I wrote an answer to this at https://stackoverflow.com/
questions/44708272/how-to-access-a-kubernetes-service-
through-https/44709245#44709245.

If you are actually planning to expose an application running on Kubernetes
to the outside world with HTTPs, you should consider buying HTTPs
certificates (or take a look at kube-lego if you are interested in Let's
Encrypt) and use an Ingress resource to configure a load balancer with TLS
termination.

On Thu, Jun 22, 2017 at 12:44 PM, <isazza...@gmail.com> wrote:

> This is my cluster info
> --------------
> kubectl cluster-info
> Kubernetes master is running at https://129.146.10.66:6443
> Heapster is running at https://129.146.10.66:6443/api
> /v1/proxy/namespaces/kube-system/services/heapster
> KubeDNS is running at https://129.146.10.66:6443/api
> /v1/proxy/namespaces/kube-system/services/kube-dns
> --------------------------
>
> So, I have a service(mysqlbrokerservice) running as NodePort and the
> configuration looks like this
>
> kubectl describe svc mysqlbrokerservice
> Name:                   mysqlbrokerservice
> Namespace:              mysqlbroker
> Labels:                 <none>
> Annotations:            <none>
> Selector:               app=mysqlbroker
> Type:                   NodePort
> IP:                     10.99.194.191
> Port:                   mysqlbroker     8080/TCP
> NodePort:               mysqlbroker     30000/TCP
> Endpoints:              10.244.1.198:8080
> Session Affinity:       None
> Events:                 <none>
>
>
> I can access the service through my public IP like this.
> http://129.146.34.181:30000/v2/catalog.
>
> 29.146.34.181 is the public ip where the pod is running.
>
>
> Then what I wanted to see if I can access the service through https. I
> followed the direction  in https://kubernetes.io/docs/tas
> ks/access-application-cluster/access-cluster/#manually-
> constructing-apiserver-proxy-urls
>
> I followed the example but it's not giving me any response.
> 129.146.10.66:6443 is my master ip.
>
> This is the output of curl https://129.146.10.66:6443/api
> /v1/namespaces/mysqlbroker/services/mysqlbrokerservice --header
> "Authorization: Bearer $TOKEN" --insecure
> {
>   "kind": "Service",
>   "apiVersion": "v1",
>   "metadata": {
>     "name": "mysqlbrokerservice",
>     "namespace": "mysqlbroker",
>     "selfLink": "/api/v1/namespaces/mysqlbroke
> r/services/mysqlbrokerservice",
>     "uid": "40239ca3-577a-11e7-a6a7-000017002179",
>     "resourceVersion": "10581319",
>     "creationTimestamp": "2017-06-22T18:40:23Z"
>   },
>   "spec": {
>     "ports": [
>       {
>         "name": "mysqlbroker",
>         "protocol": "TCP",
>         "port": 8080,
>         "targetPort": 8080,
>         "nodePort": 30000
>       }
>     ],
>     "selector": {
>       "app": "mysqlbroker"
>     },
>     "clusterIP": "10.99.194.191",
>     "type": "NodePort",
>     "sessionAffinity": "None"
>   },
>   "status": {
>     "loadBalancer": {}
>   }
> }
>
> but doing a curl on the port give me this
> curl -i -H "Accept: application/json" -H "Content-Type: application/json"
> -X GET  https://129.146.10.66:6443/api/v1/namespaces/mysqlbroker/ser
> vices/mysqlbrokerservice:8080/proxy/v2/catalog --header "Authorization:
> Bearer $TOKEN" --insecure
> HTTP/1.0 200 Connection established
>
>
> curl just waits there... and i looked at my pod logs and it does not show
> that any request received.
>
> Can somebody explain what i am doing wrong here? What's the ideal solution
> if want a service to be exposed through https?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
  • [kubernetes-... isazzad79
    • Re: [ku... 'Ahmet Alp Balkan' via Kubernetes user discussion and Q&A

Reply via email to