问题
I have three pods with HTTPS servers inside. I used to acces them via NodePort services. Now I deployed a Nginx Ingress to have them all in one IP. I have noticed that the Nginx Ingress can't connect with an HTTPS server in a pod, but it connects perfectly if I change it to HTTP.
How can I make the Ingress connect with HTTPS servers in pods?
I have tried to configure a tls secret, and add it to the Ingress:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: k8s-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-ssl-secret: cert
spec:
rules:
- http:
paths:
- path: /api-rest
backend:
serviceName: api-rest
servicePort: 8080
- path: /auth
backend:
serviceName: auth-entry
servicePort: 8080
It didn't work. I still got an 503 Service Temporarily Unavailable
I have read about SSL Passthrough but I can't make it work either.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: k8s-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
spec:
rules:
- http:
paths:
- path: /api-rest
backend:
serviceName: api-rest
servicePort: 8080
- path: /auth
backend:
serviceName: auth-entry
servicePort: 8080
Still the same 503.
回答1:
From the docs here you need to add this annotation
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
Using backend-protocol annotations is possible to indicate how NGINX should communicate with the backend service. (Replaces secure-backends in older versions) Valid Values: HTTP, HTTPS, GRPC, GRPCS and AJP
By default NGINX uses HTTP
来源:https://stackoverflow.com/questions/61382853/kubernetes-nginx-ingress-can-connect-to-https-pods