I have two environments of kubernetes which use a ingress as a proxy to redirect request to serve the statics (front) and back-end rest services.
Such requests can be accessed by two host URLs in one of the environments (one host has a tls cert secret configured) and in the other environment, I don't have any tls secret configured and it only can be accessed by one host URL
In the first environment (Only one host and without TLS secret) I have the following:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/proxy-connect-timeout: "70"
nginx.ingress.kubernetes.io/proxy-read-timeout: "1000"
nginx.ingress.kubernetes.io/proxy-send-timeout: "1000"
nginx.ingress.kubernetes.io/rewrite-target: /$1
creationTimestamp: "XXXX"
generation: 9
labels:
app: myapp
chart: myapp-0.1.0
heritage: Helm
release: myapp-ingress
name: myapp-ingress
namespace: myapp-namespace
resourceVersion: "25745018"
selfLink: /apis/extensions/v1beta1/namespaces/my-app-namespace/ingresses/my-app-ingress
uid: 34c3d902-1517
spec:
rules:
- host: hostOne
http:
paths:
- backend:
serviceName: myapp-front
servicePort: 8080
path: /(.*)
- backend:
serviceName: myapp-backend
servicePort: 8080
path: /myappapi/(.+)
tls:
- hosts:
- hostOne
status:
loadBalancer:
ingress:
- {}
in this one I can perfectly make request through HTTP and everything works fine. For HTTPS request I get an SSLExcepcion because the cert is not installed in the client (This is normal and obvious)
In the second cluster I have TLS secret and two hosts URL:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/proxy-connect-timeout: "70"
nginx.ingress.kubernetes.io/proxy-read-timeout: "1000"
nginx.ingress.kubernetes.io/proxy-send-timeout: "1000"
nginx.ingress.kubernetes.io/rewrite-target: /$1
creationTimestamp: "XXXX"
generation: 9
labels:
app: myapp
chart: myapp-0.1.0
heritage: Helm
release: myapp-ingress
name: myapp-ingress
namespace: myapp-namespace
resourceVersion: "25745018"
selfLink: /apis/extensions/v1beta1/namespaces/my-app-namespace/ingresses/my-app-ingress
uid: 34c3d902-1517
spec:
rules:
- host: hostOne
http:
paths:
- backend:
serviceName: myapp-front
servicePort: 8080
path: /(.*)
- backend:
serviceName: myapp-backend
servicePort: 8080
path: /myappapi/(.+)
- host: hostTwo
http:
paths:
- backend:
serviceName: myapp-front
servicePort: 8080
path: /(.*)
- backend:
serviceName: myapp-backend
servicePort: 8080
path: /myappapi/(.+)
tls:
- hosts:
- hostTwo
secretName: tlsSecret
- hosts:
- hostOne
status:
loadBalancer:
ingress:
- {}
In this case when requesting with HTTP I get a 803 error with a redirect to HTTPS in both URLs (hostOne and hostTwo)
I would like to have the redirect when using http only for hostTwo which is the one that is configured with a certificate and TLS secret.
Why the ingress in responding with that redirect for http and in the first case it doesn't? What I should change?
When I send A request with RestTemplate to https I get a SSLException:
2020-05-08 12:57:05,586 ERROR class=ExceptionHandler Received fatal alert: handshake_failure; nested exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
I tried to install the cert and ad TLS1.2 as explained here: Spring RestTemplate: SSL handshake failure
but it did not work and I can't send request with http just to check if the services are well code.
