On the road again

The article shows how to debug SSL on Nginx Ingress Controller.

 Create ingress object definition:

metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: /
  name: keystone
spec:
  rules:
  - host: keystone
    http:
      paths:
      - backend:
          serviceName: keystone-api
          servicePort: ks-pub
        path: /
 
  tls:
  - hosts:
    - keystone
    secretName: keystone-tls-public

Create TLS secret defined above:

apiVersion: v1
data:
  ca.crt: <CA_CERT>
  tls.crt: <API_CERT>
  tls.key: <API_KEY>
kind: Secret
metadata:
  name: keystone-tls-public
type: kubernetes.io/tls

View certificates in ingress controller pod:

kubectl -n openstack exec -it $(kubectl -n openstack get pods | grep ingress |\
head -1 | cut -f 1 -d " ") -- ls -1 /etc/ingress-controller/ssl

View ingress controller logs:

kubectl -n openstack log $(kubectl -n openstack get pods | grep ingress |\
head -1 | cut -f 1 -d " ") | tail -n 100

View nginx configuration:

kubectl -n openstack exec -it $(kubectl -n openstack get pods | grep ingress |\
head -1 | cut -f 1 -d " ") -- cat /etc/nginx/nginx.conf
Добавить комментарий