I have kong gateway installed on my kubernetes cluster on gke without ingressController.
I need to configure TLS for the proxy using CloudFlare service.
I currently have this configuration for kong via helm:
env:
database: "off"
admin:
enabled: true
http:
enabled: true
ingressController:
enabled: false
installCRDs: false
replicaCount: 1
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 50
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 50
dblessConfig:
configMap: "kong-config-map"
proxy:
enabled: true
type: LoadBalancer
loadBalancerClass: ""
annotations:
external-dns.alpha.kubernetes.io/hostname: api.mydns.net
labels:
enable-metrics: "true"
http:
enabled: true # Desativa HTTP puro, se quiser forçar HTTPS
tls:
enabled: true
servicePort: 443
containerPort: 8443
parameters:
- http2
appProtocol: "http2"
I need to configure TLS on Cloudflare.
DNS responds in http and https, but does not validate the certificate that CloudFlare is configured with:
* IPv6: (none)
* IPv4: 34.15.10.32
* Trying 34.15.10.32:443...
* Connected to api.mydns.net (34.15.10.32) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self-signed certificate
* Closing connection
curl: (60) SSL certificate problem: self-signed certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Any suggestions about this issue with cloudflare?
Is it possible to configure TLS proxy on cloudflare?