I need to temporarily expose Rancher UI publicly on the internet. If it is possible, I want Rancher to expose himself with its Ingress.
I have a Kubernetes bare-metal cluster provisioned and managed by Rancher with two nodes (Single Node installation, using the self-signed certificate), of which Master is also Worker. Each node is in a different subnet, the node A (master) has the IP address 172.21.x.x, while the node B has the address 192.168.x.x.
Currently, Rancher UI is reachable only by calling the address https://172.21.x.x:8443, which is available only in the internal network of my institution. It is not possible for hosts in this subnet to be accessible from the Internet (network security policy).
The subnet in which node B is located is intended for hosts that provide services on the Internet. The network administrator routes all incoming traffic for all subdomains *.projectx.institution.com to node B. There it is intercepted by Ingress.
Rancher v.2.2.4 / Kubernetes provisioned by Rancher v.1.13.5 / Docker v.17.3.2 on hosts
I have an SSL certificate of my institution for wildcard *.institution.com and it works, it supports several dozen addresses for my services on this cluster.
The cluster works very well, I have launched several dozen services on it, but all of them use native Kubernetes Workloads.
I only miss the possibility to enter Rancher UI at rancher.projectx.institution.com
How to achieve it?
I tried to create Headless Service manually, as external IP I gave the address of node A (my master), I mapped port 8443, added Ingress manually, where as Target I provided Service with port 8443, address rancher.projectx.institution.com, I ordered to use my SSL certificate. But it does not work, no response, no HTTP code.