Hello All,
On my baremetal vm, I have Rancher 2 deploying as docker containers on 8443 and 8080. I’ve also deployed a rancher agent on the same node. To access this node, I’ve given it the name ranchermaster.com. Currently I’m trying to use ingress to route to my 2 web apps, AppA and AppB, but am having trouble. Both webapps are listening to 8443 inside their containers.
My containers all deploy properly when I use nodeport to access them. When I try to use ingress, I left the port mapping empty. In the load balancing tab, I have a rule with “specify a hostname to use” be ranchermaster.com, path to be blank, target to be AppA, and port 8443. I also have a certificate configured with host ranchermaster.com.
After saving the ingress rule, going back to the workloads, under AppA, I see 443/https and 30488/tcp. Clicking on 30488/tcp, it brings me to my app at ip:30488. However clicking 443/https, it goes to ranchermaster.com and hangs. It ends up being a connection_timed_out. As far as I can tell, the machine should be able to resolve that DNS name as my browser can access Rancher UI on ranchermaster.com:8443.
Is this because I have both the master and rancher agent on the same host? How do I get around this?
When I run kubectl get ingress I see:
AppA ranchermaster.com IP 80,443 59m
Well pulling up a shell from inside the Rancher UI, curling ranchermaster.com gets “Bad Request. This combination of host and port requires TLS” which is expected behavior but curling https://ranchermaster.com:443 or https://ranchermaster.com:443, I get a default backend 404 error. Using the verbose flag, it looks like it connected and the SSL handshake was successful but ended up not getting my app.
When pulling from inside the same machine as the Rancher containers but outside the Rancher UI,
http://ranchermaster.com gives a 400 and https://ranchermaster.com gives a 404. Using a more verbose flag for https://ranchermaster.com, I see this:
Resolving ranchermaster.com (ranchermaster.com)… ip
Connecting to ranchermaster.com (ranchermaster.com)|ip|:443… connected.
WARNING: cannot verify ranchermaster.com’s certificate, issued by ‘/O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate’:
Unable to locally verify the issuer’s authority.
WARNING: no certificate subject alternative name matches
requested host name ‘ranchermaster.com’.
HTTP request sent, awaiting response… 404 Not Found
2018-08-08 20:39:40 ERROR 404: Not Found.