Access .NET Core app on Kubernetes on both http and https

3
votes

Being new to Kubernetes, I am trying to make a simple .NET Core 3 MVC app run on Kubernetes and reply on port 443 as well as port 80. I have a working Docker-Compose setup which I am trying to port to Kubernetes.

Running Docker Desktop CE with nginx-ingress on Win 10 Pro.

So far it is working on port 80. (http://mymvc.local on host Win 10 - hosts file redirects mymvc.local to 127.0.0.1)

My MVC app is running behind service mvc on port 5000.

I've made a self-signed certificate for the domain 'mymvc.local', which is working in the Docker-Compose setup.

This is my ingress file

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: mvc-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  tls:
  - hosts:
    - mymvc.local
    secretName: mvcsecret-tls
  rules:
    - host: mymvc.local
      http:
        paths:
        - path: /
          backend:
            serviceName: mvc
            servicePort: 5000

This is my secrets file (keys abbreviated):

apiVersion: v1
kind: Secret
metadata:
  name: mvcsecret-tls
data:
  tls.crt: MIIDdzCCAl+gAwIBAgIUIok60uPHId5kve+/bZAw/ZGftIcwDQYJKoZIhvcNAQELBQAwKTELMAkGBxGjAYBgN...
  tls.key: MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDPGN6yq9yzxvDL8fEUJChqlnaTQW6bQX+H0...
type: kubernetes.io/tls

kubectl describes the ingress as follows:

Name:             mvc-ingress
Namespace:        default
Address:          localhost
Default backend:  default-http-backend:80 (<none>)
TLS:
  mvcsecret-tls terminates mymvc.local
Rules:
  Host            Path  Backends
  ----            ----  --------
  mymvc.local
                  /   mvc:5000 (10.1.0.27:5000)
Annotations:
  kubernetes.io/ingress.class:                  nginx
  nginx.ingress.kubernetes.io/ssl-passthrough:  true
Events:
  Type    Reason  Age   From                      Message
  ----    ------  ----  ----                      -------
  Normal  CREATE  11m   nginx-ingress-controller  Ingress default/mvc-ingress
  Normal  UPDATE  11m   nginx-ingress-controller  Ingress default/mvc-ingress

In my Docker-Compose setup, I have an Nginx reverse proxy redirecting 80 and 443 to my MVC service, but I figured that is the role of ingress on Kubernetes?

My service YAML:

apiVersion: v1
kind: Service
metadata:
  name: mvc
  labels:
    app: mymvc
spec:
  ports:
  - name: "mvc"
    port: 5000
    targetPort: 5000
  selector:
    app: mymvc
  type: ClusterIP

EDIT: Adding 'nginx.ingress.kubernetes.io/rewrite-target: /' to ingress annotations males the https forward work, but the certificate presented is the 'Kubernetes Ingress Controller Fake Certificate' - not my self-signed one.

1
kuberneteskubernetes-ingress
share your service yaml file.Shashank V
Regarding your edit: please see this tread.Wytrzymały Wiktor
@TheRoadrunner Any progress?Wytrzymały Wiktor
@OhHiMark Yes, it turned out that I needed to add the (generic) RootCA certificate along with the tls certificateTheRoadrunner

1 Answers

1
votes

The solution turned out to be the addition of a second kind of certificate.

Instead of using the secrets file above (where I pasted the contents of my certificates files), I issued kubectl to use my certificate files directly:

kubectl create secret tls mvcsecret-tls --key MyCert.key --cert MyCert.crt
kubectl create secret generic tls-rootca --from-file=RootCA.pem