I have an ingress properly set up with a properly configured TLS secret (and the secret is correctly in the same namespace as the ingress) yet for some reason when browsing to the endpoint the nginx controller is utilizing the default "Fake Kubernetes Certificate" rather than the one from my configured and specified TLS secret. Why would this be happening?
Nginx ingress controller on rke2 cluster keeps returning fake kubernetes certificate
237 Views Asked by pooley1994 At
1
There are 1 best solutions below
Related Questions in KUBERNETES
- Golang == Error: OCI runtime create failed: unable to start container process: exec: "./bin": stat ./bin: no such file or directory: unknown
- I can't create a pod in minikube on windows
- Oracle setting up on k8s cluster using helm charts enterprise edition
- Retrieve the Dockerfile configuration from the Kubernetes and also change container Java parameter?
- Summarize pods not running, by Namespace and Reason - I'm having trouble finding the reason
- How to get Java running parameters from Spring Boot running inside container in pod where no ps exist
- How do we configure prometheus server to scrape metrics from a pod with Istio sidecar proxy?
- In rke kube-proxy pod is not present
- problem with edge server registration in Eureka
- Unable to Access Kubernetes LoadBalancer Service from Local Device Outside Cluster
- Kubernetes cluster on GCE connection refused error
- Based on my experience, I've outlined the Kubernetes request flow. Could someone please add or highlight any points I might have overlooked?
- how to define StackGres helm chart "restapi" values to use internal LoadBalancer - AWS EKS
- Python3.11 can't open file [Errno 2] No such file or directory
- Cannot find remote pod service - SERVICE_UNAVAILABLE
Related Questions in HTTPS
- HTTPS configuration in Spring Boot, server returning timeout
- HTTP Requests from SSL Secured(HTTPS) Domain Failing
- My VPS does not accept HTTPS requests on a port other than 443
- Let Artifactory use HTTPS settings
- How to move updates from Google Play to another server
- Does a 403 error occur if there is no user-agent on the proxy network?
- How to fix HTTPS on express-gateway
- Can we check whether s3 bucket is currently accessed via http in any 1 of the account
- java.lang.UnsatisfiedLinkError: org.apache.tomcat.jni.SSL.renegotiatePending(J)I
- How do I fix this "Internal Server Error" I keep getting?
- Permission denied error on pfx certificate in docker ASP.NET Core 8 HTTPS on Ubuntu
- Mac Sonoma 14.4 Dotnet 8.0.203 SDK webapi https error
- Connect to wss that uses the same port as the rest of backend using nginx
- TLS: failed to verify certificate: x509: cannot validate certificate for <IP> because it doesn't contain any IP SANs
- Preventing Data Tampering in HTTPS Requests: Safeguarding User-Initiated Donations
Related Questions in RKE
- In rke kube-proxy pod is not present
- dial tcp: lookup kfsoftware.github.io on 10.43.0.10:53 server misbehaving
- How do nodes communicate with each other in a Kubernetes cluster?
- How do I communicate with the API running on port 9345 in a default RKE2 deployment?
- PersistentVolumeClaim not claiming a matching and available PersistentVolume
- Nginx ingress controller on rke2 cluster keeps returning fake kubernetes certificate
- Error on etcd health check while setting up RKE cluster
- Discovering the 'audit-log-path' for a kubernetes cluster kube-apiserver
- RKE Ports requirements - is communication between rke components is encrypted?
- How to find the config change history in rancher/rke?
- Nginx Ingress not working for paths other than /
- Error: Bad response statusCode [422]. cluster [c-***] status version is not available yet. Cannot validate kube version for template
- How to add an authorised cluster endpoint to a RKE2 cluster created by Rancher
- I'm currently using custom certificates for RKE/Rancher, how do I renew custom certificates?
- What is the correct and secure way to run a single instance mongo in kubernetes with Persistent volumes?
Related Questions in RKE2
- Ability to add exception to RKE2 securitypolicy for root pods or specific namespace
- Nginx ingress controller on rke2 cluster keeps returning fake kubernetes certificate
- Self-hosted Rke2 Load balancer No External IP
- Kubernetes Nginx Controller - "Service rancher does not have any active Endpoint"
- how to manipulate coredns corefile in rke2 k8s cluster?
- Kubernetes cannot start container due to AppArmor problems
- Rancher 2.6.5 RKE2 private registry image pull error x509: certificate signed by unknown authority
- Openstack cloud provider with rke2
- How to add an authorised cluster endpoint to a RKE2 cluster created by Rancher
- Rancher RKE2 Etcd Backup and Restore infinit loop
- rke2 ingress-nginx default ssl certificate
- RKE2 - Change containerd service command
- RKE2 ingress-nginx bind-address: port 80 is already in use
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
After much digging I determined why this was happening to me and thought I would share with others.
I had been creating my certificate using Step CA. My ingress (and by extension my certificate) were set to work properly for two different hostnames. When creating the certificate I had specified one of the hostnames as the
Subjectof the TLS certificate and the other as aSubject Alternate Name(which I do think is a valid thing to do). For some reason though, for the hostname that was set as theSubjectof the TLS cert, the Nginx controller was determining that the cert was not valid and so it was returning its default "Fake Kubernetes Certificate".The solution was that I re-created the TLS certificate, and specified the
Subjectas a Subject and as aSubject Alternate Namealong with the original SAN that I had already specified. Once both were listed as SANs, then the Nginx controller was able to properly identify my configured TLS cert as valid and began returning it correctly.