The article shows how to debug SSL on Nginx Ingress Controller.
Create ingress object definition:
metadata:
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
name: keystone
spec:
rules:
- host: keystone
http:
paths:
- backend:
serviceName: keystone-api
servicePort: ks-pub
path: /
tls:
- hosts:
- keystone
secretName: keystone-tls-publicCreate TLS secret defined above:
apiVersion: v1
data:
ca.crt: <CA_CERT>
tls.crt: <API_CERT>
tls.key: <API_KEY>
kind: Secret
metadata:
name: keystone-tls-public
type: kubernetes.io/tlsView certificates in ingress controller pod:
kubectl -n openstack exec -it $(kubectl -n openstack get pods | grep ingress |\
head -1 | cut -f 1 -d " ") -- ls -1 /etc/ingress-controller/sslView ingress controller logs:
kubectl -n openstack log $(kubectl -n openstack get pods | grep ingress |\
head -1 | cut -f 1 -d " ") | tail -n 100View nginx configuration:
kubectl -n openstack exec -it $(kubectl -n openstack get pods | grep ingress |\
head -1 | cut -f 1 -d " ") -- cat /etc/nginx/nginx.conf