How can I enable nginx ingress to support end-to-end TLS connection without passthrough. The Ingress LoadBalancer is allowed with PublicCA and backend servers are also running on TLS port with PrivateCA
The following ingress definition will do the TLS offloading with the Public certificate installed on the Edge.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: wbqgdimtzx
namespace: default
spec:
rules:
- host: 0cloud0.com
http:
paths:
- backend:
serviceName: wbqgdimtzx
servicePort: 443
path: /
tls:
- hosts:
- 0cloud0.com
secretName: 0cloud0-wildcard-certs
status:
loadBalancer:
ingress:
- {}
The backend pods are running on secure port where plain text connection is not allowed for security reasons.
What upstream changes do I need to do in the nginx ingress to support the end-to-end setting?
Based on Amit Response added
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
It worked https://cunkexvoxu.0cloud0.com/
Based on @Amit Kumar Gupta comment, I am posting this as community wiki for better visibility.
As OP in his YAML specified backend with servicePort: 443
and tls
, however it was not enought to ensure secure end2end connection. NGINX as default is using HTTP
. If you want to reach your service only as HTTPS
you have to add annotation to Ingress
YAML.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: wbqgdimtzx
namespace: default
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
...