1

The airflow created by official helm chart is not redirect https. It is running behind LoadBalancer with ingress control service.

Here is my ingress controller

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    ingress.kubernetes.io/scheme: internet-facing
    ingress.kubernetes.io/healthcheck-protocol: HTTP 
    ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
    ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
  name: airflow-webser
  namespace: airflow
spec:
  #   secretName: tls-secret 
  rules:
    -  host: airflow.example.com
       http:
           paths:
            - path: /
              backend:
                serviceName: airflow-webserver
                servicePort: airflow-ui

Here is my airflow service which i get by kubectl -o yaml

apiVersion: v1
kind: Service
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{"meta.helm.sh/release-name":"airflow","meta.helm.sh/release-namespace":"airflow"},"creationTimestamp":"2022-07-07T01:37:40Z","labels":{"app.kubernetes.io/managed-by":"Helm","chart":"airflow-1.6.0","component":"webserver","heritage":"Helm","release":"airflow","tier":"airflow"},"name":"airflow-webserver","namespace":"airflow","resourceVersion":"11826...","uid":"2ee4946c"},"spec":{"clusterIP":"","clusterIPs":["172....."],"externalTrafficPolicy":"Cluster","ipFamilies":["IPv4"],"ipFamilyPolicy":"SingleStack","ports":[{"name":"airflow-ui","nodePort":32...,"port":80,"protocol":"TCP","targetPort":8080}],"selector":{"component":"webserver","release":"airflow","tier":"airflow"},"sessionAffinity":"None","type":"NodePort"},"status":{"loadBalancer":{}}}
    meta.helm.sh/release-name: airflow
    meta.helm.sh/release-namespace: airflow
  creationTimestamp: "2022-06-07T04:15:13Z"
  labels:
    app.kubernetes.io/managed-by: Helm
    chart: airflow-1.6.0
    component: webserver
    heritage: Helm
    release: airflow
    tier: airflow
  name: airflow-webserver
  namespace: airflow
  resourceVersion: "12000742"
  uid: 9fe3e104-0c00-4cab-b701
spec:
  clusterIP: 172.10.....
  clusterIPs:
  - 172.10.....
  externalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: airflow-ui
    nodePort: 32...
    port: 443
    protocol: TCP
    targetPort: airflow-ui
  selector:
    component: webserver
    release: airflow
    tier: airflow
  sessionAffinity: None
  type: NodePort
status:
  loadBalancer: {}

Other front-end app i applied working fine listening https by aws certificate management. I tried to the same thing for airflow but it didnt work.It directs http.

**

❯ curl https://example.com/                                                                                                                                   ─╯
*   Trying IP ADDRESS:443...
* Connected to airflow.example.com (IP) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=example.com
*  start date: Jul  6 00:00:00 2022 GMT
*  expire date: Aug  4 23:59:59 2023 GMT
*  issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
*  SSL certificate verify ok.
> GET / HTTP/1.1
> Host: airflow.example.com
> User-Agent: curl/7.79.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 FOUND
< Content-Type: text/html; charset=utf-8
< Date: Fri, 08 Jul 2022 00:57:57 GMT
< Location: http://airflow.example.com/home
< Server: nginx/1.19.1
< Set-Cookie: session=7916bd57-21b4-4c39-ac89-c6d56c924e2a.SWJ9WmiwN849ZPoilwH5UWiXhbg; Expires=Sun, 07-Aug-2022 00:57:57 GMT; HttpOnly; Path=/; SameSite=Lax
< X-Frame-Options: DENY
< X-Robots-Tag: noindex, nofollow
< Content-Length: 217
< Connection: keep-alive
< 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>Redirecting...</title>

**

I would be happy if someone help me out.

Felix G.
  • 11
  • 2
  • Airflow on EKS. Using ALB instead of nginx here. Take a look if interested. https://www.udemy.com/course/abcd-airflow-23x-helm-eks-minikube/?referralCode=69BB02F9A1E166F639BD – caxefaizan Jul 11 '22 at 15:16

0 Answers0