Kubernetes Nginx Ingress can connect to https pods?

4/23/2020

I have three pods with HTTPS servers inside. I used to acces them via NodePort services. Now I deployed a Nginx Ingress to have them all in one IP. I have noticed that the Nginx Ingress can't connect with an HTTPS server in a pod, but it connects perfectly if I change it to HTTP.

How can I make the Ingress connect with HTTPS servers in pods?

I have tried to configure a tls secret, and add it to the Ingress:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: k8s-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/proxy-ssl-secret: cert 

spec:
  rules:
  - http:
      paths:
        - path: /api-rest
          backend:
            serviceName: api-rest
            servicePort: 8080
        - path: /auth
          backend:
            serviceName: auth-entry
            servicePort: 8080

It didn't work. I still got an 503 Service Temporarily Unavailable

I have read about SSL Passthrough but I can't make it work either.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: k8s-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"

spec:
  rules:
  - http:
      paths:
        - path: /api-rest
          backend:
            serviceName: api-rest
            servicePort: 8080
        - path: /auth
          backend:
            serviceName: auth-entry
            servicePort: 8080

Still the same 503.

-- Manu Ruiz Ruiz
kubernetes
nginx
nginx-ingress

1 Answer

4/23/2020

From the docs here you need to add this annotation

nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"

Using backend-protocol annotations is possible to indicate how NGINX should communicate with the backend service. (Replaces secure-backends in older versions) Valid Values: HTTP, HTTPS, GRPC, GRPCS and AJP

By default NGINX uses HTTP

-- Arghya Sadhu
Source: StackOverflow