fix(meshcentral): use service port 80→443 to prevent Traefik HTTPS
Root cause: Traefik v3 auto-detects HTTPS for backend port 443, ignoring the port name "http" and serversscheme annotations. MeshCentral serves HTTP on 443 (TLSOffload mode), but Traefik connected via HTTPS causing TLS handshake failure → 500. Fix: Change K8s service port from 443 to 80 with target_port 443. Traefik sees port 80 → uses HTTP → reaches MeshCentral correctly. Also disables anti-AI scraping (internal tool behind Authentik).
This commit is contained in:
parent
2ced1e8fb5
commit
9349d5d566
1 changed files with 5 additions and 4 deletions
|
|
@ -224,9 +224,10 @@ resource "kubernetes_service" "meshcentral" {
|
||||||
app = "meshcentral"
|
app = "meshcentral"
|
||||||
}
|
}
|
||||||
port {
|
port {
|
||||||
name = "http"
|
name = "http"
|
||||||
port = 443
|
port = 80
|
||||||
protocol = "TCP"
|
target_port = 443
|
||||||
|
protocol = "TCP"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -236,7 +237,7 @@ module "ingress" {
|
||||||
namespace = kubernetes_namespace.meshcentral.metadata[0].name
|
namespace = kubernetes_namespace.meshcentral.metadata[0].name
|
||||||
name = "meshcentral"
|
name = "meshcentral"
|
||||||
tls_secret_name = var.tls_secret_name
|
tls_secret_name = var.tls_secret_name
|
||||||
port = 443
|
port = 80
|
||||||
protected = true
|
protected = true
|
||||||
anti_ai_scraping = false
|
anti_ai_scraping = false
|
||||||
extra_annotations = {
|
extra_annotations = {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue