Description
I am executing cull command with:
curl -k -v -XPUT --cert ./muse-sbi.crt --key ./muse-sbi-privatekey.pem --cacert ./current-muse-nbi-ca-root.crt --pass LS5cbqYDAx0DpV0WKCh9 https://muse.eldar-sor-test.com/users-mng/isAuthenticated
In the response I am getting back from nginx-igress-controller the default cecrtificate "Kubernetes Ingress Controller Fake Certificate" and certificate are not pass to my backend.
Ingress controller object defined this way:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
meta.helm.sh/release-name: mi-gateway
meta.helm.sh/release-namespace: mi-paas
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
creationTimestamp: "2025-04-06T14:18:40Z"
generation: 7
labels:
app.kubernetes.io/managed-by: Helm
name: mi-gateway-ingress
namespace: mi-paas
resourceVersion: "3439272"
uid: 7205880c-0465-4a59-8919-c424dba40ad7
spec:
ingressClassName: nginx
rules:
- host: eldar-sor-test.com
http:
paths:- backend:
service:
name: mi-gateway
port:
number: 4433
path: /
pathType: Prefix
- backend:
- host: '*.eldar-sor-test.com'
http:
paths:- backend:
service:
name: mi-gateway
port:
number: 4433
path: /
pathType: Prefix
status:
loadBalancer:
ingress: - ip: 10.88.16.244
- backend:
when I am sending this curl it work fine:
curl -k -v -XPUT --cert ./muse-sbi.crt --key ./muse-sbi-privatekey.pem --cacert ./current-muse-nbi-ca-root.crt --pass LS5cbqYDAx0DpV0WKCh9 https://eldar-sor-test.com/users-mng/isAuthenticated
If I am changing my ingress object to be , with explicit host in rule (without wildcard) it works ok:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
meta.helm.sh/release-name: mi-gateway
meta.helm.sh/release-namespace: mi-paas
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
creationTimestamp: "2025-04-06T14:18:40Z"
generation: 8
labels:
app.kubernetes.io/managed-by: Helm
name: mi-gateway-ingress
namespace: mi-paas
resourceVersion: "3444909"
uid: 7205880c-0465-4a59-8919-c424dba40ad7
spec:
ingressClassName: nginx
rules:
- host: eldar-sor-test.com
http:
paths:- backend:
service:
name: mi-gateway
port:
number: 4433
path: /
pathType: Prefix
- backend:
- host: muse.eldar-sor-test.com
http:
paths:- backend:
service:
name: mi-gateway
port:
number: 4433
path: /
pathType: Prefix
status:
loadBalancer:
ingress: - ip: 10.88.16.244
- backend:
curl -k -v -XPUT --cert ./muse-sbi.crt --key ./muse-sbi-privatekey.pem --cacert ./current-muse-nbi-ca-root.crt --pass LS5cbqYDAx0DpV0WKCh9 https://muse.eldar-sor-test.com/users-mng/isAuthenticated
tls negotiation between client to backend mi-gateway works as expected.
why tls passthrough to backend is not working with wildcard??
Metadata
Metadata
Assignees
Labels
Type
Projects
Status