HTTPS backend protocol in Ingress

tanvir_av · November 24, 2020, 11:13am

My microservices use https to communicate and the ingress communicates via http to them.

I’ve already tried adding the Kong-ingress and it doesn’t work (yaml attached below)

I have 2 questions

How do I make sure Kong uses https to communicate with my microservices? In the official K8s ingress, I just an annotation called : nginx.ingress.kubernetes.io/backend-protocol : "HTTPS"
How do I enforce HTTP 1.1 instead of HTTP 2?

apiVersion: configuration.konghq.com/v1
kind: KongIngress
metadata:
  name: kong-ingress-configuration
upstream:
  slots: 10
  hash_on: none
  hash_fallback: none
  healthchecks:
    threshold: 25
    active:
      concurrency: 10
      healthy:
        http_statuses:
        - 200
        - 302
        interval: 0
        successes: 0
      http_path: "/api"
      timeout: 1
      unhealthy:
        http_failures: 0
        http_statuses:
        - 429
        interval: 0
        tcp_failures: 0
        timeouts: 0
    passive:
      healthy:
        http_statuses:
        - 200
        successes: 0
      unhealthy:
        http_failures: 0
        http_statuses:
        - 429
        - 503
        tcp_failures: 0
        timeouts: 0
proxy:
  protocol: https

SamuelTJackson · November 24, 2020, 2:08pm

You should specify at your service

    annotations:
        konghq.com/protocol: "https"

tanvir_av · November 24, 2020, 2:22pm

Wait, this is supposed to be specified in the service of the application?

I’ve specified this in the ingress yaml already and its still accessing the application with http

SamuelTJackson · November 25, 2020, 3:45pm

I’m not so experienced with kong. But I’m using kong with apache nifi and nifi only accepts https connection if you want to use authentication. And to make this work I used this annotation on the nifi service.

tanvir_av · November 25, 2020, 8:01pm

so Nifi has a normal kubernetes service (by that I mean kind: Service)

You’ve just added the konghq.com/protocol: "https" annotation to the metadata of this service.

Am I right in understanding?

SamuelTJackson · November 26, 2020, 8:40am

thats right. here how the service looks like:

apiVersion: v1
kind: Service
metadata:
  name: {{ include "nifi.fullname" . }}-node
  labels:
    {{- include "nifi.labels" . | nindent 4 }}
  annotations:
    konghq.com/protocol: "https"
spec:
  type: {{ .Values.nifi.service.type }}
  ports:
    - port: {{ .Values.nifi.service.port }}
      targetPort: https
      protocol: TCP
      name: https
  selector:
    {{- include "nifi.selectorLabels" . | nindent 4 }}

thats all I had to do

tanvir_av · November 26, 2020, 8:42am

Alright! I’ll give this a try. Thanks!

tanvir_av · November 27, 2020, 2:59pm

@SamuelTJackson This worked! Thank you so much!

Topic		Replies	Views
Ingress can't use HTTPS as backend protocol Questions kubernetes	5	1480	November 25, 2020
How to use https when sending trafic to pods Questions kubernetes	2	810	September 24, 2020
Kong removes https when sending request to upsteam service Questions kubernetes	2	681	March 1, 2021
KIC HTTPS Upstream problem Questions	0	184	September 28, 2023
Kong ingress controller / service protocol cannot be changed to https Questions kubernetes	2	821	June 12, 2019

HTTPS backend protocol in Ingress

Related topics