Kubernetes nginx-ingress TLS issue

0 votes

My deployment is something like this:

Existing CA certificate for fake.example.com and an A record that maps fake.example.com to the IP of our load balancer

The load balancer is forwarding traffic to our Kubernetes cluster.

In the cluster, I've deployed the nginx-ingress helm chart, exposing NodePort for https at 30200

I've created a k8s TLS secret named test-secret from the above certificate.

I've deployed an app with service 'test' and have installed the following ingress:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  namespace: default
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  tls:
  - hosts:
    - fake.example.com
    secretName: test-secret
  rules:
    - host: fake.example.com
      http:
        paths:
        - path: /myapp
          backend:
            serviceName: test
            servicePort: 8080

So, if i execute

curl https://{ip for k8s node}:30200/myapp/ping -H 'Host:fake.example.com' -k --verbose

I get the expected response from my app, but I also see

* Server certificate:

*  subject: O=Acme Co; CN=Kubernetes Ingress Controller Fake Certificate

*  start date: Jan 25 20:52:16 2018 GMT

*  expire date: Jan 25 20:52:16 2019 GMT

*  issuer: O=Acme Co; CN=Kubernetes Ingress Controller Fake Certificate

So my question is, is it possible to configure nginx to use the correct certificate in this scenario?

Sep 11, 2018 in Kubernetes by lina
• 8,100 points
365 views

1 answer to this question.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
0 votes

You have to create a secret named test-secret.

➜  charts git:(master) kubectl describe secret --namespace operation mydomain.cn-cert
Name:         mydomain.cn-cert
Namespace:    operation
Labels:       <none>
Annotations:  <none>
Type:  Opaque
Data
====
tls.crt:  3968 bytes
tls.key:  1678 bytes
answered Sep 11, 2018 by Kalgi
• 35,640 points

Related Questions In Kubernetes

0 votes
1 answer

Issue with Kubernetes ingress routing to Nextjs applications

You’re using nginx ingress controller which does ...READ MORE

answered Sep 11, 2018 in Kubernetes by Kalgi
• 35,640 points
76 views
0 votes
1 answer

kubernetes ingress controller and resource using nginx

Ingress is just collection of rules that forwards ...READ MORE

answered Sep 12, 2018 in Kubernetes by Kalgi
• 35,640 points
206 views
0 votes
1 answer

Disable SSL redirect for Kubernetes NGINX ingress

Adding ingress.kubernetes.io/ssl-redirect: "false" to annotations will disable the SSL redirect: apiVersion: extensions/v1beta1 kind: ...READ MORE

answered Sep 12, 2018 in Kubernetes by Kalgi
• 35,640 points
863 views
0 votes
1 answer

Unable to deploy nginx ingress on kubernetes

The nginix ingress controller uses hostPort to ...READ MORE

answered Oct 1, 2018 in Kubernetes by Kalgi
• 35,640 points
41 views
0 votes
1 answer
0 votes
1 answer

permissions related to AWS ECR

if you add allowContainerRegistry: true, kops will add those permissions ...READ MORE

answered Oct 9, 2018 in Kubernetes by Kalgi
• 35,640 points
30 views
0 votes
3 answers

Error while joining cluster with node

Hi Kalgi after following above steps it ...READ MORE

answered Jan 17 in Others by anonymous
429 views
0 votes
2 answers

Kubernetes Ingress running behind nginx reverse proxy

You need an ingress as mentioned by ...READ MORE

answered Sep 10, 2018 in Kubernetes by Hannah
• 14,040 points
585 views
0 votes
1 answer

Ingress nginx loading resource 404 in kubernetes

This is not a routing problem on ...READ MORE

answered Sep 10, 2018 in Kubernetes by Kalgi
• 35,640 points
431 views

© 2018 Brain4ce Education Solutions Pvt. Ltd. All rights Reserved.
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.