I've deployed Kong on AWS using Helm. Need to terminate the SSL on the LoadBalancer. HTTP request works. HTTPS request fails with "400 Bad Request - The plain HTTP request was sent to HTTPS port" error.
How to configure the Kong Proxy/LB so that things work properly? I'm ok with either HTTP or HTTPS connection behind the LB. It is a requirement for the SSL to be terminated on the LB though.
Another issue is that this creates an LB with a random DNS name. Tried setting service.beta.kubernetes.io/aws-load-balancer-eip-allocations but it doesn't work either. What is the best way to "pin" either the domain name or an IP address to the LB?
Also, this creates a legacy/classic LB. Couldn't get the k8s service to create an AWS ALB.
Helm Chart overrides:
proxy:
enabled: true
http:
enabled: true
tls:
enabled: true
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: <my-cert-name>
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
Installing using:
$ helm repo add kong https://charts.konghq.com
$ helm repo update
$ helm install kong kong/kong \
--atomic \
-n kong \
-f overrides.yaml
You might want to also set this in the YAML:
proxy:
enabled: true
http:
enabled: true
servicePort: 80
containerPort: 8000
tls:
enabled: true
overrideServiceTargetPort: 8000 # <===
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: <my-cert-name>
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
Check this link for reference.
Iff this leads to a redirection loop on request, go ahead and add this ENV variable to Kong's configuration:
- name: KONG_TRUSTED_IPS
value: 0.0.0.0/0,::/0