I am deploying teleport cluster into my kubernetes cluster, i use Route53 to route traffic from my domain to an Application Load Balancer. This is an nginx ingress, which works for all my other applications in the cluster.
but when i try to curl the cluster as it is shown in the documentation i get.
502 Bad Gateway
<html>
<head><title>502 Bad Gateway</title></head>
<body>
<center><h1>502 Bad Gateway</h1></center>
</body>
</html>
Example would be curl https://teleport.example.com/webapi/ping
Helm command
helm install teleport --set acme=true --set acmeEmail=<my email address> --set clusterName=teleport.example.com --set service.type=ClusterIP teleport/teleport-cluster
Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: teleport
namespace: telport-cluster
annotations:
alb.ingress.kubernetes.io/certificate-arn: <CertificateARN>
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/ssl-redirect: "443"
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/group.name: <Ingress Group>
spec:
ingressClassName: alb
rules:
- host: teleport.example.com
http:
paths:
- backend:
service:
name: teleport
port:
number: 443
path: /
pathType: Prefix
- host: '*.teleport.example.com'
http:
paths:
- backend:
service:
name: teleport-cluster
port:
number: 443
path: /
pathType: Prefix
UPDATE
When i curl the service endpoint like this curl -k https://10.0.1.96:3080/webapi/ping
I get the expected result back as shown below, but i cannot seem to curl it without the -k
flag and also cannot curl the service
{"auth":{"type":"local","second_factor":"on","preferred_local_mfa":"webauthn","allow_passwordless":true,"allow_headless":true,"local":{"name":""},"webauthn":{"rp_id":"teleport"},"private_key_policy":"none","piv_slot":"","device_trust_disabled":true,"device_trust":{"disabled":true},"has_motd":false,"default_session_ttl":"12h0m0s"},"proxy":{"kube":{"enabled":true,"listen_addr":"0.0.0.0:3080"},"ssh":{"listen_addr":"0.0.0.0:3080","tunnel_listen_addr":"0.0.0.0:3080","web_listen_addr":"0.0.0.0:3080","public_addr":"teleport:443"},"db":{"postgres_listen_addr":"0.0.0.0:3080","mysql_listen_addr":"0.0.0.0:3080"},"tls_routing_enabled":true,"assist_enabled":false},"server_version":"15.0.2","min_client_version":"14.0.0","cluster_name":"teleport","automatic_upgrades":false}
If i ssh into a pod and run curl like so curl -k https://teleport.teleport.svc.cluster.local:443/webapi/ping
I get the below result back
<a href="https://teleport:443/web/launch/teleport.teleport.svc.cluster.local?path=%2Fwebapi%2Fping">Found</a>.
but if i remove the -k flag, i get the below.
curl: (60) SSL certificate problem: self-signed certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.