killjoy
Reputation: 1052
nginx ingress controller tls termination passthrough
Just deployed my docker image to Azure AKS and created nginx ingress controller. My image has the SSL certificate and handles SSL itself. So, I need a passthrough route to my container.
When I navigate to https://just-poc.live famous nginx 502 gateway displays as below;
Apparently, nginx couldn't find a route to send https traffic.
What should I do to make nginx controller to route the traffic to my socket-poc deployment?
nginx ingress controller
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hello-world-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
rules:
- http:
paths:
- path: /(.*)
pathType: Prefix
backend:
service:
name: socket-poc
port:
number: 8081
deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: socket-poc
spec:
replicas: 1
selector:
matchLabels:
app: socket-poc
template:
metadata:
labels:
app: socket-poc
spec:
containers:
- name: socket-poc
image: myownacrrepo.azurecr.io/socket:8081
env:
- name: TOOLBAR_COLOR
value: "green"
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 300m
memory: 512Mi
ports:
- containerPort: 8081
---
apiVersion: v1
kind: Service
metadata:
name: socket-poc
spec:
type: ClusterIP
ports:
- port: 8081
selector:
app: socket-poc
kubectl get services displays below;
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
aks-helloworld-one ClusterIP 10.0.34.79 <none> 80/TCP 57m
nginx-ingress-ingress-nginx-controller LoadBalancer 10.0.74.62 20.93.213.132 80:31262/TCP,443:30706/TCP 35m
nginx-ingress-ingress-nginx-controller-admission ClusterIP 10.0.177.29 <none> 443/TCP 35m
socket-poc ClusterIP 10.0.64.248 <none> 8081/TCP 69m
kubectl describe ingress hello-world-ingress displays like this;
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
Name: hello-world-ingress
Namespace: ingress-basic
Address: 20.93.213.132
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
*
/(.*) socket-poc:8081 (10.244.1.18:8081)
Annotations: kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/ssl-passthrough: true
nginx.ingress.kubernetes.io/use-regex: true
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 19m (x4 over 35m) nginx-ingress-controller Scheduled for sync
Normal Sync 19m (x4 over 35m) nginx-ingress-controller Scheduled for sync
Upvotes: 1
Views: 4322
Answers (1)
killjoy
Reputation: 1052
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" annotaion was missing. 502 error is gone!
Upvotes: 5
Related Questions
- Do not terminate SSL at ingress level for Kubernetes
- How to get Kubernetes Ingress to terminate SSL and proxy to service?
- NGINX Ingress controller, SSL and optional_no_ca
- Kubernetes internal nginx ingress controller with SSL termination & ssl-passthrough
- Configuring end to end SSL using Nginx Ingress controller
- Unable to SSL Pass through Ingress Nginx Controller
- Nginx ingress controller still redirect to SSL
- Unable to use cert-manager and nginx ingress controller with SSL termination
- SSL termination Nginx ingress controller