I want a single load balancer (alb) that direct traffic to internal nginx-ingress that load balances traffic to internal services in the cluster.
I have followed many examples (ex_1) and I have reached to a point where the alb heathchecks to the nodes fail.
When I connect to a nginx-ingress-controller
pod and execute a /healthz
to the pod IP, it works, but fails when I try to the service
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-nginx
namespace: infra
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: "ip"
alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
alb.ingress.kubernetes.io/healthcheck-path: /healthz
alb.ingress.kubernetes.io/healthcheck-port: 30343
alb.ingress.kubernetes.io/success-codes: "200,404"
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80,"HTTPS": 443}]'
alb.ingress.kubernetes.io/certificate-arn: ***
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
spec:
ingressClassName: alb
rules:
- http:
paths:
- path: /*
pathType: ImplementationSpecific
backend:
service:
name: ssl-redirect
port:
name: use-annotation
- path: /*
pathType: ImplementationSpecific
backend:
service:
name: ingress-nginx-controller
port:
number: 80
---
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: ingress-nginx
namespace: infra
spec:
chart:
spec:
chart: ingress-nginx
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: ingress-nginx
version: 4.10.1
interval: 1m0s
values:
controller:
publishService:
enabled: false
replicaCount: 4
config:
use-forwarded-headers: "true"
use-proxy-protocol: "true"
service:
externalTrafficPolicy: Cluster
type: NodePort
targetPorts:
http: http
https: http
What am I missing?