Created
August 14, 2019 09:41
-
-
Save superseb/442c225917794e6efae715dfc3e00b97 to your computer and use it in GitHub Desktop.
Authorized Cluster Endpoint NGINX example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| events { | |
| worker_connections 4096; ## Default: 1024 | |
| } | |
| http { | |
| upstream kubernetes { | |
| server ip_of_controlplane_node1:6443; | |
| server ip_of_controlplane_node2:6443; | |
| server ip_of_controlplane_node3:6443; | |
| } | |
| server { | |
| listen 443 ssl; | |
| server_name your_fqdn; | |
| # These are the certificates for your_fqdn, terminating SSL | |
| ssl_certificate /etc/ssl/certs/cert.pem; | |
| ssl_certificate_key /etc/ssl/certs/key.pem; | |
| ssl_client_certificate /etc/ssl/certs/ca.pem; | |
| location / { | |
| proxy_pass https://kubernetes; | |
| # This is the kube-ca.pem from one of the controlplane nodes | |
| proxy_ssl_trusted_certificate /certs/ca.pem; | |
| proxy_ssl_verify on; | |
| proxy_ssl_verify_depth 2; | |
| proxy_ssl_session_reuse on; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment