hello. I want to deploy Waypoint on Kubernetes using Waypoint Helm.
Also I do TLS Termination on AWS ALB. That’s why requests coming in to ALB’s port 443 should be sent to the http port of the ui service. (Because TLS termination has already been completed in ALB)
So, I routed traffic coming in through port 443 to port 80 of UI Service using the Ingress rule.
However, there is no way to expose the GRPC Port. Since GRPC Port basically expects to receive HTTPS traffic, if you create a new ingress for GRPC and send traffic to GRPC, the following error occurs.
The plain HTTP request was sent to HTTPS port
This is because TLS termination has already been completed on the ALB.
How can I do TLS termination on AWS ALB while still exposing GRPC and UI to ALB at the same time?
Current State
values.yaml
ui:
ingress:
enabled: true
hosts:
- host: waypoint.example.domain # Waypoint UI Domain
paths:
- /
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/backend-protocol: HTTP
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
alb.ingress.kubernetes.io/certificate-arn: "ACM"
alb.ingress.kubernetes.io/actions.ssl-redirect: "443"
extraPaths:
- path: /
pathType: Prefix
backend:
service:
name: waypoint-ui
port:
name: http
ingress for expose grpc
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
alb.ingress.kubernetes.io/backend-protocol: HTTP
alb.ingress.kubernetes.io/backend-protocol-version: GRPC
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":9701}]'
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/certificate-arn: "ACM"
alb.ingress.kubernetes.io/target-type: ip
kubernetes.io/ingress.class: alb
name: waypoint-grpc
namespace: waypoint
spec:
rules:
- host: waypoint-grpc.example.domain # GRPC Domain
http:
paths:
- backend:
service:
name: waypoint-server
port:
name: grpc
path: /
pathType: Prefix