I have an HTTP2 service. It's deployed on EKS (AWS Kubernetes). And I am trying to expose it to the internet.
If I am exposing it without TLS (with the code below) everything works fine. I can access it.
apiVersion: v1kind: Servicemetadata: name: demoappspec: type: LoadBalancer ports: - name: http port: 80 targetPort: 5000 selector: name: demoappIf I am adding TLS, I am getting HTTP 502 (Bad Gateway).
apiVersion: v1kind: Servicemetadata: name: demoapp annotations: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http service.beta.kubernetes.io/aws-load-balancer-ssl-cert: somearn service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" spec: type: LoadBalancer ports: - name: https port: 443 targetPort: 5000 selector: name: demoappI have a guess (which could be wrong) that service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http for reason assumes that it's HTTP 1.1 (vs HTTP 2.0) and bark when one of the sides start sending binary (vs textual data).
Additional note: I am not using any Ingress controller.
And a thought. Potentially, I can bring TLS termination within the app (vs doing it on the load balancer) and switch as an example to NLB. However, brings a lot of hair in the solution and I would rather use load balancer for it.