Question: host or backend? key

Asked By
cordoval
Asked At
2017-08-03 22:19:58

Found 15 possible answers.

User Answered At Possible Answer
mauilion 2017-08-03 22:20:49 you define
  rules:
so the tls spec should match that
http: host: clean-wildomar.hospiceworks.com -
cordoval 2017-08-03 22:21:16 https://github.com/kubernetes/ingress/blob/master/examples/multi-tls/nginx/multi-tls.yaml#L88
mauilion 2017-08-03 22:21:26
  tls:
hosts: - secretName: hub-secret
cordoval 2017-08-03 22:21:55 yes that is what is missing secretName: barbaz
    #  
    # make keys secret SECRET=/tmp/barbaz.json HOST=bar.baz.com  NAME=barbaz
    # You can create it via:
    # The cert must also contain the subj-name bar.baz.com 
    # This secret must exist beforehand
    - bar.baz.com 
  - hosts:
    secretName: foobar
    #  
    # make keys secret SECRET=/tmp/foobar.json HOST=foo.bar.com  NAME=foobar
    # You can create it via:
    # The cert must also contain the subj-name foo.bar.com 
    # This secret must exist beforehand
    - foo.bar.com 
  - hosts:
  tls:
spec: not in parallel key no @mauilion secretNAme goes under hosts adding that and retrying
mauilion 2017-08-03 22:25:28 yep your right. typo on my part.
cordoval 2017-08-03 22:27:28
kind: Ingress
servicePort: 443 serviceName: nginx-service backend: path: / - paths: http: host: clean-wildomar.hospiceworks.com - rules: secretName: hub-secret clean-wildomar.hospiceworks.com - hosts: - tls: spec: kubernetes.io/ingress.allow-http : "false" ingress.kubernetes.io/ssl-redirect : "true" ingress.kubernetes.io/secure-backends : "true" kubernetes.io/ingress.class : "nginx" annotations: namespace: clean-wildomar name: clean-wildomar-ingress metadata: apiVersion: extensions/v1beta1 kind: Ingress --- servicePort: 443 serviceName: nginx-service backend: path: / - paths: http: host: demo-temecula.hospiceworks.com - rules: secretName: hub-secret demo-temecula.hospiceworks.com - hosts: - tls: spec: kubernetes.io/ingress.allow-http : "false" ingress.kubernetes.io/ssl-redirect : "true" ingress.kubernetes.io/secure-backends : "true" kubernetes.io/ingress.class : "nginx" annotations: namespace: demo-temecula name: demo-temecula-ingress metadata: apiVersion: extensions/v1beta1
mauilion 2017-08-03 22:28:09 your backend service is named nginx-service? that seems confusing
cordoval 2017-08-03 22:28:23 yeah i need to change that, it is confusing ouch error: error converting YAML to JSON: yaml: line 16: did not find expected ‘-’ indicator maybe gateway-backend-service it is the only one service though that connects to the outside world
jfpc 2017-08-03 22:30:28 why would a pod running on kubernetes tell me it's TLS certs for kube were invalid? is there a way to "refresh the exchange"?
level=error msg="github.com/prometheus/prometheus/discovery/kubernetes/kubernetes.go:207 : Failed to list *v1.Pod: Get  : x509: certificate signed by unknown authority" component="kube_client_runtime" source="kubernetes.go:75"
jpweber 2017-08-03 22:31:44 @jfpc was this working before?
jfpc 2017-08-03 22:31:48 yep
jpweber 2017-08-03 22:32:29 are you running HA controllers by chance?
jfpc 2017-08-03 22:32:30 I wasn't paying close enough attention when it stopped working, so I'm not sure if there was an upgrade of the kube cluster or similar change which led to the breakage. yes, I deployed the cluster with kops and multi-master
jpweber 2017-08-03 22:33:05 I had a similar problem once when the controllers had different certs on them.
jfpc 2017-08-03 22:33:12 oh that's fun!

Related Questions