Enhancement: TLS Upstream

[STRRL]

• No TLS Verify #15
• Customzied CA #16

[yeqown]

Does it mean the controller doesn't support the HTTPS scheme yet? If the target pod is running on 443/8443 since it provides HTTPS service.

[STRRL]

It could support the HTTPS upstream with trusted certificates now, but it does not support the self-signed certificate or customized CA yet. 🤔

[yeqown]

I'm deploying Kubernetes-Dashboard based with https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

It specified - --auto-generate-certificates which looks like a self-signed certificate, and then it booms! 💥

[STRRL]

Yes! That's a self-signed certificate. 🤣

So I think it's kind of a common requirement; I will take a look and release a new version later.

After I completed it, I would ping you here, and then you could take another try. ❤️

[STRRL]

Hi @yeqown, v0.0.7 is released, you could upgrade the ingress controller by helm repo update and helm upgrade, then create the ingress with

$ kubectl -n kubernetes-dashboard \
  create ingress dashboard-via-cf-tunnel \
  --rule="<your-domain>/*=kubernetes-dashboard:443"\
  --class cloudflare-tunnel \
  --annotation "cloudflare-tunnel-ingress-controller.strrl.dev/backend-protocol=https" \
  --annotation "cloudflare-tunnel-ingress-controller.strrl.dev/proxy-ssl-verify=off"

[yeqown]

so efficient you are

[yeqown]

Hi @yeqown, v0.0.7 is released, you could upgrade the ingress controller by helm repo update and helm upgrade, then create the ingress with

$ kubectl -n kubernetes-dashboard \
  create ingress dashboard-via-cf-tunnel \
  --rule="<your-domain>/*=kubernetes-dashboard:443"\
  --class cloudflare-tunnel \
  --annotation "cloudflare-tunnel-ingress-controller.strrl.dev/backend-protocol=https" \
  --annotation "cloudflare-tunnel-ingress-controller.strrl.dev/proxy-ssl-verify=off"

It works in my k8s cluster, and helps a lot🤖