Known limitations

The following sections describe known limitations for WebLogic Kubernetes Operator. Each issue may contain a workaround or an associated issue number.

NGINX SSL passthrough ingress service does not work with Kubernetes headless service

ISSUE: When installing NGINX ingress controller with SSL passthrough enabled --set "controller.extraArgs.enable-ssl-passthrough=true", any ingress rule created subsequently, using SSL passthrough to the individual server service, will fail.

$ kubectl -n nginx get services
NAME                                                TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)                      AGE
nginx-operator-ingress-nginx-controller-admission   ClusterIP    <none>          443/TCP                      3m3s
nginx-operator-ingress-nginx-controller             LoadBalancer   80:32315/TCP,443:31710/TCP   3m3s

For example, after creating the domain, the operator creates a headless Kubernetes service for each server and a headed service for the cluster. The individual service for each server is headless as the CLUSTER-IP is None; the cluster service is headed as the CLUSTER-IP has a valid IP address.

$ kubectl -n sample-domain1-ns get services
NAME                                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)             AGE
sample-domain1-admin-server          ClusterIP   None            <none>        7001/TCP,7002/TCP   23h
sample-domain1-cluster-cluster-1     ClusterIP   <none>        8001/TCP,7002/TCP   23h
sample-domain1-managed-server1       ClusterIP   None            <none>        8001/TCP,7002/TCP   23h

If you create a passthrough ingress rule to use SSL passthrough to access the admin server, for example:

kind: Ingress
  name: console-ssl-passthru
  namespace: sample-domain1-ns
  annotations: 'true'
  ingressClassName: nginx
    - http:
          - backend:
                name: sample-domain1-admin-server
                  number: 7002
            path: /
            pathType: Prefix

Accessing the WebLogic Console on the admin server, through the ingress controller, will result in an error.

curl -k -v -L
*   Trying
* Connected to ( port 31710 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to
* Closing connection 0
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to

This is currently reported as an NGINX bug in