Hello,
I’m trying to get the kong ingress working in Kubernetes and I’m encountering this peculiarity with the db-less Kubernetes-only config.
We’re exposing nodePort 30256 as follows:
apiVersion: v1
kind: Service
metadata:
annotations:
name: kong-proxy
namespace: kong4k8s
spec:
ports:
- name: proxy
port: 80
protocol: TCP
targetPort: 8000
nodePort: 30264 - name: proxy-ssl
port: 443
protocol: TCP
targetPort: 8443
nodePort: 30265
selector:
app: ingress-kong
type: NodePort
When I do this, I get an error going to any URL being serviced by this ingress:
400 Bad Request
The plain HTTP request was sent to HTTPS port
When I switch the 30265 nodePort to the non-ssl proxy as such:
apiVersion: v1
kind: Service
metadata:
annotations:
name: kong-proxy
namespace: kong4k8s
spec:
ports:
- name: proxy
port: 80
protocol: TCP
targetPort: 8000
nodePort: 30265 - name: proxy-ssl
port: 443
protocol: TCP
targetPort: 8443
nodePort: 30264
selector:
app: ingress-kong
type: NodePort
My webpages start loading correctly again. HOWEVER, it still seems like internally they’re being non-http somehow? I know this because I have an app that dumps all headers, and the X-Forwarded-Port is 80. I also see redirect_uri’s reflecting “http” URLs.
I am hitting my app on https via my browser all the time, so I don’t know where the non-https thing lies in this whole flow. My suspicions are it’s to do with the “proxy” vs “proxy-ssl” in my config. I’d suspect I want “proxy-ssl” to be the thing servicing the nodePort of 30265, but like I said, when I do, I get the 400 error.
What am I doing wrong here, aside from choosing IT as a career path?