I am trying to set up an ingress to route traffic to https backend services – using the default ingress-nginx controller and backend that comes configured with rke.
I have defined the following Ingress: – exported yaml below
apiVersion: v1
items:
- apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
field.cattle.io/publicEndpoints: ‘[{“addresses”:["",""],“port”:443,“protocol”:“HTTPS”,“serviceName”:“dev:search-api”,“ingressName”:“dev:digital-rke”,“hostname”:“dev-digital-rke.essendant.com”,“path”:"/search-api",“allNodes”:false}]’
creationTimestamp: “2021-02-05T15:56:25Z”
generation: 1
managedFields:- apiVersion: networking.k8s.io/v1beta1
fieldsType: FieldsV1
fieldsV1:
f:spec:
f:rules: {}
f:tls: {}
manager: agent
operation: Update
time: “2021-02-05T15:56:25Z” - apiVersion: networking.k8s.io/v1beta1
fieldsType: FieldsV1
fieldsV1:
f:status:
f:loadBalancer:
f:ingress: {}
manager: nginx-ingress-controller
operation: Update
time: “2021-02-05T15:56:51Z” - apiVersion: extensions/v1beta1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:field.cattle.io/publicEndpoints: {}
manager: rancher
operation: Update
time: “2021-02-05T15:56:51Z”
name: digital-rke
namespace: dev
resourceVersion: “18396532”
selfLink: /apis/extensions/v1beta1/namespaces/dev/ingresses/digital-rke
uid: 315523bc-f324-4fef-8b98-855ba221ceae
spec:
rules: - host: dev-digital-rke.essendant.com
http:
paths:- backend:
serviceName: search-api
servicePort: 8443
path: /search-api
pathType: ImplementationSpecific
tls:
- backend:
- hosts:
-
dev-digital-rke.essendant.com
secretName: dev-digital-rke.essendant.com
status:
loadBalancer:
ingress: - hostname: msnldrke569
- hostname: msnldrke570
kind: List
metadata:
resourceVersion: “”
selfLink: “”
-
dev-digital-rke.essendant.com
- apiVersion: networking.k8s.io/v1beta1
There is a tls secret matching the secretName specified in the tls spec above containing the certificate and key for dev-digital-rke.essendant.com.
The ingress is routing to backend service search-api – exported yaml below:
apiVersion: v1
items:
- apiVersion: v1
kind: Service
metadata:
annotations:
field.cattle.io/publicEndpoints: ‘[{“addresses”:[“msnldrke569”],“port”:32043,“protocol”:“TCP”,“serviceName”:“dev:search-api”,“allNodes”:true}]’
kubectl.kubernetes.io/last-applied-configuration: |
{“apiVersion”:“v1”,“kind”:“Service”,“metadata”:{“annotations”:{},“labels”:{“app”:“search-api”},“name”:“search-api”,“namespace”:“dev”},“spec”:{“ports”:[{“nodePort”:32043,“port”:8443,“protocol”:“TCP”}],“selector”:{“app”:“search-api”},“type”:“NodePort”}}
creationTimestamp: “2020-11-20T21:16:43Z”
labels:
app: search-api
managedFields:- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
f:labels:
.: {}
f:app: {}
f:spec:
f:externalTrafficPolicy: {}
f:ports:
.: {}
k:{“port”:8443,“protocol”:“TCP”}:
.: {}
f:nodePort: {}
f:port: {}
f:protocol: {}
f:targetPort: {}
f:selector:
.: {}
f:app: {}
f:sessionAffinity: {}
f:type: {}
manager: kubectl
operation: Update
time: “2020-11-20T21:16:43Z” - apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
f:field.cattle.io/publicEndpoints: {}
manager: rancher
operation: Update
time: “2020-11-20T21:16:43Z”
name: search-api
namespace: dev
resourceVersion: “216756”
selfLink: /api/v1/namespaces/dev/services/search-api
uid: 131cb294-57d8-44c1-aeb3-cc6068af8f91
spec:
clusterIP: 10.43.178.103
externalTrafficPolicy: Cluster
ports: - nodePort: 32043
port: 8443
protocol: TCP
targetPort: 8443
selector:
app: search-api
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}
kind: List
metadata:
resourceVersion: “”
selfLink: “”
- apiVersion: v1
The service works as NodePort calling the nodes on the specified NodePort.
However when trying to access via the Ingress… – get the following error…
Bad Request
This combination of host and port requires TLS.
Not sure what I am doing wrong, is there more config I need to do in the Ingress Controller?