I am unable to get the TLS termination at nginx ingress controller working on my kubernetes cluster.
my ingress rule looks as the following :
Christophers-MacBook-Pro-2:acme-microservice cjaime$ kubectl describe ing myapp-ingress-1
Name: myapp-ingress-1
Namespace: default
Default backend: default-http-backend:80 (<none>)
acme-io terminates myapp-default.acme.io
Host Path Backends
---- ---- --------
/ myapp:80 (<none>)
ingress.kubernetes.io/ssl-redirect: true
kubernetes.io/ingress.class: nginx
Type Reason Age From Message
---- ------ ---- ---- -------
Normal UPDATE 53m (x2 over 1h) nginx-ingress-controller Ingress default/myapp-ingress-1
Normal UPDATE 53m (x2 over 1h) nginx-ingress-controller Ingress default/myapp-ingress-1
Normal UPDATE 53m (x2 over 1h) nginx-ingress-controller Ingress default/myapp-ingress-1
Normal UPDATE 53m (x2 over 1h) nginx-ingress-controller Ingress default/myapp-ingress-1
Whenever I try to access this from the browser I get the back the following server certificate
Server certificate
subject=/O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate
issuer=/O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate
This is preventing me from creating a valid SSL connection. I know my secret is correct because when using openssl I get a valid connection as follows
openssl s_client -servername myapp-default.acme.io -connect us1a-k8s-4.acme.io:31443 -showcerts
<content omitted>
Start Time: 1528241749
Timeout : 300 (sec)
Verify return code: 0 (ok)
However If I run the same command with the servername omitted I get the same fake certificate and a connection error
openssl s_client -connect us1a-k8s-4.acme.io:31443 -showcerts
depth=0 O = Acme Co, CN = Kubernetes Ingress Controller Fake Certificate
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 O = Acme Co, CN = Kubernetes Ingress Controller Fake Certificate
verify error:num=21:unable to verify the first certificate
verify return:1
Certificate chain
0 s:/O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate
i:/O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate
<content omitted>
Start Time: 1528241957
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)