Bad Gateway adding a certificate in a OCI Native Ingress Controller

[naguaramaster]

Good afternoon.

I am adding a certificate to the Ingress Resource in the Annotations section as indicated in the documentation.

kind: Ingress
metadata:
  name: <i-name>
  annotations:
    oci-native-ingress.oraclecloud.com/certificate-ocid: <certificate-ocid>
spec:
...

After adding it and trying to test with the created dns it gives a "Bad Gateway" error. When the certificate is removed the Load Balancer routes to the pods without problems. Ingress used:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: psu-service-ing
  namespace: ns-apps-dev
  annotations:
    oci-native-ingress.oraclecloud.com/certificate-ocid: "don't show the certificate-ocid"
spec:
  ingressClassName: native-ic-ingress-class
  rules:
  - host: "testing.testing.cl"
    http:
      paths:
      - pathType: Prefix
        path: "/psu"
        backend:
          service:
            name: psu-service-svc
            port:
              number: 443

What could be missing?

[naguaramaster]

Good afternoon.

I am adding a certificate to the Ingress Resource in the Annotations section as indicated in the documentation.

kind: Ingress metadata: name: annotations: oci-native-ingress.oraclecloud.com/certificate-ocid: spec: ...

After adding it and trying to test with the created dns it gives a "Bad Gateway" error. When the certificate is removed the Load Balancer routes to the pods without problems. Ingress used:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: psu-service-ing
  namespace: ns-apps-dev
  annotations:
    oci-native-ingress.oraclecloud.com/certificate-ocid: "don't show the certificate-ocid"
spec:
  ingressClassName: native-ic-ingress-class
  rules:
  - host: "testing.testing.cl"
    http:
      paths:
      - pathType: Prefix
        path: "/psu"
        backend:
          service:
            name: psu-service-svc
            port:
              number: 443

What could be missing?

PS: The Listener and the Backends Sets are created correctly, but the Listener always points to the Default_Backend. Is it supposed to point to the Backend Set of the service or am I wrong?

[nirpai]

The routing to backend sets done as per your ingress rules. Each listener is associated with a routing policy which holds the rules specified in ingress. Default backend set acts as a 404 handler in case there are no matching rules in routing policy.

[nirpai]

Good afternoon.

I am adding a certificate to the Ingress Resource in the Annotations section as indicated in the documentation.

kind: Ingress
metadata:
  name: <i-name>
  annotations:
    oci-native-ingress.oraclecloud.com/certificate-ocid: <certificate-ocid>
spec:
...

After adding it and trying to test with the created dns it gives a "Bad Gateway" error. When the certificate is removed the Load Balancer routes to the pods without problems. Ingress used:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: psu-service-ing
  namespace: ns-apps-dev
  annotations:
    oci-native-ingress.oraclecloud.com/certificate-ocid: "don't show the certificate-ocid"
spec:
  ingressClassName: native-ic-ingress-class
  rules:
  - host: "testing.testing.cl"
    http:
      paths:
      - pathType: Prefix
        path: "/psu"
        backend:
          service:
            name: psu-service-svc
            port:
              number: 443

What could be missing? Are your pods running in ssl mode using the same certificate specified as above?

[naguaramaster]

It was solved. Updated Ingress to v1.3.3 and applied Annotation to support applications without TLS