Question

nginx-ingress - do-loadbalancer-enable-proxy-protocol

cluster_id: 82416d92-b360-445a-a8a0-ceb659e82e3a

Hi, we have installed the last versione of the nginx-ingress-controller, but if we follow the documentation specificaly for DO, and set the proxy-protocol, this are the configurations applied:

controller:
  service:
    type: LoadBalancer
    externalTrafficPolicy: Local
    annotations:
      service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"
      kubernetes.digitalocean.com/load-balancer-id: XXXXXXXXXXXXXX
  config:
    use-proxy-protocol: "true"
  admissionWebhooks:
    timeoutSeconds: 29
  metrics:
    enabled: true
    service:
      annotations:
        prometheus.io/scrape: "true"
        prometheus.io/port: "10254"

But with this configurations we see a bunch of errors on the ingress with truncated headers and from inside of any container if we make a curl with https to a domain present in the cluster, we see:

GnuTLS: Error in the pull function

By the way if we issue a new certificate with certmanager, the certmanager can’t close the loop with the normal http01

I know that it’s not much logs that i give, but now the cluster is in production and the configurations for proxy-protocol are disable so that we don’t have errors. If the errors are necessary I will re-deploy the configurations to get the specific errors.

PS: we have migrated from an old ingress deployment to a newone and that because there is the load-balancer-id

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!