I have a Kubernetes cluster running in EKS (on AWS.)
In the cluster I have Elasticsearch, Kibana and various other web services.
I would like to set up a single ALB loadbalancer such that:
- Requests to
/_kibana/*is routed toservice: search-kb-http, port: 5601 - All other traffic
/*is routed toservice: web-service-locator, port: 5000
So I create this:
#Note: search-kb-http is provided by Kibana operator
---
apiVersion: v1
kind: Service
metadata:
name: web-service-locator
namespace: default
spec:
ports:
- name: http
port: 5000
protocol: TCP
selector:
company-app: web
type: NodePort
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
alb.ingress.kubernetes.io/load-balancer-name: [SNIP]
external-dns.alpha.kubernetes.io/hostname: [SNIP]
alb.ingress.kubernetes.io/ssl-redirect: '443'
alb.ingress.kubernetes.io/certificate-arn: [SNIP]
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
kubernetes.io/ingress.class: alb
name: public-ingress
namespace: default
spec:
rules:
- http:
paths:
- path: /_kibana/*
backend:
serviceName: search-kb-http
servicePort: 5601
- path: /*
backend:
serviceName: web-service-locator
servicePort: 5000
Here's the problem
I prefer to do the SSL termination at the ALB for the main web-service. But the Kibana backend only offers HTTPS. So I need the two different backends to use different protocols in transit.
In doing my research it seems there is an annotation I can apply to the ingress:
alb.ingress.kubernetes.io/backend-protocol: HTTPS
But this changes seems to affect the entire ingress.
Is there a way to specify different transit protocols for different backends?
Many thanks!
[EDIT] I have found a workaround to disable TLS on Kibana in ECK. But the question still stands as to whether this is possible. Thanks!
