apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: myapp-ingress
  namespace: myapp-system
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/preserve-host: "true"    
spec:
  rules:
  - host: myapp.test
    http:
      paths:
      - path: /
        backend:
          serviceName: myapp-svc
          servicePort: 80
  tls:
    - secretName: myapp-test-cert
      hosts:
        - myapp.test

Con ese ingreso, los https regulares no funcionarán, pero TLS sigue siendo rechazado. Todos los secretos, vainas y servicios están 100% funcionando.

rizo https: //myapp.test curl: (7) Error al conectarse a privchats.test: 443; conexión denegada

El servicio de back-end:

NAME            TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)   AGE
myapp-svc   ClusterIP   10.98.46.75   <none>        80/TCP    3h8m

Las vainas están ejecutando Nginx. A continuación se muestra el conf Nginx:

user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
    worker_connections 1024;
}
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

server {
    listen         80;
    server_name    myapp.test;

    location /static {
        alias /static/;     
    }

    location /media {
        alias /media/;     
        client_max_body_size 200M;
    }    

    location / {
        proxy_pass http://localhost:8000;
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        client_body_temp_path /tmp/nginx 1 2;
        client_max_body_size 200M;
    }    
}
    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
}

¿Alguien habia visto algo como esto antes?

Mat70x7
fuente