I'm pretty new to kubernetes, I hope to explain myself in a good way, and if anyone has any resources/suggestions to read for my problem it would be really much appreciated.
Let's get straight to the point.
The web app I'm trying to expose accepts only https connection on the service. So basically I would like to ask the ingress to communicate with my service through https
Following some tutorial I tried to expose a simple web app(that accept http connection) through https, craeting a certificate and a secret and adding the following line to the ingress.yml:
tls:
- secretName: testexample.com
hosts:
- testexample.com
and executing a curl -k https://testexample.com or through browser I can see my webpage.
The troubles pops out when my webapp accept only https connection, and the webapp we are moving to kubernetes does.
I always receive "404 default backend" message.
I tried to look for some resources/tutorial/previous questions,
Secure communication between Ingress Controller (Traefik) and backend service on Kubernetes
Securing connections from ingress to services in Kubernetes with TLS
but I didnt figure out how to get out of the problem.
Any suggestions as mentioned before would be much appreciated.
Error source can are probably your Ingress rule. It's their not pointing to the correct service & port or it is not in the same namespace as the service.
Related
I have set up an EKS cluster in that I have 3 apps deployed I right now its working fine with SSL certificate and I just only want it to force redirect user's HTTP requests to HTTPS I have tried many ways doing it with different services and ingress controller but none of them is working. Please help me out on this if you know of any solutions for this.
Thank you in advance...
here is the link to the service.yaml. I am using right now.
https://gist.github.com/vyasishanatc194/a01c2bda288c908e4c5c7c45f98ecb41
I am using ISTIO for service mesh in Azure kubernetes. I have configured private DNS to setup the FQDN. Currently the application is accessible over http protocol(eg: http://myapp.contoso.com) and I would like to be secured with https protocol(eg: https://myapp.contoso.com).
I know I have to change the service port to 443 to support https protocol however how/where do I install the SSL certificate for the application (eg: https://myapp.contoso.com)? Is there anything else to be done as well?
That will depend on where do you want the SSL termination to happen, if you want that to happen inside the Azure kubernetes network, then you can do SSL termination at ingress layer.
Or otherwise you can also do the termination at application gateway layer of Azure ( if you want to avail this service from azure, the redirection from http to https, basic firewall features and adding the pfx certificates at the listeners can be done), ingress can also take care of these things although.
You can install the let's encrypt certificates by using this helm chart and for further steps you can follow this stack overflow link, it shall help you in creating configurations for Istio, ppl have used this solution for Istio as well before
I found the answer here Securing Your Istio Ingress Gateway with HTTPS
There is istio documentation about that.
I have a microservice architecture (implemented in Spring Boot) deployed in Google Kubernetes Engine. For this microservice architecture I have setup the following:
domain: comanddev.tk (free domain from Freenom)
a certificate for this domain
the following Ingress config:
The problem is that when I invoke an URL that I know it should be working https://comanddev.tk/customer-service/actuator/health, the response I get is ERR_TIMEDOUT. I checked Ingress Controller and I don't receive any request in the ingress although URL forwarding is set.
Update: I tried to set a "glue record" like in the following picture and the response I get is that the certificate is not valid (i have certificate for comanddev.tk not dev.comanddev.tk) and I get 401 after agreeing to access unsecure url.
I've digged a bit into this.
As I mentioned when you $ curl -IL http://comanddev.tk/customer-service/actuator/health you will received nginx ingress response.
As domain intercepts the request and redirect to the destination server I am not sure if there is point to use TLS.
I would suggest you to use nameserver instead of URL Forwarding, just use IP of your Ingress. In this option you would redirect request to your Ingress. When you are using Port Forwarding you are using Freenom redirection and I am not sure how its handled on their side.
I'm working on a side project to learn Istio in my spare time, part of which is getting my hands dirty with Istio routing.
I'm trying to setup a Virtual Service such that any traffic on "/" gets routed to google.com. I can get Virtual Services to work with any in-cluster pods/services, but I can't seem to configure Istio to route to anything outside the cluster.
Any guidance would be much appreciated, cheers
You have to create a Service Entry for google.com and then create a Virtual Service, referencing google.com in the same way as in-mesh services. Note the issue of the protocols - do you want to access google.com by HTTP or HTTPS? You may want to let Istio perform TLS origination for you.
Configure a service entry for google.com. Refer this documentation overall, and precisely this.
I've made all files (deployment, pods, services, ingress ) to install an application. When I go to https://{POD_NAME}/moddev1/auth, I get the message
404 Not Found
from nginx.
I guess that the message is coming from nginx ingress.
All the informations are sent to the port 443.
Currently, I've the following pods running {xx98, xx97}.
Do I have to set a specific domain name to access to this application?
I'm a little bit lost at the moment... :(
The ‘404’ is a good thing as the POD is being found. It seems the error is that it can't find the ‘/moddev1/’ path. Found the same issue at [1] with a workaround that you should try.
[1]https://github.com/jetstack/kube-lego/issues/115
the solution to my issue was
i make a mistake when i set serviceName on ingress
the good one was
serviceName: https-cas
Also i set my domain cas.xxx now i cans access
tls:
- hosts:
- cloud.devlan.efg.corp
- cas.devlan.efg.corp
secretName: cloud-devlan-efg-corp-cert
if you have the error 404 when you try to access to your web page that mean you access until the proxy Nginx and your mistake is on ingress file . Maybe the same as me ;)