It turns out, that the Kubernetes autom. generated ACME certs (/O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate) are being used, instead of the CA and cert that I configured in rancher-cluster.yml.
The ingress config:
kubectl -n cattle-system describe ingress
Name: cattle-ingress-http
Namespace: cattle-system
Address: 192.168.33.10,192.168.33.11,192.168.33.12
Default backend: default-http-backend:80 ()
TLS:
cattle-keys-ingress terminates rancher.rancher.lab
Rules:
Host Path Backends
rancher.rancher.lab
cattle-service:80 ()
Annotations:
nginx [placeholder] .ingress.kubernetes.io/proxy-send-timeout: 1800
field [placeholder] .cattle.io/publicEndpoints: [{“addresses”:[“192.168.33.10”,“192.168.33.11”,“192.168.33.12”],“port”:443,“protocol”:“HTTPS”,“serviceName”:“cattle-system:cattle-service”,“ingressName”:“cattle-system:cattle-ingress-http”,“hostname”:“rancher.rancher.lab”,“allNodes”:false}]
kubectl [placeholder] .kubernetes.io/last-applied-configuration: {“apiVersion”:“extensions/v1beta1”,“kind”:“Ingress”,“metadata”:{“annotations”:{“nginx [placeholder] .ingress.kubernetes.io/proxy-connect-timeout”:“30”,“nginx [placeholder] .ingress.kubernetes.io/proxy-read-timeout”:“1800”,“nginx [placeholder] .ingress.kubernetes.io/proxy-send-timeout”:“1800”},“name”:“cattle-ingress-http”,“namespace”:“cattle-system”},“spec”:{“rules”:[{“host”:“rancher.rancher.lab”,“http”:{“paths”:[{“backend”:{“serviceName”:“cattle-service”,“servicePort”:80}}]}}],“tls”:[{“hosts”:[“rancher.rancher.lab”],“secretName”:“cattle-keys-ingress”}]}}nginx [placeholder] .ingress.kubernetes.io/proxy-connect-timeout: 30
nginx [placeholder] .ingress.kubernetes.io/proxy-read-timeout: 1800
Events:
Type Reason Age From Message
Normal CREATE 25m nginx-ingress-controller Ingress cattle-system/cattle-ingress-http
Normal CREATE 25m nginx-ingress-controller Ingress cattle-system/cattle-ingress-http
Normal CREATE 25m nginx-ingress-controller Ingress cattle-system/cattle-ingress-http
Normal UPDATE 24m (x2 over 24m) nginx-ingress-controller Ingress cattle-system/cattle-ingress-http
Normal UPDATE 24m (x2 over 24m) nginx-ingress-controller Ingress cattle-system/cattle-ingress-http
Normal UPDATE 24m (x2 over 24m) nginx-ingress-controller Ingress cattle-system/cattle-ingress-http
The config mentions a backend on port 80, but not 443. Also, TLS seems to be correctly configured (TLS:
cattle-keys-ingress terminates rancher.rancher.lab).
Any help is appreciated.