mayankmurari commented on issue #2537:
URL:
https://github.com/apache/apisix-ingress-controller/issues/2537#issuecomment-3244128327
Hi @bzp2010 We have configured TransportServer which is taking HTTPS
traffic. This TS points to a NodePort service.
Apisix gets traffic on TransportServer
virtualServerAddress: x.x.x.x
virtualServerPort: 443
TS forwards traffic to NodePort service
service: apisix-gateway
servicePort: 443
Client (HTTPS:443)
↓ TLS encrypted
F5 Load Balancer (x.x.x.:443) TLS Passthrough
↓
APISIX Gateway (apisix-gateway:443) TLS TERMINATION
Also we have set up backend proxy in Apisix using APISIX resources
"apisixroutes" and "apisixupstreams" and we do not see any issue there.
Below is the Gateway setup.
**Apisix-ts**
apiVersion: cis.f5.com/v1
kind: TransportServer
metadata:
labels:
f5cr: "true"
use_cis: "true"
name: apisix-ts
namespace: ingress-apisix
spec:
mode: standard
pool:
loadBalancingMethod: round-robin
monitor:
interval: 10
timeout: 5
type: tcp
service: apisix-gateway
servicePort: 443
snat: auto
type: tcp
virtualServerAddress: x.x.x.x
virtualServerPort: 443
**Service**
ports:
- name: apisix-gateway
nodePort: 30914
port: 80
protocol: TCP
targetPort: 9080
- name: apisix-gateway-tls
nodePort: 30609
port: 443
protocol: TCP
targetPort: 9443
**Gateway**
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: apisix-gateway
namespace: ingress-apisix
spec:
gatewayClassName: apisix
listeners:
# HTTPS Listener for secure requests
- name: https
protocol: HTTPS
port: 9443
allowedRoutes:
namespaces:
from: Same
tls:
mode: Terminate
certificateRefs:
- name: apisix-ssl
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
