How to set up ingress in Kubernetes for http and https backend

7/18/2019

Let's imagine I have a simple website and I want to run it on Kubernetes. Website should listen HTTP and HTTPS protocols.

In Kubernetes I've set up for it deployment, service and ingress. If I try only port 80, everything works well, but If I want to extend it with HTTPS, everything fails and I'm receiving 404 error from ingress controller. HTTPS traffic should be forwarded directly to backend. How can I do it?

I tried to extend my ingress controller daemon set with --enable-ssl-passthrough=true option (directly in Daemon Set config), but then ingress controller's pod didn't start. I found article in the Internet, that to enable --enable-ssl-passthrough, ingress controller should be installed with that flag: see this page. By the way, how can I "install" ingress controller with that flag?

I tried to add 80 and 443 ports in ingress rules, but without success too.

Kubernetes: v1.14.3 Ingress controller: documentation

Please see my service and ingress:

apiVersion: v1
kind: Service
metadata:
  name: {{ container_service_ingress }}-service
  labels:
    cms: "{{ cms }}"
    namespace: "default"
spec:
  selector:
    website: "{{ domain }}"
    cms: "{{ cms }}"
  ports:
    - name: http
      port: 80
    - name: https
      port: 443
  type: NodePort

---

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: {{ container_service_ingress }}-ingress
# I tried this annotation, but it didn't help:
  annotations:
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
  labels:
    website: "{{ domain }}"
spec:
  rules:
  - host: {{ domain }}
    http:
      paths:
      - backend:
          serviceName: {{ container_service_ingress }}-service
          servicePort: 80
      - backend:
          serviceName: {{ container_service_ingress }}-service
          servicePort: 443

And in this case ingress controller can't start as it says about duplicated location "/" in config file

Can someone help me with it?

-- Vitalii
kubernetes-ingress
kubernetes-service
nginx-ingress

1 Answer

7/23/2019

apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: tls-ingress spec: tls: - hosts: - ssl.example.com secretName: test-tls rules: - host: ssl.example.com http: paths: - path: / backend: serviceName: service1 servicePort: 80

You need to use the tls section to achieve your requirement.

-- Dhevasenapathi S
Source: StackOverflow