K
Q

Accessing docker container over https on Azure subdomain

6/28/2017

As an experiment I'm trying to run a docker container on Azure using the Azure Container Service and Kubernetes as the orchestrator. I'm running the official nginx image. Here are the steps I am taking:

az group create --name test-group --location westus az acs create --orchestrator-type=kubernetes --resource-group=test-group --name=k8s-cluster --generate-ssh-keys

I created Kubernetes deployment and service files from a docker compose file using Kompose.

deployment file apiVersion: extensions/v1beta1 kind: Deployment metadata: annotations: kompose.service.type: LoadBalancer creationTimestamp: null labels: io.kompose.service: test name: test spec: replicas: 1 strategy: {} template: metadata: creationTimestamp: null labels: io.kompose.service: test spec: containers: - image: nginx:latest name: test ports: - containerPort: 80 resources: {} restartPolicy: Always status: {}

service file apiVersion: v1 kind: Service metadata: annotations: kompose.service.type: LoadBalancer creationTimestamp: null labels: io.kompose.service: test name: test spec: ports: - name: "80" port: 80 targetPort: 80 selector: io.kompose.service: test type: LoadBalancer status: loadBalancer: {}

I can then start everything up:

kubectl create -f test-service.yaml,test-deployment.yaml

Once an IP has been exposed I assign a dns prefix to it so I can access my running container like so: http://nginx-test.westus.cloudapp.azure.com/.

My question is, how can I access the service using https? At https://nginx-test.westus.cloudapp.azure.com/

I don't think I'm supposed to configure nginx for https, since the certificate is not mine. I've tried changing the load balancer to send 443 traffic to port 80, but I receive a timeout error.

I tried mapping port 443 to port 80 in my Kubernetes service config.

ports: - name: "443" port: 443 targetPort: 80

But that results in:

SSL peer was not expecting a handshake message it received. Error code: SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT

How can I view my running container at https://nginx-test.westus.cloudapp.azure.com/?

-- chris
azure
docker
https
kubernetes

Similar Questions

jhipster kubectl - unable to decode " ": Object 'Kind' is missing
kubernetes cant run docker image from localhost registry
Stackdriver custom metric aggregate alerts
How can I access Concourse built with helm outside of the cluster?

1 Answer

6/29/2017

If I understand it correctly, I think you are looking for Nginx Ingress controller.
If we need TLS termination on Kubernetes, we can use ingress controller, on Azure we can use Nginx Ingress controller.
To archive this, we can follow those steps:
1 Deploy the Nginx Ingress controller
2 Create TLS certificates
3 Deploy test http service
4 configure TLS termination
More information about configure Nginx Ingress Controller for TLS termination on Kubernetes on Azure, please refer to this blog.

root@k8s-master-6F403744-0:~/ingress/examples/deployment/nginx# kubectl get services --namespace kube-system -w
NAME                   CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
default-http-backend   10.0.113.185   <none>        80/TCP    42m
heapster   10.0.4.232   <none>    80/TCP    1h
kube-dns   10.0.0.10   <none>    53/UDP,53/TCP   1h
kubernetes-dashboard   10.0.237.125   <nodes>   80:32229/TCP   1h
nginx-ingress-ssl   10.0.92.57   40.71.37.243   443:30215/TCP   13m

enter image description here

enter image description here

-- Jason Ye
Source: StackOverflow