Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to perform SSL termination on ELB #601

Closed
vmalloc opened this issue Jun 24, 2019 · 3 comments
Closed

Unable to perform SSL termination on ELB #601

vmalloc opened this issue Jun 24, 2019 · 3 comments

Comments

@vmalloc
Copy link

vmalloc commented Jun 24, 2019

I'm trying to deploy nginx-ingress where the AWS load balancer performs the SSL termination (I need that because my certs are stored on ACM), and then forward traffic to the nginx controller. How am I supposed to deploy this kind of setup?

What I did so far is set up an overrides file:

controller:
  service:
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: <CERT ARN>
      service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
      service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"

And then install nginx-ingress:

helm install -f overrides.yml stable/nginx-ingress

From what I can gather, this causes ELB to send cleartext requests to the controller, causing an 400 error...

This is my ingress resource:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: myapp-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
    - http:
        paths:
          - backend:
              serviceName: myapp-service
              servicePort: 80
            path: /

How can I make this work? Is there a better scheme for deploying nginx-ingress with ACM-issued certificates?
Thanks in advance!
@pleshakov
Copy link
Contributor

@vmalloc

helm install -f overrides.yml stable/nginx-ingress

it seems that you're using the NGINX Ingress Controller from this repo https://github.com/kubernetes/ingress-nginx, which is a different project. The differences are described here -- https://github.com/nginxinc/kubernetes-ingress/blob/master/docs/nginx-ingress-controllers.md If this is the case, please consider creating an issue in that repo. The helm chart of this Ingress Controller is documented in https://github.com/nginxinc/kubernetes-ingress/tree/v1.5.0/deployments/helm-chart

Regarding 400 responses. It might be related to this issue #548 Could you try to configure the controller.service.httpsPort.targetPort parameter to be https.

Also, note that the Ingress resource you attached doesn't include the host field, so it will not work.

@vmalloc
Copy link
Author

vmalloc commented Jun 24, 2019

Oops, now I feel extra stupid. Ok, I'll try again from scratch and make sure I'm using this repo then -- it's probably the cause for the confusion...

Thanks and sorry for wasting your time

@vmalloc vmalloc closed this as completed Jun 24, 2019
@pleshakov
Copy link
Contributor

@vmalloc No problem!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vmalloc @pleshakov