1

I have problems implementing the nginx ingress with tls termination with my AKS cluster. I managed to make it work without tls.

In the following my ingress.yml:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingresswebapi
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"    
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  tls:
  - secretName: aks-ingress-tls
  rules:
  - http:
      paths:
      - backend:
          serviceName: webapi
          servicePort: 443
        path: /

the loadbalancer is installed through helm chart (https://learn.microsoft.com/en-us/azure/aks/ingress-tls), with the option --set controller.extraArgs.enable-ssl-passthrough=""

my cluster runs k8s 1.15.5

I am also not able to access my pod with https termination within the cluster itself (through another pod). Is there any option that I am missing for allowing https communication?

Also, once I deploy my helm chart with static IP, my public IP resource loses the custom DNS (the usual xxxx.location.cloudapp.azure.com). Must I assign forcefully a different one?

4c74356b41
  • 69,186
  • 6
  • 100
  • 141
Neo
  • 448
  • 7
  • 18
  • this doesnt make a lot of sense, you want the pod to terminate SSL not the ingress? also, what does `I am also not able to access my pod with https termination within the cluster itself` mean? If it doesnt work inside the cluster why would work when you access it from outside of the cluster? – 4c74356b41 Feb 20 '20 at 17:46
  • hi, I would like the certificates to be transferred to the pod. This is also what I would expect from the ssl-passthrough option of the ingress. About my internal test, I would indeed expect it to work, since it works when I run it locally. In the end I also explicitly mentioned in order to find if I have some other problem within my cluster itself – Neo Feb 21 '20 at 08:06

0 Answers0