-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Openssl gives Fake Kubernetes Certificate but browser shows correct one #6398
Comments
One step problem is solved by adding --default-ssl-certificate flag.
|
Its not a bug. Problem is solved.
|
How and where do you set this --default-ssl-certificate flag? Could you please provide more details. |
This appears to be implementation specific. In my case running microk8s I was able to set it by running the following command:
Then under args I added it as a new flag (these are supplied when the ingress pod is bootstrapped so it needs to be rebooted. In my case microk8s detected the configuration had been edited and automatically restarted the pod)
|
A better way to set the default-ssl-certificate in microk8s is to do this when enabling the addon (example sets secret
|
I have configured ssl certificate , which can be confirmed from https. If I goto
https://<mydomain>.com
, I can see it's no more fake certificate.BUT
If I do
openssl s_client -showcerts -connect <mydomain>.com:443
it returning the 'Kubernetes Ingress Controller Fake Certificate'NGINX Ingress controller version:
Kubernetes version (use
kubectl version
):Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.2", GitCommit:"f5743093fd1c663cb0cbc89748f730662345d44d", GitTreeState:"clean", BuildDate:"2020-09-16T13:41:02Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.2", GitCommit:"f5743093fd1c663cb0cbc89748f730662345d44d", GitTreeState:"clean", BuildDate:"2020-09-16T13:32:58Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}
Environment:
uname -a
): Linux k8s-master 5.4.0-48-generic fix typo in variable ProxyRealIPCIDR #52-Ubuntu SMP Thu Sep 10 10:58:49 UTC 2020 x86_64 x86_64 x86_64 GNU/LinuxWhat happened:
only Openssl gives fake certificate back.
What you expected to happen:
browser or Openssl should return same certificate
Ingres rule is:
Log:
/kind bug
The text was updated successfully, but these errors were encountered: