CODEWITHSUNDEEP
nginxsslkubernetes
moulip
moulip

Reputation: 151

K8S Ingress 404 ssl backend

I have an issue I can't figure out. I have setup Nginx Ingress Controller on my managed k8s cluster. I'm trying to reach an SSL enabled pod behind and it does not work. I have 404 not found from Nginx and the certificate which is presented is the Nginx one. I have deployed the controller using their github repo and the default files following their doc. I have setup a clear http pod for purpose tests and it works. It seems to be related to ssl. I have tried many things to no avail. How can I reach an SSL pod behind nginx ?

Here's the Deployment + service (for the https one) resource I have setup :

apiVersion: apps/v1
kind: Deployment 
metadata:
 name: moulip-https
spec:
 selector:
   matchLabels:
     app: moulip-https
replicas: 2
template:
 metadata:
  labels:
    app: moulip-https
spec:
  containers:
  - name: "wabam" 
    image: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    ports:
    - containerPort: 443
  imagePullSecrets:
  - name: regcrd
---      
apiVersion: v1
kind: Service
metadata:
 name: https-svc
 labels:
   app: moulip-https
spec:
  ports:
  - port: 443
    targetPort: 443
    protocol: TCP
    name: https
selector:
  app: moulip-https

and my Ingress :

apiVersion: extensions/v1beta1 
kind: Ingress
metadata:
  name: ingress
  annotations:
   nginx.ingress.kubernetes.io/secure-backends: "true"
   nginx.ingress.kubernetes.io/ssl-passthrough: "true"
   nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
   nginx.ingress.kubernetes.io/rewrite-target: /
namespace: default
spec:
 rules:
  - host: https.moulip.lan
    http:
     paths:
      - backend:
          serviceName: https-svc
          servicePort: 443
  - host: test.moulip.lan
    http:
     paths:
      - backend:
          serviceName: hostname-svc
          servicePort: 80

Many thanks for any guidance you could provide me with.

Upvotes: 0

Views: 1207

Answers (1)

P Ekambaram
P Ekambaram

Reputation: 17621

You are missing tls configuration in the ingress. follow sample below

apiVersion: v1
kind: Secret
metadata:
  name: testsecret-tls
  namespace: default
data:
  tls.crt: base64 encoded cert
  tls.key: base64 encoded key
type: kubernetes.io/tls
---

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: tls-example-ingress
spec:
  tls:
  - hosts:
      - sslexample.foo.com
    secretName: testsecret-tls
  rules:
  - host: sslexample.foo.com
    http:
      paths:
      - path: /
        backend:
          serviceName: service1
          servicePort: 80

Upvotes: 1

Related Questions