Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I make an ingress forward to an ssl port(443) if https traffic

Tags:

kubernetes

kubernetes-ingress

nginx-ingress

How does an ingress forward https traffic to port 443 of the service(eventually to 8443 on my container)? Do I have to make any changes to my ingress or is this done automatically.

On GCP, I have a layer 4 balancer -> nginx-ingress controller -> ingress

My ingress is:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-keycloak
  annotations:
    kubernetes.io/ingress.class: "nginx"
    certmanager.k8s.io/issuer: "letsencrypt-prod"
    certmanager.k8s.io/acme-challenge-type: http01


spec:
  tls:
  - hosts:
    - mysite.com
    secretName: staging-iam-tls
  rules:
  - host: mysite.com
    http:
      paths:
      - path: /auth
        backend:
          serviceName: keycloak-http
          servicePort: 80

I searched online but I don't see explicit examples of hitting 443. It's always 80(or 8080)

My service keycloak-http is(elided and my container is actually listening at 8443) 

apiVersion: v1
kind: Service
metadata:
  creationTimestamp: 2019-05-15T12:45:58Z
  labels:
    app: keycloak
    chart: keycloak-4.12.0
    heritage: Tiller
    release: keycloak
  name: keycloak-http
  namespace: default
 ..
spec:
  clusterIP: ..
  externalTrafficPolicy: Cluster
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: http
  - name: https
    port: 443
    protocol: TCP
    targetPort: 8443
  selector:
    app: keycloak
    release: keycloak
  sessionAffinity: None
  type: NodePort
status:
  loadBalancer: {}
like image 374
RAbraham Avatar asked Dec 22 '22 23:12

RAbraham

1 Answers

Try this:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-keycloak
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    certmanager.k8s.io/issuer: "letsencrypt-prod"
    certmanager.k8s.io/acme-challenge-type: http01
spec:
  tls:
  - hosts:
    - mysite.com
    secretName: staging-iam-tls
  rules:
  - host: mysite.com
    http:
      paths:
      - path: /auth
        backend:
          serviceName: keycloak-http
          servicePort: 443
like image 51
Vasili Angapov Avatar answered Dec 28 '22 12:12

Vasili Angapov
Sign in to Comment

Related questions

Kubernetes: Node vs Hosts vs Cluster terminology
kubernetes isn't overriding environment variables that were set in the Dockerfile
Why doesn't kubectl bash completion work on macOS/OS X?
Routing traffic to kubernetes cluster
Kubernetes Worker Node in Status NotReady
why is Kuberenetes kubeadm init command unable to pull the images from the repository k8s.gcr.io
kubectl exec failed with "container <command> is not valid for pod <pod_name>"
embeding conf files into helm chart
What's the difference between Kubernetes and Kubernetes Engine?
What is the advantage of in each deploy, building a new docker image containing the application instead of just updating the application?
Kubernetes: How to implement a Network ResourceQuota
curl: (7) Failed to connect to 192.168.99.100 port 31591: Connection refused
ImagePullBackOff error in Kubernetes while pulling docker images from private dockerhub registry
Is it possible to change subnet in Azure AKS deployment?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!