nitramiz opened a new issue, #777:
URL: https://github.com/apache/apisix-helm-chart/issues/777
Enabling TLS on the `ingress-controller` gateway service
(`apisix-ingress-controller-apisix-gateway`) doesn't make the pod listen on
port 9443, which is forwarded from the k8s service.
Configured `ingress-controller` as an `apisix` subchart, but the same
applies for the standalone chart:
```
ingress-controller:
enabled: true
config:
# misconfig due to a hardcoded value
https://github.com/apache/apisix-helm-chart/issues/774
httpListen: ":9080"
ingressPublishService:
"ingress-apisix/apisix-ingress-controller-apisix-gateway"
apisix:
adminAPIVersion: "v3"
existingSecret: "admin-creds"
existingSecretAdminKeyKey: "admin"
gateway:
type: LoadBalancer
externalTrafficPolicy: Local
tls:
enabled: true <== DOESN'T WORK
```
Only the HTTP port (9080) is specified in the `deployment.yaml`
[template](https://github.com/apache/apisix-helm-chart/blob/master/charts/apisix-ingress-controller/templates/deployment.yaml#L97-L99)
and there's no optional setting for the TLS port like the `apisix` chart's
[template](https://github.com/apache/apisix-helm-chart/blob/master/charts/apisix/templates/deployment.yaml#L111).
This causes refused connections since the LoadBalancer's public IP doesn't
have anywhere to forward requests to:
```
curl: (7) Failed to connect to test-apisix.example.com port 443 after 262
ms: Connection refused
```
The only place that the `tls` key is used is in the `etcd` server sidecar
[here](https://github.com/apache/apisix-helm-chart/blob/master/charts/apisix-ingress-controller/templates/deployment.yaml#L147),
which also looks a bit mistakenly copied.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
