https://rancher.com/ logo
Title
p

polite-breakfast-84569

09/19/2022, 2:41 PM
Hi everyone, I have installer Rancher 2.6.8 recently. I setup my SSL with lets encrypt but no ingress. I created manually a certificate as follows:
apiVersion: <http://cert-manager.io/v1|cert-manager.io/v1>
kind: Certificate
metadata:
  name: <http://rancher.sand.example.com|rancher.sand.example.com>
  namespace: istio-system
spec:
  privateKey:
    rotationPolicy: Always
  secretName: <http://rancher.sand.example.com|rancher.sand.example.com>
  commonName: <http://rancher.sand.example.com|rancher.sand.example.com>
  issuerRef:
    name: letsencrypt-prod-istio
    kind: ClusterIssuer
  dnsNames:
  - <http://rancher.sand.example.com|rancher.sand.example.com>
The cluster already have istio installed so I created the following Virtual Service and Gateway:
apiVersion: <http://networking.istio.io/v1beta1|networking.istio.io/v1beta1>
kind: Gateway
metadata:
  name: rancher
  namespace: cattle-system
spec:
  selector:
    app: istio-ingressgateway
  servers:
    - port:
        number: 443
        name: https
        protocol: HTTPS
      hosts:
      - <http://rancher.sand.example.com|rancher.sand.example.com>
      tls:
        mode: SIMPLE
        credentialName: <http://rancher.sand.example.com|rancher.sand.example.com>

---
apiVersion: <http://networking.istio.io/v1beta1|networking.istio.io/v1beta1>
kind: VirtualService
metadata:
  name: rancher
  namespace: cattle-system
spec:
  gateways:
  - rancher
  hosts:
  - <http://rancher.sand.example.com|rancher.sand.example.com>
  http:
  - name: "http"
    route:
    - destination:
        host: rancher.cattle-system.svc.cluster.local
        port:
          number: 80
Everything works except when I try under my terminal
kubectl exec
and
kubectl port-forward
.
$ kubectl exec -v=7 -it myPod -- bash
I0919 16:30:52.730382   61542 round_trippers.go:457] Response Status: 403 Forbidden in 78 milliseconds
I0919 16:30:52.730998   61542 helpers.go:216] server response object: [{
  "metadata": {}
}]
F0919 16:30:52.731059   61542 helpers.go:115] Error from server:
Has anyone has this issue before?