I’ve deployed an HA vault on my cluster alongside Kong ingress controller.
I’m having some troubles in resolving the vault ingress in my browser when creating the ingress object for vault.
The kong deployment uses the default helm values, so no overrides.
The vault deployment for the ingress is defined as below:
ingress:
enabled: true
annotations:
kubernetes.io/ingress.allow-http: "false"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
# dns.annotations
# cert-manager.annotations
ingressClassName: kong
pathType: Prefix
activeService: false # have also tried to set this to true (default value)
hosts:
- host: vault.ingress.example.com
paths: [/]
tls:
- secretName: vault-ingress-tls
hosts:
- vault.ingress.example.com
I also have argocd deployed in the cluster and its resolving just fine.
What’s weird is I know I can make this resolve just fine on nginx ingress.
In the kong-ingress logs
2023/12/15 17:16:43 [error] 1280#0: *44475 readv() failed (104: Connection reset by peer) while reading upstream, client: 10.0.0.0, server: kong, request: "GET /ui/ HTTP/2.0", upstream: "http://100.0.0.0:8200/", host: "vault.ingress.example.com", request_id: "1234567890abcdefghiklmnop"
In the vault-0 pod logs
2023-12-15T19:16:11.961Z [INFO] http: TLS handshake error from 10.0.0.0:7182: tls: client offered only unsupported versions: [302 301]
2023-12-15T19:16:17.377Z [INFO] http: TLS handshake error from 10.0.0.0:21813: remote error: tls: unknown certificate