Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to Proxy to Kubernetes Dashboard #35

Open
cclloyd opened this issue Dec 6, 2019 · 1 comment
Open

Unable to Proxy to Kubernetes Dashboard #35

cclloyd opened this issue Dec 6, 2019 · 1 comment

Comments

@cclloyd
Copy link

cclloyd commented Dec 6, 2019
edited
Loading

I am trying to use proxyinjector to protect the kubernetes-dashboard. But I can't figure how to fix the 502 error I'm getting.

My kubernetes dashboard deployment (relavent bits)

kind: Deployment
apiVersion: apps/v1
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
  labels:
    k8s-app: kubernetes-dashboard
  annotations:
    authproxy.stakater.com/client-id: kubernetes
    authproxy.stakater.com/client-secret: <redacted>
    authproxy.stakater.com/discovery-url: 'https://keycloak.example.com/auth/realms/master'
    authproxy.stakater.com/enabled: 'true'
    authproxy.stakater.com/gatekeeper-image: 'keycloak/keycloak-gatekeeper:6.0.1'
    authproxy.stakater.com/listen: '0.0.0.0:3000'
    authproxy.stakater.com/redirection-url: 'https://k8s.example.com'
    authproxy.stakater.com/resources: uri=/*|roles=Kubernetes Admin
    authproxy.stakater.com/skip-upstream-tls-verify: 'true'
    authproxy.stakater.com/source-service-name: kubernetes-dashboard
    authproxy.stakater.com/target-port: '3000'
    authproxy.stakater.com/upstream-url: 'https://127.0.0.1:443'

When I try to go to the homepage of the dashboard, instead of redirecting me to the auth proxy, I get a 502. The nginx controller logs shows the following:

2019/12/06 03:55:12 [error] 1941#1941: *125699 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: 10.0.0.20, server: k8s.example.com, request: "GET / HTTP/1.1", upstream: "https://10.42.0.189:3000/", host: "k8s.example.com"
2019/12/06 03:55:12 [error] 1941#1941: *125699 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: 10.0.0.20, server: k8s.example.com, request: "GET / HTTP/1.1", upstream: "https://10.42.0.189:3000/", host: "k8s.example.com"
2019/12/06 03:55:12 [error] 1941#1941: *125699 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: 10.0.0.20, server: k8s.example.com, request: "GET / HTTP/1.1", upstream: "https://10.42.0.189:3000/", host: "k8s.example.com"
10.0.0.20 - - [06/Dec/2019:03:55:12 +0000] "GET / HTTP/1.1" 502 556 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 682 0.006 [kube-system-kubernetes-dashboard-443] [] 10.42.0.189:3000, 10.42.0.189:3000, 10.42.0.189:3000 0, 0, 0 0.000, 0.004, 0.000 502, 502, 502 0b7f6ff1b42200f35afc8066538a8043
2019/12/06 03:55:12 [error] 1941#1941: *125699 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: 10.0.0.20, server: k8s.example.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://10.42.0.189:3000/favicon.ico", host: "k8s.example.com", referrer: "https://k8s.example.com/"
2019/12/06 03:55:12 [error] 1941#1941: *125699 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: 10.0.0.20, server: k8s.example.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://10.42.0.189:3000/favicon.ico", host: "k8s.example.com", referrer: "https://k8s.example.com/"
2019/12/06 03:55:12 [error] 1941#1941: *125699 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: 10.0.0.20, server: k8s.example.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://10.42.0.189:3000/favicon.ico", host: "k8s.example.com", referrer: "https://k8s.example.com/"
10.0.0.20 - - [06/Dec/2019:03:55:12 +0000] "GET /favicon.ico HTTP/1.1" 502 556 "https://k8s.example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 632 0.006 [kube-system-kubernetes-dashboard-443] [] 10.42.0.189:3000, 10.42.0.189:3000, 10.42.0.189:3000 0, 0, 0 0.000, 0.004, 0.004 502, 502, 502 6dd815a57a5fca80c3f271e7e0f038b2

It seems like it's failing because one of them is using the wrong SSL version. Though I thought it shouldn't be bothing to verify SSL anyway, as I have that disabled in the config for the deployment. How can I change either of those settings, or otherwise get proxyinjector working with kubernetes-dashboard?
@orangejx
Copy link

hi bro , have you solved this err?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cclloyd @orangejx