-
Notifications
You must be signed in to change notification settings - Fork 0
[KUBERNETES] HTTP to HTTPS Redirect dengan Envoy Gateway
fourslickz edited this page May 16, 2026
·
1 revision
Jika menggunakan:
filters:
- type: RequestRedirectdan:
backendRefs:dalam rule yang sama, maka Gateway API akan error:
RequestRedirect filter must not be used together with backendRefs
Selain itu, jika redirect diterapkan pada listener HTTPS juga, maka akan terjadi:
ERR_TOO_MANY_REDIRECTS
karena HTTPS akan redirect ke HTTPS lagi.
Pisahkan menjadi:
- HTTPRoute khusus redirect HTTP → HTTPS
- HTTPRoute khusus backend HTTPS
kubectl delete httproute nginx-routeapiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-redirect
spec:
hostnames:
- aliensky.id
parentRefs:
- name: main-gateway
sectionName: http
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301kubectl apply -f 4-http-redirect.yamlapiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: https-backend
spec:
hostnames:
- aliensky.id
parentRefs:
- name: main-gateway
sectionName: https
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: nginx
port: 80kubectl apply -f 5-https-backend.yamlkubectl get httproutecurl -I http://aliensky.idHarus:
301 Moved Permanently
Location: https://aliensky.id
curl -I https://aliensky.idHarus:
200 OK
sectionName: httpDigunakan hanya untuk redirect.
sectionName: httpsDigunakan untuk backend aplikasi.
HTTP
↓
301 Redirect
↓
HTTPS
↓
Envoy Gateway
↓
HTTPRoute
↓
Service
↓
Pod
Disarankan memisahkan file:
4-http-redirect.yaml
5-https-backend.yaml
agar:
- lebih clean
- mudah maintenance
- mudah multi-domain
- mudah GitOps
kubectl get gatewayHarus:
PROGRAMMED=True
kubectl get certificateHarus:
READY=True
kubectl get secret my-domain-tlsStack production sekarang memiliki:
- K3s
- Envoy Gateway
- Gateway API
- HTTPRoute
- HTTPS
- Let's Encrypt
- cert-manager
- Auto SSL renewal
- HTTP → HTTPS redirect