search

GoogleCloudPlatform / k8s-multicluster-ingress

kubemci: Command line tool to configure L7 load balancers using multiple kubernetes clusters
Apache License 2.0
376 stars 68 forks source link

Anyone use this example w/ Cloudflare? #208

Closed dihmeetree closed 5 years ago

dihmeetree commented 5 years ago

Trying to get this example to work, howerver; I'm having issues after deploying w/ my origin certificate from Cloudflare. I just get a 502 server error after waiting for about 10 minutes. :/

Anyone here get this example working w/ Cloudflare SSL/HTTPS ? :) Thanks!

NOTE: If anyone has successfully done it.. would anyone mind sharing a link to a repo that has the files that worked for you!

G-Harmon commented 5 years ago

I doubt I'll be of much help, but you should post more details about your setup and steps taken.

dihmeetree commented 5 years ago

Thanks @G-Harmon here are the following files I have:

ingress/ingress-https.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: zoneprinter
  annotations:
    kubernetes.io/ingress.class: gce-multi-cluster
    kubernetes.io/ingress.allow-http: "false"
    kubernetes.io/ingress.global-static-ip-name: zp-kubemci-ip
spec:
  tls:
  - secretName: tls-secret
  backend:
    serviceName: zone-printer
    servicePort: 80

manifests/zoneprinter-deployment.yaml

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: zoneprinter
  labels:
    app: zoneprinter
spec:
  selector:
    matchLabels:
      app: zoneprinter
  template:
    metadata:
      labels:
        app: zoneprinter
    spec:
      containers:
      - name: frontend
        image: gcr.io/google-samples/zone-printer:0.1
        ports:
          - containerPort: 80

manifests/zoneprinter-service.yaml

apiVersion: v1
kind: Service
metadata:
  name: nodeprinter
  annotations:
      service.alpha.kubernetes.io/app-protocols: '{"my-https-port":"HTTPS"}'
  labels:
    app: zoneprinter
spec:
  type: NodePort
  ports:
  - port: 80
    nodePort: 30061
    protocol: TCP
    name: my-https-port
  selector:
    app: zone-printer

Steps taken:

  1. I have fun this following command to setup the deployment and NodePorts for my service:

    for ctx in $(kubectl config get-contexts -o=name --kubeconfig clusters.yaml); do kubectl --kubeconfig clusters.yaml --context="${ctx}" create -f manifests/; done

  2. I then setup my secret called tls-secret on each cluster so that it can be accessed from the backend. I set it up via this command. The key and tls cert I used was from generating an origin certificate within my crypto dashboard on Cloudflare.

    kubectl create secret tls tls-secret --key tls.key --cert tls.crt

  3. I can then run the following command:

    ./kubemci create zone-printer --ingress=ingress/ingress-https.yaml --gcp-project=myproject --kubeconfig=clusters.yaml --force

  4. This creates the ingress controllers for each of the clusters.

  5. Everything at this point should be good at this point... I get 404 to start but then after that I just get a 502 error. I'm assuming somethings wrong on my backend?

Notes: 1) I'm trying to get SSL w/ Cloudflare working on both the frontend and the backend as described in the https md file located in this repo. I'm not sure if my files are correct based on what they told me to do :/

dihmeetree commented 5 years ago

@G-Harmon @nikhiljindal Any ideas to what I could be doing wrong? It has to be a silly mistake 😞