killjoy
killjoy

Reputation: 1052

nginx ingress controller tls termination passthrough

Just deployed my docker image to Azure AKS and created nginx ingress controller. My image has the SSL certificate and handles SSL itself. So, I need a passthrough route to my container.

When I navigate to https://just-poc.live famous nginx 502 gateway displays as below;

Apparently, nginx couldn't find a route to send https traffic.

What should I do to make nginx controller to route the traffic to my socket-poc deployment?

enter image description here

nginx ingress controller

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: hello-world-ingress
  annotations:
    kubernetes.io/ingress.class: nginx       
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
  rules:
  - http:
      paths:     
      - path: /(.*)
        pathType: Prefix
        backend:
          service:
            name: socket-poc
            port:
              number: 8081            

deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: socket-poc
spec:
  replicas: 1
  selector:
    matchLabels:
      app: socket-poc
  template:
    metadata:
      labels:
        app: socket-poc
    spec:      
      containers:
      - name: socket-poc
        image: myownacrrepo.azurecr.io/socket:8081
        env:
        - name: TOOLBAR_COLOR
          value: "green"                
        resources:
          requests:
            cpu: 100m
            memory: 128Mi
          limits:
            cpu: 300m
            memory: 512Mi
        ports:
        - containerPort: 8081
          
---
apiVersion: v1
kind: Service
metadata:
  name: socket-poc
spec:
  type: ClusterIP
  ports:
  - port: 8081
  selector:
    app: socket-poc

kubectl get services displays below;

NAME                                               TYPE           CLUSTER-IP    EXTERNAL-IP     PORT(S)                      AGE
aks-helloworld-one                                 ClusterIP      10.0.34.79    <none>          80/TCP                       57m
nginx-ingress-ingress-nginx-controller             LoadBalancer   10.0.74.62    20.93.213.132   80:31262/TCP,443:30706/TCP   35m
nginx-ingress-ingress-nginx-controller-admission   ClusterIP      10.0.177.29   <none>          443/TCP                      35m
socket-poc                                         ClusterIP      10.0.64.248   <none>          8081/TCP                     69m

kubectl describe ingress hello-world-ingress displays like this;

Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
Name:             hello-world-ingress
Namespace:        ingress-basic
Address:          20.93.213.132
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
  Host        Path  Backends
  ----        ----  --------
  *
              /(.*)   socket-poc:8081 (10.244.1.18:8081)
Annotations:  kubernetes.io/ingress.class: nginx
              nginx.ingress.kubernetes.io/rewrite-target: /$1
              nginx.ingress.kubernetes.io/ssl-passthrough: true
              nginx.ingress.kubernetes.io/use-regex: true
Events:
  Type    Reason  Age                From                      Message
  ----    ------  ----               ----                      -------
  Normal  Sync    19m (x4 over 35m)  nginx-ingress-controller  Scheduled for sync
  Normal  Sync    19m (x4 over 35m)  nginx-ingress-controller  Scheduled for sync

Upvotes: 1

Views: 4322

Answers (1)

killjoy
killjoy

Reputation: 1052

nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" annotaion was missing. 502 error is gone!

Upvotes: 5

Related Questions