I am following this tutorial https://www.getambassador.io/docs/latest/topics/running/ambassador-with-gke/ and I am having serious issues with http -> https redirect.
Host insecure.action: Redirect, backend's hc goes back to default one. if default hc is deleted, it gets recreated. If I force by some way my custom hc, it does not work again, in pod logs I see this "GET /ambassador/v0/check_ready HTTP/1.1" 301insecure.action: Redirect in Host http -> https works for couple of seconds before LB health check brings everything downinsecure.action: Redirect in Host should be Route
Additionally custom health check needs to be created:
kind: BackendConfig
metadata:
name: my-backendconfig
spec:
healthCheck:
checkIntervalSec: 10
timeoutSec: 10
healthyThreshold: 2
unhealthyThreshold: 2
type: HTTP
requestPath: /ambassador/v0/check_ready
port: 8080
and added to ambassador.yaml
kind: Service
metadata:
name: ambassador
annotations:
cloud.google.com/backend-config: '{"ports": {"8080":"my-backendconfig"}}'
spec:
type: NodePort
ports:
- name: http
port: 8080
targetPort: 8080
selector:
service: ambassador
Ingress should disable http:
kind: Ingress
metadata:
name: basic-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: "myip"
kubernetes.io/ingress.allow-http: "false"
spec:
tls:
- secretName: my-self-managed-cert
backend:
serviceName: ambassador
servicePort: 8080
This will create only HTTPS LB which will perfectly work and now we need http -> https redirect.
Simply go to Load Balancing screen and create 1 more load balancer (without backend) which will only redirect http to https.