Search code examples
kuberneteskubernetes-ingressamazon-eksaws-application-load-balancer

EKS Ingress ALB add HTTP listener for some services and HTTPS for others

I have the following ingress.yaml file

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
    name: in
    annotations:
        kubernetes.io/ingress.class: alb
        alb.ingress.kubernetes.io/scheme: internet-facing
        alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=600
        alb.ingress.kubernetes.io/target-type: ip
        alb.ingress.kubernetes.io/certificate-arn: xxxx
        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
spec:
    rules:
        - http:
            paths:
                - path: /api/bulk-api/*
                  backend:
                    serviceName: dg-bulk-api
                    servicePort: 5000
                - path: /api/adjuster-selection
                  backend:
                    serviceName: dg-adjuster-selection
                    servicePort: 5050
                - path: /api/cockpit/*
                  backend:
                    serviceName: dg-cockpit
                    servicePort: 5050
                - path: /api/regression/*
                  backend:
                    serviceName: dg-regression
                    servicePort: 5005
                - path: /api/lp/task-details*
                  backend:
                    serviceName: lp-task-detail
                    servicePort: 5050
                - path: /api/tool-setup/*
                  backend:
                    serviceName: dg-tool-setup
                    servicePort: 5000
                - path: /api/guideline/*
                  backend:
                    serviceName: dg-guideline
                    servicePort: 5050
                - path: /*
                  backend:
                    serviceName: dg-ui
                    servicePort: 80

The above mentioned yaml creates an ALB with listener at 80 and 443 added for all the routes. However, I want listener 80 for for all routes except dg-ui service and 443 for dg-ui service only. Let me know how can this be done.

Solution

  • I have been able to solve the issue. Thought it would be helpful for everyone.

    1. Updated my ALB Ingress Controller to v2.1. Instructions can be found at: AWS LoadBalancer Controller
    2. Create separate Ingress Yaml for Http and Https listener rules.
    3. Add annotation: alb.ingress.kubernetes.io/group.name: my-team.awesome-group to both Ingress. This would create 2 Ingress and attach the rules to 1 common ALB. More on this annotation can be found here: IngressGroups