Giter VIP home page Giter VIP logo

Comments (6)

codeaprendiz avatar codeaprendiz commented on June 10, 2024

Hi @sonisaurabh19 , thanks a lot for your valuable response. Yeah I am planning to add such example as well. I will post the example here as comment :) and let you know.

from learn_kubernetes.

codeaprendiz avatar codeaprendiz commented on June 10, 2024

Hi @sonisaurabh19 ,
I have added a task for using the pre-existing certs now. Please check this and let me know if this helps.

Let me know if you face any issues. We can improve the document accordingly.
You can also check the official docs

I will close the issue if this works.

from learn_kubernetes.

sonisaurabh19 avatar sonisaurabh19 commented on June 10, 2024

Hi, thanks for doing this quick. I followed the steps as stated with couple minor changes.

  1. For dev, I am using mkcert tool to generate custom TLS certificate.
✗ mkcert traefik.minikube "*.traefik.minikube" 192.168.64.2  
Using the local CA at "/Users/sisuser/Library/Application Support/mkcert" ✨
Warning: the local CA is not installed in the Firefox trust store! ⚠️
Run "mkcert -install" to avoid verification errors ‼️

Created a new certificate valid for the following names 📜
 - "traefik.minikube"
 - "*.traefik.minikube"
 - "192.168.64.2"

Reminder: X.509 wildcards only go one level deep, so this won't match a.b.traefik.minikube ℹ️

The certificate is at "./traefik.minikube+2.pem" and the key at "./traefik.minikube+2-key.pem" ✅

  1. Added the base64 key and cert files to 12-secret.yaml, I just changed the values i.e. Add base64 encoded value of you cert.key and Add base64 encoded value of your chained cert.crt.

  2. kubectl apply -f 12-secret.yaml

  3. Updated 35-whoami-ingress-route.yaml:

- match: Host(`traefik.minikube`) && PathPrefix(`/whoami-app-api`)

  1. kubectl apply -f .

  2. Setup minikube tunnel

  3. Pods

NAME           TYPE           CLUSTER-IP       EXTERNAL-IP    PORT(S)                                     AGE
kubernetes     ClusterIP      10.96.0.1        <none>         443/TCP                                     18d
traefik        LoadBalancer   10.98.11.245     10.98.11.245   80:31374/TCP,443:31201/TCP,8080:31166/TCP   4s
whoami         ClusterIP      10.110.68.153    <none>         80/TCP                                      4s
whoami-again   ClusterIP      10.111.200.181   <none>         80/TCP                                      2d4h

Please see the error in traefik.log

✗ kubectl logs traefik-644f4fdf79-877qd        
time="2020-07-12T22:16:21Z" level=info msg="Configuration loaded from file: /etc/traefik/traefik.toml"
time="2020-07-12T22:16:21Z" level=info msg="Traefik version 2.1.9 built on 2020-03-23T17:23:17Z"
time="2020-07-12T22:16:21Z" level=debug msg="Static configuration loaded {\"global\":{},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{}},\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{}},\"websecure\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{}}},\"providers\":{\"providersThrottleDuration\":2000000000,\"file\":{\"directory\":\"/var/tf\",\"watch\":true},\"kubernetesCRD\":{}},\"api\":{\"insecure\":true,\"dashboard\":true,\"debug\":true},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"},\"accessLog\":{\"format\":\"common\",\"filters\":{},\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"drop\"}}}}"
time="2020-07-12T22:16:21Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/contributing/data-collection/\n"
time="2020-07-12T22:16:21Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
time="2020-07-12T22:16:21Z" level=debug msg="Start TCP Server" entryPointName=web
time="2020-07-12T22:16:21Z" level=debug msg="Start TCP Server" entryPointName=websecure
time="2020-07-12T22:16:21Z" level=debug msg="Start TCP Server" entryPointName=traefik
time="2020-07-12T22:16:21Z" level=info msg="Starting provider *file.Provider {\"directory\":\"/var/tf\",\"watch\":true}"
time="2020-07-12T22:16:21Z" level=error msg="Cannot start the provider *file.Provider: unable to read directory /var/tf: open /var/tf: no such file or directory"
time="2020-07-12T22:16:21Z" level=info msg="Starting provider *traefik.Provider {}"
time="2020-07-12T22:16:21Z" level=debug msg="Configuration received from provider internal: {\"http\":{\"routers\":{\"api\":{\"entryPoints\":[\"traefik\"],\"service\":\"api@internal\",\"rule\":\"PathPrefix(`/api`)\",\"priority\":2147483646},\"dashboard\":{\"entryPoints\":[\"traefik\"],\"middlewares\":[\"dashboard_redirect@internal\",\"dashboard_stripprefix@internal\"],\"service\":\"dashboard@internal\",\"rule\":\"PathPrefix(`/`)\",\"priority\":2147483645},\"debug\":{\"entryPoints\":[\"traefik\"],\"service\":\"api@internal\",\"rule\":\"PathPrefix(`/debug`)\",\"priority\":2147483646}},\"middlewares\":{\"dashboard_redirect\":{\"redirectRegex\":{\"regex\":\"^(http:\\\\/\\\\/[^:\\\\/]+(:\\\\d+)?)\\\\/$\",\"replacement\":\"${1}/dashboard/\",\"permanent\":true}},\"dashboard_stripprefix\":{\"stripPrefix\":{\"prefixes\":[\"/dashboard/\",\"/dashboard\"]}}},\"services\":{\"api\":{},\"dashboard\":{}}},\"tcp\":{},\"tls\":{}}" providerName=internal
time="2020-07-12T22:16:21Z" level=info msg="Starting provider *crd.Provider {}"
time="2020-07-12T22:16:21Z" level=debug msg="Using label selector: \"\"" providerName=kubernetescrd
time="2020-07-12T22:16:21Z" level=info msg="label selector is: \"\"" providerName=kubernetescrd
time="2020-07-12T22:16:21Z" level=info msg="Creating in-cluster Provider client" providerName=kubernetescrd
time="2020-07-12T22:16:21Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=debug@internal middlewareName=tracing middlewareType=TracingForwarder
time="2020-07-12T22:16:21Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder
time="2020-07-12T22:16:21Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik routerName=dashboard@internal
time="2020-07-12T22:16:21Z" level=debug msg="Creating middleware" middlewareType=StripPrefix middlewareName=dashboard_stripprefix@internal routerName=dashboard@internal entryPointName=traefik
time="2020-07-12T22:16:21Z" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal entryPointName=traefik
time="2020-07-12T22:16:21Z" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareType=RedirectRegex middlewareName=dashboard_redirect@internal
time="2020-07-12T22:16:21Z" level=debug msg="Setting up redirection from ^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareType=RedirectRegex middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal
time="2020-07-12T22:16:21Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2020-07-12T22:16:21Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-07-12T22:16:21Z" level=debug msg="No default certificate, generating one"
time="2020-07-12T22:16:22Z" level=debug msg="Configuration received from provider kubernetescrd: {\"http\":{\"routers\":{\"default-whoami-whoami-0a89be42842c990013d3\":{\"entryPoints\":[\"web\",\"websecure\"],\"service\":\"default-whoami-whoami-0a89be42842c990013d3\",\"rule\":\"Host(`traefik.minikube`) \\u0026\\u0026 PathPrefix(`/whoami-app-api`)\"}},\"services\":{\"default-whoami-whoami-0a89be42842c990013d3\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.17.0.7:80\"}],\"passHostHeader\":true}}}},\"tcp\":{},\"tls\":{}}" providerName=kubernetescrd
time="2020-07-12T22:16:22Z" level=debug msg="Creating middleware" entryPointName=websecure routerName=default-whoami-whoami-0a89be42842c990013d3@kubernetescrd serviceName=default-whoami-whoami-0a89be42842c990013d3 middlewareType=Pipelining middlewareName=pipelining
time="2020-07-12T22:16:22Z" level=debug msg="Creating load-balancer" entryPointName=websecure routerName=default-whoami-whoami-0a89be42842c990013d3@kubernetescrd serviceName=default-whoami-whoami-0a89be42842c990013d3
time="2020-07-12T22:16:22Z" level=debug msg="Creating server 0 http://172.17.0.7:80" serviceName=default-whoami-whoami-0a89be42842c990013d3 entryPointName=websecure routerName=default-whoami-whoami-0a89be42842c990013d3@kubernetescrd serverName=0
time="2020-07-12T22:16:22Z" level=debug msg="Added outgoing tracing middleware default-whoami-whoami-0a89be42842c990013d3" routerName=default-whoami-whoami-0a89be42842c990013d3@kubernetescrd entryPointName=websecure middlewareName=tracing middlewareType=TracingForwarder
time="2020-07-12T22:16:22Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=websecure
time="2020-07-12T22:16:22Z" level=debug msg="Added outgoing tracing middleware api@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik routerName=api@internal
time="2020-07-12T22:16:22Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" entryPointName=traefik middlewareName=tracing middlewareType=TracingForwarder routerName=dashboard@internal
time="2020-07-12T22:16:22Z" level=debug msg="Creating middleware" middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix entryPointName=traefik routerName=dashboard@internal
time="2020-07-12T22:16:22Z" level=debug msg="Adding tracing to middleware" middlewareName=dashboard_stripprefix@internal entryPointName=traefik routerName=dashboard@internal
time="2020-07-12T22:16:22Z" level=debug msg="Creating middleware" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal
time="2020-07-12T22:16:22Z" level=debug msg="Setting up redirection from ^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal
time="2020-07-12T22:16:22Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2020-07-12T22:16:22Z" level=debug msg="Added outgoing tracing middleware api@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik routerName=debug@internal
time="2020-07-12T22:16:22Z" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=traefik middlewareName=traefik-internal-recovery
time="2020-07-12T22:16:22Z" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-07-12T22:16:22Z" level=debug msg="No default certificate, generating one"
time="2020-07-12T22:16:23Z" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints" providerName=kubernetescrd

The fact that traefik is generating default certificate could be linked to /var/tf missing.

from learn_kubernetes.

vamshisiddarth avatar vamshisiddarth commented on June 10, 2024

@sonisaurabh19 I pushed the changes to fix this issue. Pull the latest master and replace the secret with base64 encoded. It should work now.

from learn_kubernetes.

sonisaurabh19 avatar sonisaurabh19 commented on June 10, 2024

@vamshisiddarth It is working, thanks! But dashboard is still loading at http, not https!

from learn_kubernetes.

codeaprendiz avatar codeaprendiz commented on June 10, 2024

@sonisaurabh19 , you can refer the following link for the same. I will be closing the issue now as TLS with custom certificates is working.

from learn_kubernetes.

Related Issues (2)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.