Kubernetes Ingress Controller , AWS Certificate , gives 400 bad resposne error

Hi Im new to Kong Ingress Controller

The configuration was working without HTTPS, in Kubernetes Cluster (EKS)
but when HTTPS was enabled, its returns the following error

     400 Bad Request
    The plain HTTP request was sent to HTTPS port

Error getting generated form Kong , not from ELB

Certificate used is generated form Aws Certificate manager

Kong was deployed using Helm with following params

  http:
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https
      service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600"
      service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: [Certificate ARN]
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: 443

Any Idea ?

Do you see the same issue if you bypass the load balancer using a port-forward?

Offhand, the only odd thing I see is that you have that configuration under the http block. The HTTP and HTTPS proxy listens are configured independently and the http block handles the latter. That’s not the exact error I’d expect in that scenario, but it’s close enough that it warrants review. You’ll want to place your HTTPS configuration in the https block and send traffic from your client to that servicePort on the load balancer.

If that’s not helping, or you intend to handle HTTPS termination at the LB level (in which case you would place that configuration under the http block), can you provide the complete proxy block from values.yaml and output from a curl request to the route in question? I’m unsure what else has been changed from the default, but that error is a bit odd since it shouldn’t happen if the service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https is being handled correctly, so it will help to see more of the issue in context to try and spot what’s going on.


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ