K8s Ingress with one http and one https backend

2/23/2021

I've got a K8s ingress and one http and one https backend.

browser -> https -> ingress -> http -> sonarqube

browser -> https -> ingress -> https -> unifi controller

If I'm using this config:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: '0'
  name: ingress-test
spec:
  rules:
    - host: sonar.app.singel.home
      http:
        paths:
          - backend:
              service:
                name: sonar-service
                port:
                  number: 9000
            path: /
            pathType: Prefix
    - host: unifi.app.singel.home
      http:
        paths:
          - backend:
              service:
                name: unifi-controller
                port:
                  number: 8443
            path: /
            pathType: Prefix

Then the http backend will work (sonarQube), and the https backend will not. Now if I add the annotation:

nginx.ingress.kubernetes.io/backend-protocol: HTTPS

Then the https backend will work (unifi controller), and the http backend will not.

I guess I want the annotation to only apply to one of the rules, but I'm not sure this is possible?

-- Flores
kubernetes
kubernetes-ingress
nginx-ingress

2 Answers

2/25/2021

My assumption was that you can have only one ingress config. But you can have multiple. So the solution is to create two configs and load these, each with their own annotation. Like so:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
  name: ingress-1
spec:
  rules:
    - host: unifi.app.singel.home
      http:
        paths:
          - backend:
              service:
                name: unifi-controller
                port:
                  number: 8443
            path: /
            pathType: Prefix
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: '0'
  name: ingress-2
spec:
  rules:
    - host: sonar.app.singel.home
      http:
        paths:
          - backend:
              service:
                name: sonar-service
                port:
                  number: 9000
            path: /
            pathType: Prefix
-- Flores
Source: StackOverflow

2/23/2021

You can use the tls as said in k8s doc

For ex:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: '0'
  name: ingress-test
spec:
  tls:
  - hosts:
    - sonar.app.singel.home
    secretName: test-tls
  rules:
    - host: sonar.app.singel.home
      http:
        paths:
          - backend:
              service:
                name: sonar-service
                port:
                  number: 9000
            path: /
            pathType: Prefix
-- Sahadat Hossain
Source: StackOverflow