On Sunday, 9 April 2017 16:57:44 UTC+2, [email protected] wrote: > If anyone can point me to documentation on this I would be much appreciative. How can I have two or more nginx ingress controllers running in the same cluster? > > This is the use case: > I have on AWS an nginx ingress controller where I spin up the controller with annotations to front the ELB with a particular cert. This means I want ( I think ) the ELB to terminate the TLS and everything behind it to be unencrypted HTTP. > > That being said I have certain application running in the cluster, such as Kibana as an example that I want to just run as HTTPS. Easy enough to do with a normal setup, however if I have the ELB terminating the TLS this presents a problem.
Why it's a problem? Have you enabled the proxy_protocol for tls termination? https://github.com/kubernetes/ingress/tree/098bcb5e656356d9d0ab0f6e592dbad764dc32e3/controllers/nginx/examples/proxy-protocol https://github.com/kubernetes/ingress/search?utf8=✓&q=proxy_protocol&type= > Another use case would be if I wanted to setup one ingress controller to be internal only meaning having a list of white listed IP's. Another controller could be open to the world. > I have the same scenario this is the internal ingress --default-backend-service=kube-system/default-http-backend --tcp-services-configmap=kube-system/tcp-configmap --configmap=kube-system/nginx-load-balancer-conf --healthz-port=10001 --ingress-class=intern --election-id=intern the annotation for this ingress should be "kubernetes.io/ingress.class: intern" the external ingress --default-backend-service=kube-system/default-http-backend --tcp-services-configmap=kube-system/tcp-configmap --configmap=kube-system/nginx-load-balancer-conf --healthz-port=10002 --ingress-class=extern --election-id=intern Beware that both use different ports for the health check, so you can isolate both from elb whitelist ip => https://github.com/kubernetes/ingress/blob/7ca7652ab26e1a5775f3066f53f28d5ea5eb3bb7/controllers/nginx/configuration.md#whitelist-source-range > Does this configuration currently exist? > > Thanks, > M -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
