Kubernetes ingress with multiple backend services throws site insecure error for specific contexts
I have deployed multiple backend services behind a single ingress controller. When I load the portal application (its a web portal through which other applications can be launched from menu), the portal site loads fine and the site shows secure. When I launch the other application by selecting one from the menu, the app that is selected launches in a new tab and when this is done, not only the new web page that shows insecure on the new tab but the portal web page on the previous tab also switches to insecure. This is occurring only for specific backend applications. Some of the containers have more than 1 application running on them, some applications do not complain insecure where as others do even though they run on same tomcat. For instance if I open multiple applications via main app (lets say about 4 backend apps on 4 tabs) and all of them show secure and now if I launch a 5th application that pulls up on the 5th tab and this shows insecure, now if I go back to those previous 4 tabs they too now complains insecure without even refreshing those 4 tabs. The ingress domain SSL certificates are managed by infra and are valid.
Screenshot: Before:
After launching a web app on a new tab, the new and the original tab switches to insecure:
This has been puzzling me for sometime, is it that the browser detecting some insecure faulty config ?
My app run on tomcat on a container on a Rancher. I have tried below approaches which did not work,
1> Initially my backends were running on 8080, so I went ahead and generated a java keystore and enabled https on the tomcat and made it run on 8443. Made the services point to 8443 instead of 8080
2> Enable crossContext="true" on the tomcat/conf/context.xml thinking the sharing of contexts between sites may help but it did not.
Below is my ingress controller yaml. Much appreciated if anyone can provide pointers on what else I can try or what could be the problem area.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: 'abcd'
namespace: 'dev1'
annotations:
appgw.ingress.kubernetes.io/backend-path-prefix: "/"
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
labels:
project: 'abcd'
spec:
ingressClassName: nginx
rules:
- host: somedomain.corp.intranet
http:
paths:
- backend:
service:
name: portal-dev1
port:
number: 8443
path: /
pathType: ImplementationSpecific
- backend:
service:
name: portal-dev1
port:
number: 8443
path: /portal
pathType: ImplementationSpecific
- backend:
service:
name: cfml-dev1
port:
number: 8443
path: /cfml
pathType: ImplementationSpecific
- backend:
service:
name: webapp1-dev1
port:
number: 8443
path: /webappA
pathType: ImplementationSpecific
tls:
- hosts:
- somedomain.corp.intranet
status:
loadBalancer:
ingress:
- ip: someIpList
The error suggests (!?) that at least one reference in the apps that trigger the error is being retrieved over a non-TLS endpoint.
Identify each of the apps that trigger the error and scour them for http://.
Not just HTML but images, scripts, css, every file that loads over a URL needs to use TLS.
- How much CPU and RAM is necessary for master and worker nodes for a microservices deployment with MongoDB as database?
- otel-collector to scrap multiple pods
- Docker image running in k8s which needs gcloud auth credentials
- Helm go sdk install chart from external location
- kubernetes to print specific columns
- Python 3 relative imports behave differently between local run and on k8s
- Unable to create secret in kubernetes: "Secret is invalid: data[.dockerconfigjson]: Invalid value: "<secret contents redacted>": invalid character 'e'
- Kubernetes Ingress to External Service?
- Kubernetes: expired certificate
- 0/1 nodes are available: 1 pod has unbound immediate PersistentVolumeClaims
- route.yaml to reach the admin page of a wildfly container deployed in openshift local (CRC)
- How to set multiple kubeconfigs using powershell
- ActiveMQ Artemis: Primary Pod Restart Loop with Shared Store HA
- ActiveMQ Artemis primary pod goes to restart loop after change to shared-store HA option
- couldn't get current server API group list: the server has asked for the client to provide credentials error: You must be logged in to the server
- How could be memory dump saved in kubernetes cluster after crashing?
- multiple command in postStart hook of a container
- How to attach Job Labels to Job Events in Fluent Bit Kubernetes Events
- Target Group Binding not getting created for an ALB
- Unable to access my minikube cluster from the browser (❗ Because you are using a Docker driver on windows, the terminal needs to be open to run it.)
- Springboot Swagger Ui Throwing Whitelabel Error Page when Accessed using K8S IP and Nodeport
- Unset/remove default value in helm values.yaml
- Set ENV Variable Dynamically in a Dockerfile
- Docker desktop - kubernetes failed to start
- My kubernetes pods keep crashing with "CrashLoopBackOff" but I can't find any log
- What is the meaning of CPU and core in Kubernetes?
- controller runtime: GrandPa, Son, GrandSon and setting OwnerReferences
- One command to restore local PostgreSQL dump into kubectl pod?
- How to configure HorizontalPodAutoscaler?
- ASP.NET Core application in K8S sometimes hangs on HostBuilder.Buid()