I have a kubernetes pod configured as a webserver supporting https. This pod is giving the TLS handshake error logs. When we try to access the loadbalancer service IP on the browser, it gives error - the connection is not secure proceed to unsafe. For secure connection we have a self signed certificate mounted as a secret to the pod volume. If we remove support of https everything works fine. Can somebody suggest what could be the possible reason for such behaviour.
Asked
Active
Viewed 8,851 times
3
-
Please provide more information about your environment: How are you running Kubernetes? Locally? Cloud? Post your terminal outputs! the commands issued and the outputs, how can we reproduce the problem? Please refer to "https://stackoverflow.com/help/how-to-ask" to enhance the chances of getting your question answered. – Will R.O.F. Jan 09 '20 at 10:04
1 Answers
5
By default a https connection exist only between the browser and the loadbalancer. The loadbalancer communicates with pods using plain http.
browser -------------->|loadbalancer|-----------> POD
https http
In that case, the certificate needs to be present on the loadbalancer, not on the POD, and you should disable HTTPS on the pod.
The loadbalancer can be configured to communicate with PODs using https, but it will be a different https connection:
browser -------------->|loadbalancer|-----------> POD
https https
Here two certificates are needed, one on the loadbalancer and one on the pod itself.
The last option is pass-through SSL, but it's not enabled by default:
loadbalancer
browser --------------|--------------|-----------> POD
https
Here the certificate should be placed on the pod.
The way of configuring HTTPS depends on the used loadbalancer, cloud provider etc. If you are using Ingress, this page might help: Kubernetes: Using Ingress with SSL/TLS termination and HTTP/2
Sidenote: browsers always complain about insecure connection when using a self-signed certificate (unless you configure them not to do it).
Mafor
- 9,668
- 2
- 21
- 36