Let's imagine I have a simple website and I want to run it on Kubernetes. Website should listen HTTP and HTTPS protocols.
In Kubernetes I've set up for it deployment, service and ingress. If I try only port 80, everything works well, but If I want to extend it with HTTPS, everything fails and I'm receiving 404 error from ingress controller. HTTPS traffic should be forwarded directly to backend. How can I do it?
I tried to extend my ingress controller daemon set with --enable-ssl-passthrough=true option (directly in Daemon Set config), but then ingress controller's pod didn't start. I found article in the Internet, that to enable --enable-ssl-passthrough, ingress controller should be installed with that flag: see this page. By the way, how can I "install" ingress controller with that flag?
I tried to add 80 and 443 ports in ingress rules, but without success too.
Kubernetes: v1.14.3 Ingress controller: documentation
Please see my service and ingress:
apiVersion: v1
kind: Service
metadata:
name: {{ container_service_ingress }}-service
labels:
cms: "{{ cms }}"
namespace: "default"
spec:
selector:
website: "{{ domain }}"
cms: "{{ cms }}"
ports:
- name: http
port: 80
- name: https
port: 443
type: NodePort
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ container_service_ingress }}-ingress
# I tried this annotation, but it didn't help:
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
labels:
website: "{{ domain }}"
spec:
rules:
- host: {{ domain }}
http:
paths:
- backend:
serviceName: {{ container_service_ingress }}-service
servicePort: 80
- backend:
serviceName: {{ container_service_ingress }}-service
servicePort: 443
And in this case ingress controller can't start as it says about duplicated location "/" in config file
Can someone help me with it?
apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: tls-ingress spec: tls: - hosts: - ssl.example.com secretName: test-tls rules: - host: ssl.example.com http: paths: - path: / backend: serviceName: service1 servicePort: 80
You need to use the tls section to achieve your requirement.