I set up a kubernetes cluster in AWS using KOPS; now I want to set up an NGINX ingress controller and terminate TLS with AWS managed certificate. The topology in my understanding is AWS ELB is facing the internet and terminates TLS, forwards unencrypted to ingress service which then does dispatches.
I've deployed ingress controller from https://github.com/kubernetes/ingress/tree/master/examples/aws/nginx
Except I used annotations as described on top of https://github.com/kubernetes/ingress/issues/71 to add the certificate.
I add the route to Route53 and open my browser to https address and get a 400 response from NGINX with message "The plain HTTP request was sent to HTTPS port"
What am I doing wrong?
This is my ingress resource:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: dispatcher
namespace: test
spec:
rules:
- host: REDACTED
http:
paths:
- backend:
serviceName: REDACTED
servicePort: 80
path: /api/v0
By default, the NGINX Ingress controller will listen to all the ingress events from all the namespaces and add corresponding directives and rules into the NGINX configuration file. This makes it possible to use a centralized routing file which includes all the ingress rules, hosts, and paths.
SSL termination describes the transition process when data traffic becomes encrypted and unencrypted. This happens at the server end of a secure socket layer (SSL) connection.
I managed to get this done largely using the ingress here: https://github.com/kubernetes/kops/tree/master/addons/ingress-nginx except for the ingress service I added service.beta.kubernetes.io/aws-load-balancer-ssl-cert
annotation pointing to my certificate ARN and set targetPort
of both the ports to 80
https://github.com/kubernetes/ingress/tree/master/controllers/nginx#https
TL;DR
1) create a secret with your ssl public/private in your namespace
2) add the tls block to your ingress (referencing the secret)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With