Hi,
We have deployed a notary server on the EKS cluster for docker image signing.
We are able to connect to the application when port-forwarding to localhost (both, via pod and service).
however, when we are sending DCT(docker content trust commands) via the kong ingress, we receive a http 400 error.
Here is the kong proxy logs:
10.92.112.226 - - [07/Jan/2022:14:21:42 +0000] “GET /v2/xxxxx/xxxxxx/notary-server/notary-mariadb/_trust/tuf/timestamp.json HTTP/1.1” 400 59 “-” “Docker-Client/20.10.7 (darwin)”
10.92.99.93 - - [07/Jan/2022:14:21:43 +0000] “GET /v2/xxxxxxx/xxxxxx/notary-server/notary-mariadb/_trust/tuf/root.json HTTP/1.1” 400 59 “-” “Docker-Client/20.10.7 (darwin)”
Here is how we have created an ingress resource:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
labels:
appkubernetesio/instance: notary
appkubernetesio/managed-by: Helm
appkubernetesio/name: notary-server-deploy
helm.sh/chart: notary-0.0.9
annotations:
kubernetes.io/ingress.class: kong
configuration.konghq.com: ingress-api
name: notary
namespace: notary
spec:
tls:
- hosts:
- xxxxxxxxxx
secretName: xxxxxxxxx
rules:
- xxxxxxxxxx
- host: xxxxxxxxx
http:
paths:- backend:
serviceName: notary-server-svc
servicePort: 4443
path: /
pathType: Prefix
- backend:
apiVersion: configuration.konghq.com/v1
kind: KongIngress
metadata:
name: notary
proxy:
protocol: http
labels:
app: notary
route:
methods:
- POST
- GET
- PUT
- DELETE
- PATCH
- OPTIONS
preserve_host: true
https_redirect_status_code: 302
protocols: - https
regex_priority: 0
strip_path: true
DNS name(host) in the above ingress file points to elb (internal-xxxxxxxxxx.us-east-1.elb.amazonaws.com)
Any help is highly appreciated.