Kong ingress controller / service protocol cannot be changed to https

Questions
1

Hi there,

This is a probably easy issue but I just couldn’t find anything on the kong ingress controller documentation or code!

It seems that the kong services’ “protocol” attribute created by the ingress controller is being forced to ‘http’, and the port attribute to 80.

{
  "host": "myapp.apps.svc",
  "created_at": 1559149403,
  "connect_timeout": 60000,
  "id": "2d456c10-5918-4bd3-a0ed-b4adcd851414",
  "protocol": "http",
  "name": "apps.myapp.https",
  "read_timeout": 60000,
  "port": 80,
  "path": "/",
  "updated_at": 1559149403,
  "retries": 5,
  "write_timeout": 60000,
  "tags": null,
  "extras": {}
}

I don’t use any service mesh solutions.
My ingress spec does not have a tls section, as I configured kong proxy with the ssl_cert and ssl_cert_key global flag, I expect kong proxy to do ssl termination with a public certificate (which it does), and forward the request to my upstream service through https (my service exposes a private certificate).

My KongIngress associated with my ingress only allows https to be used within the proxy subsection:

apiVersion: configuration.konghq.com/v1
kind: KongIngress
metadata:
  name: myapp
  namespace: apps
upstream:
  hash_on: none
  hash_fallback: none
proxy:
  protocol: https
  path: /
  connect_timeout: 3000
  retries: 3
  read_timeout: 60000
  write_timeout: 60000
route:
  methods:
    - POST
    - GET
    - PATCH
    - GET
    - DELETE
    - OPTIONS
    - HEAD
  regex_priority: 0
  strip_path: false
  preserve_host: true
  protocols:
    - https

If that helps; here is the ingress definition:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: myapp
  namespace: apps
  annotations:
    kubernetes.io/ingress.class: "kong"
    plugins.konghq.com: zipkin
    configuration.konghq.com: myapp
spec:
  rules:
    - host: "mycorp.com"
      http:
        paths:
          - path: /
            backend: myapp
              serviceName: myapp
              servicePort: https

and the service definition:

apiVersion: v1
kind: Service
metadata:
  name: myapp
  namespace: apps
spec:
  ports:
  - name: https
    port: 443
    protocol: TCP
    targetPort: https
  - name: management
    port: 444
    protocol: TCP
    targetPort: management
  selector:
    app: myapp

Could someone tell me if I’m missing something to be able to set the kongservice port and protocol other than 80/http?

Thanks! (edit for formatting)

2

To override service attributes, please annotate the Service object in k8s with the following annotation:
configuration.konghq.com: myapp

Route properties are associated by annotating the Ingress resource while Upstream and Service properties can be overridden by annotating the Service resource in k8s (because those entities in Kong correspond to a service in k8s).

3

Hi

Great that did the trick, maybe it should be better emphasized in the annotations.md doc, as I could only find reference of that within the ingress controller changelog.

Thanks!