K
Q

gcloud kube-lego setup ssl issue

10/16/2017

I have thrown in the towel after days of struggle. I wanted to setup a SSL container site on gcloud with kube-lego

I decided to follow the step by step github.com/jetstack/kube-lego

I created a Secret for echoserver-tls

From $ kubectl get svc -n nginx-ingress I setup an A Record to point to the External IP address .

The echo server responds when i browse example.com

CLIENT VALUES:
client_address=('10.46.1.5', 45422) (10.46.1.5)
command=GET
path=/
real path=/
query=
request_version=HTTP/1.1
[truncated...]

But when i try https://example.com i get the error

default backend - 404

My configs are exactly from github.com/jetstack/kube-lego. Am i missing an obvious step not mentioned/skipped

I do not know the details to share but am showing results from kubectl describe ing -n kube-lego Name: kube-lego-nginx Namespace: kube-lego Address: xx.xx.xx.xx Default backend: default-http-backend:80 (10.36.1.7:8080) Rules: Host Path Backends ---- ---- -------- example.com /.well-known/acme-challenge kube-lego-nginx:8080 (<none>) Annotations: whitelist-source-range: 0.0.0.0/0 ssl-redirect: false Events: FirstSeen LastSeen Count From SubObjectPath Type Reason Message --------- -------- ----- ---- ------------- -------- ------ ------- 21m 21m 1 nginx-ingress-controller Normal CREATE kube-lego/kube-lego-nginx 21m 21m 1 nginx-ingress-controller Normal UPDATE kube-lego/kube-lego-nginx 21m 21m 1 nginx-ingress-controller Normal CREATE ip: xxx.xxx.xx.xxx

Please let me know if you need some more info/logs. to assist. Thank you.

-- BlowMan
containers
gcloud
kubernetes
lets-encrypt
nginx

Similar Questions

Can connect to elasticsearch pods using IP but not using pod name
Ssl Handshake times out randomly on local server NettyClientHandler
OpenShift oc create fails with "already exists"
Solr Cloud: Distribution of Shards across nodes

1 Answer

1/28/2018

If you are getting default backend - 404 by following https://example.com it means that your SSL certificates installed properly and ingress did not find service to expose for your host. So, it used the default backend which responds with message default backend - 404 for every request.

The problem can be in your ingress configuration. It should look somehow like:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: basic-ingress
  annotations:
    kubernetes.io/tls-acme: "true"
    kubernetes.io/ingress.class: "nginx"
    kubernetes.io/ingress.allow-http: "false"

spec:
  tls:
  - hosts:
    - example.com
    secretName: echoserver-tls

  rules:

  - host: example.com
    http:
      paths:
      - backend:
          serviceName: echoheaders # your service name
          servicePort: 80
        path: /
-- Alik Khilazhev
Source: StackOverflow