I am trying to connect Kong Ingress to an External upstream service which is protected with MTLS but getting below error -
400 Bad Request - No required SSL certificate was sent
I have set below annotations in the ExternalName service -
konghq.com/protocol: https
konghq.com/cert: kong-upstream-tls-secret
When I apply this service yaml I see below error in logs -
level=error msg=“failed to update kong configuration: 1 errors occurred:\n\twhile processing event: {Update} service kong.external-service.443 failed: HTTP status 400 (message: "the foreign key ‘{id=\"d09d3568-8e1e-4de9-b1de-8241ac647cd8\"}’ does not reference an existing ‘certificates’ entity.")\n” component=controller
I have already created a K8s TLS secret with cert and key. Do I need to create the cert through Admin API and refer the cert id in service annotation or is there any other way to fix this?
This connection works when I set below environment variables for all the services -
nginx_proxy_proxy_ssl_certificate: /etc/secrets/kong-upstream-tls-secret/cert.pem
nginx_proxy_proxy_ssl_certificate_key: /etc/secrets/kong-upstream-tls-secret/key.pem
But when I try to implement this for per service then getting failures. I am referring to the docs from this link.
I am using Kong version 2.4 with ingressController version 1.2.