I wrote an answer to this at https://stackoverflow.com/ questions/44708272/how-to-access-a-kubernetes-service- through-https/44709245#44709245.
If you are actually planning to expose an application running on Kubernetes to the outside world with HTTPs, you should consider buying HTTPs certificates (or take a look at kube-lego if you are interested in Let's Encrypt) and use an Ingress resource to configure a load balancer with TLS termination. On Thu, Jun 22, 2017 at 12:44 PM, <isazza...@gmail.com> wrote: > This is my cluster info > -------------- > kubectl cluster-info > Kubernetes master is running at https://129.146.10.66:6443 > Heapster is running at https://129.146.10.66:6443/api > /v1/proxy/namespaces/kube-system/services/heapster > KubeDNS is running at https://129.146.10.66:6443/api > /v1/proxy/namespaces/kube-system/services/kube-dns > -------------------------- > > So, I have a service(mysqlbrokerservice) running as NodePort and the > configuration looks like this > > kubectl describe svc mysqlbrokerservice > Name: mysqlbrokerservice > Namespace: mysqlbroker > Labels: <none> > Annotations: <none> > Selector: app=mysqlbroker > Type: NodePort > IP: 10.99.194.191 > Port: mysqlbroker 8080/TCP > NodePort: mysqlbroker 30000/TCP > Endpoints: 10.244.1.198:8080 > Session Affinity: None > Events: <none> > > > I can access the service through my public IP like this. > http://129.146.34.181:30000/v2/catalog. > > 29.146.34.181 is the public ip where the pod is running. > > > Then what I wanted to see if I can access the service through https. I > followed the direction in https://kubernetes.io/docs/tas > ks/access-application-cluster/access-cluster/#manually- > constructing-apiserver-proxy-urls > > I followed the example but it's not giving me any response. > 129.146.10.66:6443 is my master ip. > > This is the output of curl https://129.146.10.66:6443/api > /v1/namespaces/mysqlbroker/services/mysqlbrokerservice --header > "Authorization: Bearer $TOKEN" --insecure > { > "kind": "Service", > "apiVersion": "v1", > "metadata": { > "name": "mysqlbrokerservice", > "namespace": "mysqlbroker", > "selfLink": "/api/v1/namespaces/mysqlbroke > r/services/mysqlbrokerservice", > "uid": "40239ca3-577a-11e7-a6a7-000017002179", > "resourceVersion": "10581319", > "creationTimestamp": "2017-06-22T18:40:23Z" > }, > "spec": { > "ports": [ > { > "name": "mysqlbroker", > "protocol": "TCP", > "port": 8080, > "targetPort": 8080, > "nodePort": 30000 > } > ], > "selector": { > "app": "mysqlbroker" > }, > "clusterIP": "10.99.194.191", > "type": "NodePort", > "sessionAffinity": "None" > }, > "status": { > "loadBalancer": {} > } > } > > but doing a curl on the port give me this > curl -i -H "Accept: application/json" -H "Content-Type: application/json" > -X GET https://129.146.10.66:6443/api/v1/namespaces/mysqlbroker/ser > vices/mysqlbrokerservice:8080/proxy/v2/catalog --header "Authorization: > Bearer $TOKEN" --insecure > HTTP/1.0 200 Connection established > > > curl just waits there... and i looked at my pod logs and it does not show > that any request received. > > Can somebody explain what i am doing wrong here? What's the ideal solution > if want a service to be exposed through https? > > -- > You received this message because you are subscribed to the Google Groups > "Kubernetes user discussion and Q&A" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to kubernetes-users+unsubscr...@googlegroups.com. > To post to this group, send email to kubernetes-users@googlegroups.com. > Visit this group at https://groups.google.com/group/kubernetes-users. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
