canonical-redirect
  annotations:
    kubernetes.io/ingress.class: "nginx"
    cert-manager.io/cluster-issuer: letsencrypt-prod-custom
    nginx.ingress.kubernetes.io/permanent-redirect: 'https://resume-mathieu.viales.fr'
spec:
  tls:
    - hosts:
        - mathieu.viales.fr
      secretName: resume-mathieu.viales.fr-cert
  rules:
    - host: mathieu.viales.fr
      http:
        paths:
          - path: /
            backend:
              serviceName: resume-mathieu-viales
              servicePort: 80

Annotations

Same as above, TLS configuration. But this time there's an nginx annotation added: nginx.ingress.kubernetes.io/permanent-redirect. This annotation lets us specify an URL to use as the target for a 301 redirect. If the protocol is specified, the target will be absolute. If the protocol is omitted, the redirection string will be considered to be a path relative to the current fully qualified URL.

A backend is specified through the "rules" node because an ingress definition requires a backend to be valid.

Conclusion

Apply to your cluster, make sur to have an TLS cert configured for both domains, you're good

2020-08-10
About
An error has occurred. This application may no longer respond until reloaded. Reload 🗙