Issue getting Ingress working w/TLS on rke v1.1.9 (k8s v1.18.9)

I am trying to set up an ingress to route traffic to https backend services – using the default ingress-nginx controller and backend that comes configured with rke.

I have defined the following Ingress: – exported yaml below

apiVersion: v1
items:

  • apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
    annotations:
    field.cattle.io/publicEndpoints: ‘[{“addresses”:["",""],“port”:443,“protocol”:“HTTPS”,“serviceName”:“dev:search-api”,“ingressName”:“dev:digital-rke”,“hostname”:“dev-digital-rke.essendant.com”,“path”:"/search-api",“allNodes”:false}]’
    creationTimestamp: “2021-02-05T15:56:25Z”
    generation: 1
    managedFields:
    • apiVersion: networking.k8s.io/v1beta1
      fieldsType: FieldsV1
      fieldsV1:
      f:spec:
      f:rules: {}
      f:tls: {}
      manager: agent
      operation: Update
      time: “2021-02-05T15:56:25Z”
    • apiVersion: networking.k8s.io/v1beta1
      fieldsType: FieldsV1
      fieldsV1:
      f:status:
      f:loadBalancer:
      f:ingress: {}
      manager: nginx-ingress-controller
      operation: Update
      time: “2021-02-05T15:56:51Z”
    • apiVersion: extensions/v1beta1
      fieldsType: FieldsV1
      fieldsV1:
      f:metadata:
      f:annotations:
      .: {}
      f:field.cattle.io/publicEndpoints: {}
      manager: rancher
      operation: Update
      time: “2021-02-05T15:56:51Z”
      name: digital-rke
      namespace: dev
      resourceVersion: “18396532”
      selfLink: /apis/extensions/v1beta1/namespaces/dev/ingresses/digital-rke
      uid: 315523bc-f324-4fef-8b98-855ba221ceae
      spec:
      rules:
    • host: dev-digital-rke.essendant.com
      http:
      paths:
      • backend:
        serviceName: search-api
        servicePort: 8443
        path: /search-api
        pathType: ImplementationSpecific
        tls:
    • hosts:

There is a tls secret matching the secretName specified in the tls spec above containing the certificate and key for dev-digital-rke.essendant.com.

The ingress is routing to backend service search-api – exported yaml below:

apiVersion: v1
items:

  • apiVersion: v1
    kind: Service
    metadata:
    annotations:
    field.cattle.io/publicEndpoints: ‘[{“addresses”:[“msnldrke569”],“port”:32043,“protocol”:“TCP”,“serviceName”:“dev:search-api”,“allNodes”:true}]’
    kubectl.kubernetes.io/last-applied-configuration: |
    {“apiVersion”:“v1”,“kind”:“Service”,“metadata”:{“annotations”:{},“labels”:{“app”:“search-api”},“name”:“search-api”,“namespace”:“dev”},“spec”:{“ports”:[{“nodePort”:32043,“port”:8443,“protocol”:“TCP”}],“selector”:{“app”:“search-api”},“type”:“NodePort”}}
    creationTimestamp: “2020-11-20T21:16:43Z”
    labels:
    app: search-api
    managedFields:
    • apiVersion: v1
      fieldsType: FieldsV1
      fieldsV1:
      f:metadata:
      f:annotations:
      .: {}
      f:kubectl.kubernetes.io/last-applied-configuration: {}
      f:labels:
      .: {}
      f:app: {}
      f:spec:
      f:externalTrafficPolicy: {}
      f:ports:
      .: {}
      k:{“port”:8443,“protocol”:“TCP”}:
      .: {}
      f:nodePort: {}
      f:port: {}
      f:protocol: {}
      f:targetPort: {}
      f:selector:
      .: {}
      f:app: {}
      f:sessionAffinity: {}
      f:type: {}
      manager: kubectl
      operation: Update
      time: “2020-11-20T21:16:43Z”
    • apiVersion: v1
      fieldsType: FieldsV1
      fieldsV1:
      f:metadata:
      f:annotations:
      f:field.cattle.io/publicEndpoints: {}
      manager: rancher
      operation: Update
      time: “2020-11-20T21:16:43Z”
      name: search-api
      namespace: dev
      resourceVersion: “216756”
      selfLink: /api/v1/namespaces/dev/services/search-api
      uid: 131cb294-57d8-44c1-aeb3-cc6068af8f91
      spec:
      clusterIP: 10.43.178.103
      externalTrafficPolicy: Cluster
      ports:
    • nodePort: 32043
      port: 8443
      protocol: TCP
      targetPort: 8443
      selector:
      app: search-api
      sessionAffinity: None
      type: NodePort
      status:
      loadBalancer: {}
      kind: List
      metadata:
      resourceVersion: “”
      selfLink: “”

The service works as NodePort calling the nodes on the specified NodePort.

However when trying to access via the Ingress… – get the following error…

Bad Request
This combination of host and port requires TLS.

Not sure what I am doing wrong, is there more config I need to do in the Ingress Controller?