Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ingress-controller chart: Gateway service not listening on https port #777

Open
nitramiz opened this issue Sep 3, 2024 · 0 comments
Open

Comments

@nitramiz
Copy link

nitramiz commented Sep 3, 2024

Enabling TLS on the ingress-controller gateway service (apisix-ingress-controller-apisix-gateway) doesn't make the pod listen on port 9443.

This causes refused connections since the LoadBalancer's public IP doesn't have anywhere to connect:

curl: (7) Failed to connect to test-apisix.example.com port 443 after 262 ms: Connection refused

Configured ingress-controller as an apisix subchart, but the same applies for the standalone chart:

ingress-controller:
  enabled: true
  config:
    # misconfig due to a hardcoded value https://github.com/apache/apisix-helm-chart/issues/774
    httpListen: ":9080" 
    ingressPublishService: "ingress-apisix/apisix-ingress-controller-apisix-gateway"
    apisix:
      adminAPIVersion: "v3"
      existingSecret: "admin-creds"
      existingSecretAdminKeyKey: "admin"
  gateway:
    type: LoadBalancer
    externalTrafficPolicy: Local
    tls:
      enabled: true              <== DOESN'T WORK

Only the HTTP port (9080) is specified in the deployment.yaml template and there's no optional setting for the TLS port like the apisix chart's template.

The only place that the tls key is used is in the etcd server sidecar here, which also looks a bit mistakenly copied.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant