Can you set backend-protocol per rule in k8s nginx ingress?

1/15/2020

I have a kubernetes cluster setup with two services set up.

Service1 links to Deployment1 and Service2 links to Deployment2.

Deployment1 serves pods which can only be connected to using http.

Deployment2 serves pods which can only be connected to using https.

Using kubectl port-forward and exec'ing into pods I know the services and deployments are responding as they should, connectivity internally between the services is working fine.

I have an nginx ingress setup to allow external connections to both services. The services should only be connected to using https and any incoming connections that are http need to be redirected to https. Here is the ingress setup:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: master-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    cert-manager.io/cluster-issuer: "letsencrypt-production"
spec:
  tls:
    - secretName: tls-secret-one
      hosts:
      - service1.domain.com
      - service2.domain.com
  rules:
    - host: "service1.domain.com"
      http:
        paths:
          - path: /
            backend:
              serviceName: service1
              servicePort: 60001
    - host: "service2.domain.com"
      http:
        paths:
          - path: /
            backend:
              serviceName: service2
              servicePort: 60002

Here is the problem. With this yaml I can connect to service1 (http backend) with no issues but connecting to service2 (https backend) results in a 502 Bad Gateway.

If I add the annotation ' nginx.ingress.kubernetes.io/backend-protocol: "https" ' the connectivity switches. I can no longer connect to service1 (http backend) but can connect to service2 (https backend)

I can understand why the switch does this, but my question is:

Can you set the backend-protocol per rule in an nginx-ingress ?

-- solo1977
http
https
kubernetes
nginx

1 Answer

1/15/2020

It's not possible to set backend protocol per rule in a single ingress. To achieve what you want you can create two different ingress one for service1 and another one for service2 and annotate the ingress for service1 with http and ingress for service2 with https.

-- Arghya Sadhu
Source: StackOverflow