i'm trying to expose Nexus 3 using an Nginx controller with letEncrypt, but I get 502 Bad Gateway. I created this files:
**Namespace: **
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: nexus
spec: {}
status: {}
**Persistent Volume: **
apiVersion: v1
kind: PersistentVolume
metadata:
name: nexus-pv
namespace: nexus
labels:
type: local
spec:
capacity:
storage: 20Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/sonatype-work"
**Persistent volume claim: **
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nexus-pvc
namespace: nexus
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
**Deployment: **
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: nexus
name: nexus
namespace: nexus
spec:
replicas: 1
selector:
matchLabels:
app: nexus
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: nexus
spec:
initContainers:
- name: volume-mount-hack
image: busybox
command: ["sh", "-c", "chown -R 200:200 /nexus-data"]
volumeMounts:
- name: nexus-pv
mountPath: /nexus-data
containers:
- image: sonatype/nexus3:3.56.0
name: nexus3
resources: {}
ports:
- containerPort: 8081
- containerPort: 5000
volumeMounts:
- mountPath: /nexus-data
name: nexus-pv
volumes:
- name: nexus-pv
persistentVolumeClaim:
claimName: nexus-pvc
status: {}
**Service: **
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: nexus
name: nexus-svc
namespace: nexus
spec:
ports:
- port: 8081
targetPort: 8081
protocol: TCP
name: http
- port: 5000
targetPort: 5000
protocol: TCP
name: docker
selector:
app: nexus
type: ClusterIP
status:
loadBalancer: {}
**Ingress: **
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nexus-ingress
namespace: nexus
annotations:
cert-manager.io/cluster-issuer: letsencrypt
ingress.kubernetes.io/proxy-body-size: 1G
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
ingressClassName: nginx
rules:
# CHANGE ME
- http:
paths:
- path: /nexus
pathType: Prefix
backend:
service:
name: nexus-svc
port:
number: 8081
# CHANGE ME
- http:
paths:
- path: /docker
pathType: Prefix
backend:
service:
name: nexus-svc
port:
number: 5000
In the namespace ** Ingress ** i have these resources:
NAME READY STATUS RESTARTS AGE
pod/cert-manager-66f74b6b4d-sk8fr 1/1 Running 2 (24h ago) 7d23h
pod/cert-manager-cainjector-5b7db87fff-jmkct 1/1 Running 5 (24h ago) 7d23h
pod/cert-manager-webhook-77b8ffb7dd-gpwrx 1/1 Running 0 7d23h
pod/nginx-ingress-ingress-nginx-controller-7d86bb8bb7-djfsl 1/1 Running 0 7d23h
pod/nginx-ingress-ingress-nginx-controller-7d86bb8bb7-rtx5d 1/1 Running 0 7d23h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/cert-manager ClusterIP 10.102.140.107 <none> 9402/TCP 7d23h
service/cert-manager-webhook ClusterIP 10.100.77.169 <none> 443/TCP 7d23h
service/nginx-ingress-ingress-nginx-controller LoadBalancer 10.107.124.46 XXX.XXX.XX.XXX 80:31898/TCP,443:32230/TCP 7d23h
service/nginx-ingress-ingress-nginx-controller-admission ClusterIP 10.97.177.108 <none> 443/TCP 7d23h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/cert-manager 1/1 1 1 7d23h
deployment.apps/cert-manager-cainjector 1/1 1 1 7d23h
deployment.apps/cert-manager-webhook 1/1 1 1 7d23h
deployment.apps/nginx-ingress-ingress-nginx-controller 2/2 2 2 7d23h
NAME DESIRED CURRENT READY AGE
replicaset.apps/cert-manager-66f74b6b4d 1 1 1 7d23h
replicaset.apps/cert-manager-cainjector-5b7db87fff 1 1 1 7d23h
replicaset.apps/cert-manager-webhook-77b8ffb7dd 1 1 1 7d23h
replicaset.apps/nginx-ingress-ingress-nginx-controller-7d86bb8bb7 2 2 2 7d23h
The ** ClusterIssuer ** is in the default namespace:
apiVersion: v1
items:
- apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"cert-manager.io/v1","kind":"ClusterIssuer","metadata":{"annotations":{},"name":"letsencrypt"},"spec":{"acme":{"email":"mymail@outlook.com","privateKeySecretRef":{"name":"letsencrypt"},"server":"https://acme-v02.api.letsencrypt.org/directory","solvers":[{"http01":{"ingress":{"class":"nginx","podTemplate":{"spec":{"nodeSelector":{"kubernetes.io/os":"linux"}}}}}}]}}}
creationTimestamp: "2023-06-24T14:29:51Z"
generation: 1
name: letsencrypt
resourceVersion: "6309"
uid: 79f2c627-c5eb-4ee1-9a6c-2b07ddc4c6f2
spec:
acme:
email: mymail@outlook.com
preferredChain: ""
privateKeySecretRef:
name: letsencrypt
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- http01:
ingress:
class: nginx
podTemplate:
metadata: {}
spec:
nodeSelector:
kubernetes.io/os: linux
kind: List
metadata:
resourceVersion: ""
Can someone help me to understand what is wrong in my configuration ? Thank you so much
When i see the nginx-controller logs, I found this error:
I0702 13:49:23.761490 7 event.go:285] Event(v1.ObjectReference{Kind:"Pod", Namespace:"ingress", Name:"nginx-ingress-ingress-nginx-controller-7d86bb8bb7-rtx5d", UID:"6c7cb076-911b-41df-984c-ba6658523022", APIVersion:"v1", ResourceVersion:"5825", FieldPath:""}): type: 'Normal' reason: 'RELOAD' NGINX reload triggered due to a change in configuration
2023/07/02 13:49:30 [error] 3154#3154: *5647494 SSL_do_handshake() failed (SSL: error:0A00010B:SSL routines::wrong version number) while SSL handshaking to upstream, client: 10.244.0.0, server: _, request: "GET /nexus HTTP/2.0", upstream: "https://10.244.1.112:8081/", host: "XXX.XXX.XX.XXX"I tryed to expose Nexus3 with NodePort and is working. But for me is impossible to expose it with Nginx Ingress
