0

I created an ingress tls rule inside a GKE cluster which uses an nginx controller which uses an invalid certificate for testing purposes.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: backend
  namespace: staging
spec:
  rules:
  - host: app.staging.xx.xx.xx.xx.nip.io
    http:
      paths:
      - backend:
          serviceName: backend
          servicePort: 8000
        path: /
  tls:
  - hosts:
    - app.staging.xx.xx.xx.xx.nip.io
    secretName: tls-keys

The referenced Secret

apiVersion: v1
data:
  tls.crt: base64 encoded key
  tls.key: base64 encoded key
kind: Secret
metadata:
  name: tls-keys
  namespace: staging
type: kubernetes.io/tls

The backend service for my pods

apiVersion: v1
kind: Service
metadata:
  labels:
    app: backend
  name: backend
  namespace: staging
spec:
  clusterIP: 10.63.255.180
  ports:
  - port: 8000
    protocol: TCP
    targetPort: 8000
  selector:
    app: backend

When I access the page https://app.staging.xx.xx.xx.xx.nip.io the page suspiciously shows me the invalid Kubernetes Ingress Controller Fake Certificate instead of my custom invalid certificate.

Continuing with the security exception I get the default backend - 404

Why does my website not show up?

Is there are way to get more information why this is happening?

Roderick Jonsson
  • 1,111
  • 1
  • 10
  • 16
  • your config looks fine could you try to configure this without tls, to check your backend. because 404 not found usually means backend is work but request is goes to wrong place. – Nick Rak Aug 06 '18 at 15:26
  • @NickRak Thats right and it is working if I don't do a https call. But with https I get 404 which means it doesn't recognize the request. But where do I then have to configure the domain for https so it gets recognized? – Roderick Jonsson Aug 06 '18 at 17:07
  • there is a good explanation how it is works and how to use it in GKE https://stackoverflow.com/questions/44365921/enable-https-on-gce-gke – Nick Rak Aug 07 '18 at 12:41

0 Answers0