Open noman1897 opened 10 months ago
same error with local k8s deployment, this is now blocking our test
@LinLeng @noman1897 Sry for the delay of reply. The doc you referenced is for GCP. GCP L7 LB requires its backend to enable tls, so we set the tlsMode to 1. As for other LBs or ingress, you shoud leave the tlsMode or set it to 0.
The tlsMode
config is for milvus itself to enable tls. Usually when we want to enable tls for our service, we should enable it on the LB, not on milvus.
Hi folks,
I'm trying to enable the ingress with nginx ingress controller on an AKS cluster but facing multiple issue starting with lack of documentation(which I would be happily contribute if I can solve this).
Chart:
appVersion: 2.3.1 name: milvus sources:
https://github.com/zilliztech/milvus version: 4.1.4
Nginx:
appVersion: 1.7.1 name: nginx-ingress-controller sources:
https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller version: 9.7.1
Aks:
1.25.11 Kubenet
Docs consulted: https://milvus.io/docs/azure.md https://milvus.io/docs/tls.md#Encryption-in-Transit https://milvus.io/docs/gcp_layer7.md#Set-up-a-Layer-7-Load-Balancer-for-Milvus-on-GCP
First of all this instruction is incorrect:
Since in the value.yaml file we need to use this to set variables for Milvus.yaml ( mounted as cm in the application):
Ingress is configured as requested in the helm values file with:
I would expect this to work since the tis termination should happen on nginx level and the ingress to the backend Milvus-proxy traffic should be unencrypted in the cluster so plain GRPC. However if I follow this doc https://milvus.io/docs/gcp_layer7.md#Set-up-a-Layer-7-Load-Balancer-for-Milvus-on-GCP, I should enable the tlsMode=1 for Milvus-proxy which I would expect to request ingress to do not end tls on ingress but forward traffic with GRPCS annotation which is not shared in any doc. However I have tried in both ways with and without tlsMode setted but without success.
Current error is:
Has anybody tried to enable Encryption on transit on AKS? Is there any doc which I can check and correct/add anything I'm missing?
Thanks!