aws-load-balancer-controller icon indicating copy to clipboard operation
aws-load-balancer-controller copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

backend-protocol: HTTPS not working

Open matej-basic opened this issue 3 years ago • 2 comments

Describe the bug I am trying to create an ingress that will forward HTTPS traffic to my pods, as the idea of the deployment is to have HTTPS all the way from pods to the client. When using alb.ingress.kuberentes.io/backend-protocol: HTTPS, the target groups are still configured as HTTP. alb.ingress.kubernetes.io/healthcheck-protocol: HTTPS works properly, as well as the alb.ingress.kubernetes.io/healthcheck-port

Steps to reproduce

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: namespace: hackerchat name: hackerchat-ingress annotations: alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/target-type: ip alb.ingress.kubernetes.io/certificate-arn: "cert-arn" alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]' alb.ingress.kubernetes.io/ssl-redirect: "443" alb.ingress.kuberentes.io/backend-protocol: HTTPS alb.ingress.kubernetes.io/healthcheck-protocol: HTTPS alb.ingress.kubernetes.io/healthcheck-port: traffic-port spec: ingressClassName: alb rules: - host: hackerhcat.ml http: paths: - path: /api/users/signup pathType: Exact backend: service: name: auth-cip port: number: 3000 - path: /api/users/signin pathType: Exact backend: service: name: auth-cip port: number: 3000 - path: /api/users/signout pathType: Exact backend: service: name: auth-cip port: number: 3000 - path: /api/users/currentuser pathType: Exact backend: service: name: auth-cip port: number: 3000 - path: /api/websocket/connect pathType: Exact backend: service: name: websocket-cip port: number: 3000 - path: / pathType: Prefix backend: service: name: frontend-cip-https port: number: 443

Is there anything I'm missing in my ingress configuration?

Environment AWS Load Balancer controller version 1.4.1 Kubernetes version 1.22

matej-basic avatar Jul 15 '22 09:07 matej-basic

@matej-basic, did the controller create an HTTPS listener on your ALB as well? Do you see the SSL redirect configuration on your HTTP listener? Please share the model generated by the controller for your ingress, you can get it from the controller logs.

kishorj avatar Jul 15 '22 17:07 kishorj

@matej-basic, any updates?

kishorj avatar Aug 09 '22 16:08 kishorj

@matej-basic, I'm closing the issue for now. If the issue still persists, feel free to reach out to us.

kishorj avatar Aug 24 '22 22:08 kishorj