I have argo cd running in my EKS cluster , and now I want to have DNS name on top so I can access it easily using a domain.

I am able to configure but when I access the url in browser it always goes to https(non secure ) mode. I read couple of same issues here but there are not directly relevant .

Below is an ingress that I have tried

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd
  namespace: argocd
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    kubernetes.io/tls-acme: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nignx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
spec:
  ingressClassName: nginx
  rules:
  - host: argocd.example.com
    http:
      paths:
      - path: /
        pathType: ImplementationSpecific
        backend:
          service:
            name: argocd-server
            port:
              number: 443
  tls:
  - hosts:
    - argocd.example.com
    secretName: argocd-secret

if I am trying to remove the annotation nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" then I get a different error which is related redirection in loop.

I am not sure what else I need to add to the ingress here so it can route to https rather of http

CodePudding user response：

nginx.ingress.kubernetes.io/ssl-passthrough works on TCP level and not on HTTP level. Therefore, nignx.ingress.kubernetes.io/force-ssl-redirect should be invalidated by the ssl-passthrough annotation.

Check for more info: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#ssl-passthrough

Try removing the ssl-passthrough annotation and it should work as expected.