nginx.ingress.kubernetes.io/ssl-passthrough annotation compatibility or workaround needed
Opened this issue · 0 comments
**Is your feature request related to a problem?
Very popular Kubernetes Community Ingress controller provided annotations like nginx.ingress.kubernetes.io/ssl-passthrough: "true" is not available with the nginxinc Operator. I have checked the official documentations https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/advanced-configuration-with-annotations/ . SSL Passthrough annotations are not available and the following annotations picks up the ports 8083
nginx.org/listen-ports: "8083"
nginx.org/listen-ports-ssl: "8443"
nginx.org/ssl-passthrough: "true"
I had to enable the otion --enable-tls-passthrough=true and use TransportServer to create TLS Passthrough ingress endpoints.
The results and healthchecks for the backend service are different in TransportServer when compared to nginx.ingress.kubernetes.io/ssl-passthrough: "true" annotation . The transportServer creates a unix socket and expects the application to handle the pod availability. Where in nginx.ingress.kubernetes.io/ssl-passthrough: "true" annotation in Kubernetes can validate if the backend pod is available or not and send a 404 when a service is down.
Describe the solution you'd like
nginx.ingress.kubernetes.io/ssl-passthrough: "true" like capability to do the healthcheck for the backend pods and also wider compatibility for other annotations which are commonly used.
Describe alternatives you've considered
We have not considered any non F5 solution yet as we are using this Operator from Openshift and we would like to continue using this operator which comes from the Openshift Platform Vendor
Additional context
NA