AWS External Load Balancer TLS Termination - generate 443 server rules when default-external-scheme: https
is set
#15156
Labels
kind/bug
Categorizes issue or PR as related to a bug.
What version of Knative?
Expected Behavior
Hey all, I have istio installed on my eks cluster, and aws lb controller, to set up the loadbalancer including an annotation to set a tls cert from ACM to the lb. I can create virtual services and gateways that terminate traffic at the LB, but having trouble trying to configure knative serving to work this way as well.
I tried setting
default-external-scheme: https
, which makes the urls https, but I'm getting 404s for all of them.I figured out the gateway that is created by knative using this setup only contains port 80, I had to edit it to allow port 443
here's what's generated:
To get it working, I needed to add:
I would expect that the 443 rule would be added to the gateway when
default-external-scheme: https
is set, or another option would exist to specify that the rule should be added.Actual Behavior
See Expected Behavior as that covers what I expect as well as what actually happens, and the manual workaround required to get things moving - summed up, I can't find a way to add the 443 rule without AutoTLS, but that isn't what I want.
Steps to Reproduce the Problem
Set up KNative Serving using
default-external-scheme: https
andhttpProtocol: Redirected
Additional Information
There is a thread in slack here: https://cloud-native.slack.com/archives/C04LMU0AX60/p1712785405535979
@dprotaso suggested making another loadbalancer as a workaround, but I 1) don't know how to do this as it's all through AWS LB controller and annotations passed to istio ingress gateway helm chart, 2) I don't really want an additional load balancer as the existing one would work if the 443 server rules were generated. In summary, it feels like just generating the 443 rules I add manually to make things work should be supported.
The text was updated successfully, but these errors were encountered: