I'm running a cluster on GKE with the nginx-ingress controller instead of using the default gce ingress controller.
I'm generating certificates using cert-manager. If I use the default gce controller, this works fine.
I've deployed the nginx-ingress controller with the following config:
containers:
- args:
- /nginx-ingress-controller
- --default-backend-service=kube-system/nginx-ingress-default-backend
- --publish-service=kube-system/nginx-ingress-controller
- --election-id=ingress-controller-leader
- --ingress-class=nginx
- --configmap=kube-system/nginx-ingress-controller
- --sort-backends=true
The service for this uses the default service type=LoadBalancer
and I can see in the Google Cloud console that I have been provisioned a TCP layer 4 loadbalancer.
My frontend service and ingress has the following annotations:
annotations:
ingress.kubernetes.io/allow-http: "true"
kubernetes.io/ingress.class: nginx
ingress.kubernetes.io/ssl-redirect: "true"
kubernetes.io/tls-acme: "true"
HTTP works without an issue, but when I try over HTTPS I get an SSL protocol error:
* Rebuilt URL to: https://hostname/
* Trying xx.xxx.xx.xxx...
* TCP_NODELAY set
* Connected to guestbook.lbrlabs.com (xx.xxx.xx.xxx) port 443 (#0)
* Unknown SSL protocol error in connection to hostname:-9847
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to hostname:-9847
and I can see what looks to be binary data in the logs:
10.36.0.1 - [10.36.0.1] - - [04/Aug/2018:23:37:23 +0000] "\x16\x03\x01\x00\xC8\x01\x00\x00\xC4\x03\x03[f8\xB4J\xFD\xB6\x1C9\x93\xA9\xF6$\x82\x1B~h" 400 174 "-" "-" 0 0.051 [] - - - -
What configuration option am I missing here? I tried using proxy-protocol but that didn't work (as I expected). I'm using 0.14.0
of the nginx-ingress-controller.