0

I have an issue I can't figure out. I have setup Nginx Ingress Controller on my managed k8s cluster. I'm trying to reach an SSL enabled pod behind and it does not work. I have 404 not found from Nginx and the certificate which is presented is the Nginx one. I have deployed the controller using their github repo and the default files following their doc. I have setup a clear http pod for purpose tests and it works. It seems to be related to ssl. I have tried many things to no avail. How can I reach an SSL pod behind nginx ?

Here's the Deployment + service (for the https one) resource I have setup :

apiVersion: apps/v1
kind: Deployment 
metadata:
 name: moulip-https
spec:
 selector:
   matchLabels:
     app: moulip-https
replicas: 2
template:
 metadata:
  labels:
    app: moulip-https
spec:
  containers:
  - name: "wabam" 
    image: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    ports:
    - containerPort: 443
  imagePullSecrets:
  - name: regcrd
---      
apiVersion: v1
kind: Service
metadata:
 name: https-svc
 labels:
   app: moulip-https
spec:
  ports:
  - port: 443
    targetPort: 443
    protocol: TCP
    name: https
selector:
  app: moulip-https

and my Ingress :

apiVersion: extensions/v1beta1 
kind: Ingress
metadata:
  name: ingress
  annotations:
   nginx.ingress.kubernetes.io/secure-backends: "true"
   nginx.ingress.kubernetes.io/ssl-passthrough: "true"
   nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
   nginx.ingress.kubernetes.io/rewrite-target: /
namespace: default
spec:
 rules:
  - host: https.moulip.lan
    http:
     paths:
      - backend:
          serviceName: https-svc
          servicePort: 443
  - host: test.moulip.lan
    http:
     paths:
      - backend:
          serviceName: hostname-svc
          servicePort: 80

Many thanks for any guidance you could provide me with.

Jonas
  • 121,568
  • 97
  • 310
  • 388
moulip
  • 111
  • 1
  • 13

1 Answers1

1

You are missing tls configuration in the ingress. follow sample below

apiVersion: v1
kind: Secret
metadata:
  name: testsecret-tls
  namespace: default
data:
  tls.crt: base64 encoded cert
  tls.key: base64 encoded key
type: kubernetes.io/tls
---

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: tls-example-ingress
spec:
  tls:
  - hosts:
      - sslexample.foo.com
    secretName: testsecret-tls
  rules:
  - host: sslexample.foo.com
    http:
      paths:
      - path: /
        backend:
          serviceName: service1
          servicePort: 80
P Ekambaram
  • 15,499
  • 7
  • 34
  • 59
  • Hi, First of all thanks for your answer. That could work but the servicePort in my case is 443 since it does not accept clear http dialog. Is K8s able to present a certificate and then connect with https to the backend ? – moulip Jul 16 '20 at 15:00
  • you need ssl cert to get https worknig. consider free tls certs from https://letsencrypt.org/ – P Ekambaram Jul 16 '20 at 15:41
  • Yes I know I have to get a certificate. My question is about my backend (service 1 in your example) which is ssl enabled. I don't know if k8s/nginx is able to connect through https to the backend when it "terminates" itself the ssl connection. – moulip Jul 16 '20 at 16:03
  • follow the answer from another thread. It might help but still you need tls certificate to achieve that. https://stackoverflow.com/questions/54459015/how-to-configure-ingress-to-direct-traffic-to-an-https-backend-using-https – P Ekambaram Jul 16 '20 at 17:59
  • Indeed. Many thanks for your time. I'll check this link out. – moulip Jul 16 '20 at 20:07