I was having an issue getting my minikube ingress controller working, as it was returning a
default backend - 404 when I hit the
https:// URL. Turns out a configuration that was working with nginx, does not necessarily work with ingress-nginx
At first I found this https://github.com/kubernetes/minikube/issues/1701 and tried everything in there, but it still did not solve my problem.
Next I found this https://stackoverflow.com/questions/49545732/how-to-get-kubernetes-ingress-to-terminate-ssl-and-proxy-to-service and this told me to go and check the ingress controller logs.
One command later
kubectl logs -n kube-system nginx-ingress-controller-67956bf89d-5c9zx and I found this.
W0721 22:34:37.322152 6 controller.go:1027] Validating certificate against DNS names. This will be deprecated in a future version. W0721 22:34:37.322162 6 controller.go:1032] ssl certificate default/darkedges-com-tls does not contain a Common Name or Subject Alternative Name for host as.tpp.forgerockdev.darkedges.com. Reason: x509: certificate is valid for *.darkedges.com, darkedges.com, not as.tpp.forgerockdev.darkedges.com W0721 22:34:37.322388 6 controller.go:1026] unexpected error validating SSL certificate default/darkedges-com-tls for host as.bank.forgerockdev.darkedges.com. Reason: x509: certificate is valid for *.darkedges.com, darkedges.com, not as.bank.forgerockdev.darkedges.com
So off I went to https://kubernetes.slack.com joined the
ingress-nginx channel and spoke with
@aledbf. At first it looked liked this was not going to get fixed and I pointed to the following articles
The latter article suited me perfectly and then it dawned on me, I should go and check my Origin Certificate within CloudFlare and that is when I found out I could generate a new certificate that covered all my SAN and CN needs.
One creation later and I had a new set of key/cert pair and I plugged it into my kubernetes secrets.
kubectl create secret tls darkedges-com-tls \ --key c:\development\forgerock\tls\darkedges.com.key \ --cert c:\development\forgerock\tls\darkedges.com.pem
I had to re-apply my ingress, and checked the ingress controller logs to see no problem and when I re-hit the
https:// URL it was being served with the CloudFlare certificate. It gave me a
502 Bad Gateway error, but at least I was being served via the correct certificate.