shantanu10 opened a new issue, #2239: URL: https://github.com/apache/apisix-ingress-controller/issues/2239
### Current Behavior I am using apisix ingress controller in the composite mode architecture. Whenever I apply any ingress with http scheme (no TLS), some how apisix ingress controller is saving the upstream with scheme as "https". Due to that the requests are returning 502 when proxied through apisix. I also see this log for the failing request: ``` 2024/05/22 07:23:10 [crit] 51#51: *5144 SSL_do_handshake() failed (SSL: error:0A0000C6:SSL routines::packet length too long error:0A000139:SSL routines::record layer failure) while SSL handshaking to upstream, client: 10.1.45.13, server: _, request: "GET /api/webhook HTTP/1.1", upstream: "https://10.1.33.14:7000/api/webhook";, host: "argocd.mycompany.com" ``` This is probably due to the fact that apisix is trying to use ssl while connecting to the upstream's port which is not configured to do so. The root cause is the use of https by apisix instead of http despite I used http in the ingress configuration. Here are some other observations: 1. This is not happening when i am using the ApisixRoute crd. Although I won't be able to use it permanently since there are some annotations defined [here](https://apisix.apache.org/docs/ingress-controller/concepts/annotations/) which i need to use which can only be used with Ingress resource. 2. It started coming after almost 1 month of using apisix ingress controller. This while i just upgraded to version 1.8.1 from 1.7.1 last week. But the issue appeared yesterday. I can ensure that I made no change in the other part of my infrastructure ,i.e, k8s version, load balancer etc. ### Expected Behavior Ideally the upstream should be saved with scheme as "http" on applying any ingress resource in the cluster. ### Error Logs ``` 2024/05/22 07:23:10 [crit] 51#51: *5144 SSL_do_handshake() failed (SSL: error:0A0000C6:SSL routines::packet length too long error:0A000139:SSL routines::record layer failure) while SSL handshaking to upstream, client: 10.1.45.13, server: _, request: "GET /api/webhook HTTP/1.1", upstream: "https://10.1.33.14:7000/api/webhook";, host: "argocd.mycompany.com" ``` ### Steps to Reproduce 1. Install apisix ingress controller with its helm chart (version 1.8.1) 2. Apply any ingress resource attached to apisix ### Environment - APISIX Ingress controller version (run `apisix-ingress-controller version --long`) ``` Version: 1.8.1 Git SHA: no-git-module Go Version: go1.19.4 Building OS/Arch: linux/amd64 Running OS/Arch: linux/amd64 ``` - Kubernetes cluster version (run `kubectl version`) ``` Client Version: version.Info{Major:"1", Minor:"24+", GitVersion:"v1.24.10-eks-48e63af", GitCommit:"9176fb99b52f8d5ff73d67fea27f3a638f679f8a", GitTreeState:"clean", BuildDate:"2023-01-24T19:21:38Z", GoVersion:"go1.19.5", Compiler:"gc", Platform:"darwin/amd64"} WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. Use --output=yaml|json to get the full version. Client Version: version.Info{Major:"1", Minor:"24+", GitVersion:"v1.24.10-eks-48e63af", GitCommit:"9176fb99b52f8d5ff73d67fea27f3a638f679f8a", GitTreeState:"clean", BuildDate:"2023-01-24T19:21:38Z", GoVersion:"go1.19.5", Compiler:"gc", Platform:"darwin/amd64"} Kustomize Version: v4.5.4 ``` - OS version if running APISIX Ingress controller in a bare-metal environment (run `uname -a`) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
