308 https redirect loop on nginx-ingress 0.26.1

General Discussions
1

Cluster information:

Kubernetes version: v1.15.6
Cloud being used: aws
Installation method: Kops 1.15.0
Host OS: Debian GNU/Linux 9.11 (stretch)
CNI and version: Canal v3.7.4
CRI and version: Docker 18.06.3-ce

helm version: v3.0.0

Honest warning: I’m a k8s newbie.

I have installed ingress-ingress using helm install nginx-ingress stable/nginx-ingress --values=nginx-ingress.values.yml

---
controller:
  # Default configMap
  # More options at https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
  config:     
    server-tokens: "false"
    #    large-client-header-buffers: 6 64k
    proxy-body-size: "1537m"
    proxy-read-timeout: "600"
    proxy-send-timeout: "600"
    send-timeout: "600"
    ssl-redirect: "true"
    force-ssl-redirect: "true"
    use-proxy-protocol: "false"

  service:
    labels:
      access: "true"
    annotations:
      dns.alpha.kubernetes.io/external: "ingress.REMOVED"
      # Wildcard cert
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: |-
        arn:aws:acm:REMOVED
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"

    targetPorts:
      http: http
      https: http
  metrics:
    enables: true

Then I installed prometheus-operator using helm with values

grafana:
  enabled: true

  ## Deploy default dashboards.
  ##
  defaultDashboardsEnabled: true

  adminPassword: PASSS

  ingress:
    ## If true, Grafana Ingress will be created
    ##
    enabled: true

    ## Annotations for Grafana Ingress
    ##
    annotations:
      dns.alpha.kubernetes.io/external: "grafana1.REMOVED.com"
      kubernetes.io/ingress.class: nginx
      nginx.ingress.kubernetes.io/auth-type: basic
      nginx.ingress.kubernetes.io/auth-secret: basic-auth
      nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - admin'
      nginx.ingress.kubernetes.io/ssl-redirect: "true"
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
    labels: {}
    hosts:
      - grafana.REMOVED.com
    path: /
    tls: []

After deploying I manually created another subdomain for grafana in Route53. The issue is I can’t access this service, It’s redirecting in a loop. I checked in node, ELB is sending X-Forwarded-* headers.

Response looks like this
curl -I https://grafana.REMOVED.COM
HTTP/1.1 308 Permanent Redirect
Content-Length: 168
Content-Type: text/html
Date: Mon, 23 Dec 2019 15:57:21 GMT
Location: https://grafana.REMOVED.COM/
Connection: keep-alive

2

I seems like I should useuse-forwarded-headers: "true"
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#use-forwarded-headers

1 Like