How can I solve a problem with tls: internal error in kubernetes

6/14/2019

I get this error when Im trying to use: kubectl --kubeconfig=kubeconfig logs service-76486594c6-gl2l6

I run EKS cluster on AWS and I applied roles to it: kubectl --kubeconfig=kubeconfig describe configmap -n kube-system aws-auth

Name:         aws-auth
Namespace:    kube-system
Labels:       <none>
Annotations:  kubectl.kubernetes.io/last-applied-configuration:
                {"apiVersion":"v1","data":{"mapAccounts":"","mapRoles":"- rolearn: arn:aws:iam::1111:role/role\n  u...

Data
====
mapUsers:
----
- userarn: arn:aws:iam::1111:user/username
  username: username
  groups:
    - system:masters

mapAccounts:
----

mapRoles:
----
- rolearn: arn:aws:iam::1111:role/role
  username: system:node:{{EC2PrivateDNSName}}
  groups:
    - system:bootstrappers
    - system:nodes

- rolearn: arn:aws:iam::1111:role/role
  username: role/1560432619067016189
  groups:
    - system:masters

my deployment.yaml

apiVersion: v1
kind: Service
metadata:
  name: myservice
  labels:
    app: myservice
spec:
  ports:
  - port: 80
    targetPort: 5000
    name: http
  - port: 443
    targetPort: 5000
    name: https
  selector:
    app: myservice
  type: LoadBalancer
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: myservice
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: myservice
        version: v1
    spec:
      containers:
      - name: myservice
        image: my_image_to_default_app
        resources:
          requests:
            cpu: "100m"
        imagePullPolicy: IfNotPresent #Always
        ports:
        - containerPort: 5000

Ho can I solve this problem?

I tried to upload a self-signed certificate to the cluster using: "create certificate" but still I dont know how to attach it to an existing kubernetes service

-- Michal
amazon-web-services
kubernetes
ssl

1 Answer

6/14/2019

if you want to setup the tls certificate on kubernetes you have to setup ingress and ingress controller with cert-manager.

with ingress and ingress controller you can use cert-manager. using cert-manager you can apply for the let's-encrypt certificate and you can use this certificate as the tls certificate for your application.

https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes

If you want to set up the SSL and tls certificate you can follow this guide and take the help from this tutorial. it is from the digital ocean.

-- Harsh Manvar
Source: StackOverflow