I set up a kubernetes cluster in AWS using KOPS; now I want to set up an NGINX ingress controller and terminate TLS with AWS managed certificate. The topology in my understanding is AWS ELB is facing the internet and terminates TLS, forwards unencrypted to ingress service which then does dispatches.
I've deployed ingress controller from https://github.com/kubernetes/ingress/tree/master/examples/aws/nginx
Except I used annotations as described on top of https://github.com/kubernetes/ingress/issues/71 to add the certificate.
I add the route to Route53 and open my browser to https address and get a 400 response from NGINX with message "The plain HTTP request was sent to HTTPS port"
What am I doing wrong?
This is my ingress resource:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: dispatcher
namespace: test
spec:
rules:
- host: REDACTED
http:
paths:
- backend:
serviceName: REDACTED
servicePort: 80
path: /api/v0
I managed to get this done largely using the ingress here: https://github.com/kubernetes/kops/tree/master/addons/ingress-nginx except for the ingress service I added service.beta.kubernetes.io/aws-load-balancer-ssl-cert annotation pointing to my certificate ARN and set targetPort of both the ports to 80