So the issue was all about authorisation. Firstly requiring that I use the StartTLS method on the client, and also that I write a function and methods to support LOGIN, something that the standard Go library doesn’t support (for whatever reason)
See the functions and struct above the main()
Here’s the full code, with the helper function, that can now successfully send an email through my O365 account:
package main
import (
"fmt"
"net"
"errors"
mail "net/mail"
smtp "net/smtp"
)
type loginAuth struct {
username, password string
}
func LoginAuth(username, password string) smtp.Auth {
return &loginAuth{username, password}
}
func (a *loginAuth) Start(server *smtp.ServerInfo) (string, []byte, error) {
return "LOGIN", []byte{}, nil
}
func (a *loginAuth) Next(fromServer []byte, more bool) ([]byte, error) {
if more {
switch string(fromServer) {
case "Username:":
return []byte(a.username), nil
case "Password:":
return []byte(a.password), nil
default:
return nil, errors.New("Unknown fromServer")
}
}
return nil, nil
}
func main() {
from := mail.Address{"", "example@example.com"}
to := mail.Address{"", "example@example.com"}
subject := "My test subject"
body := "Test email body"
headers := make(map[string]string)
headers["From"] = from.String()
headers["To"] = to.String()
headers["Subject"] = subject
message := ""
for k, v := range headers {
message += fmt.Sprintf("%s: %srn", k, v)
}
message += "rn" + body
tlsconfig := &tls.Config{
ServerName: host,
}
conn, err := tls.Dial("tcp", "smtp.office365.com:587", tlsconfig)
if err != nil {
fmt.Println("tls.Dial Error: ", err)
}
c, err := smtp.NewClient(conn, host)
if err != nil {
fmt.Println("smtp.NewClient Error: ", err)
}
if err = c.Auth(LoginAuth("example@example.com", "password")); err != nil {
fmt.Println("c.Auth Error: ", err)
return
}
if err = c.Mail(from.Address); err != nil {
fmt.Println("c.Mail Error: ", err)
}
if err = c.Rcpt(to.Address); err != nil {
fmt.Println("c.Rcpt Error: ", err)
}
w, err := c.Data()
if err != nil {
fmt.Println("c.Data Error: ", err)
}
_, err = w.Write([]byte(message))
if err != nil {
fmt.Println("Error: ", err)
}
err = w.Close()
if err != nil {
fmt.Println("reader Error: ", err)
}
c.Quit()
}
Environment
Dashboard version: 0.6.1
Kubernetes version: v1.8.6
Operating system: ubuntu
Node.js version:
Go version:
Steps to reproduce
I have installed kubernetes-dashboard using helm. The command used was
helm install --name kubernetes-dashboard stable/kubernetes-dashboard --namespace kube-system --set rbac.create=false --set ingress.enabled=true
But then when am accessing it using the ingress hostname its giving and SSL related error. As per pod logs
2018/03/16 14:58:41 http: TLS handshake error from 100.96.3.7:56916: tls: first record does not look like a TLS handshake
The ingress looks like
metadata:
annotations:
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/sign_in
nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
creationTimestamp: 2018-03-16T14:16:48Z
generation: 3
labels:
app: kubernetes-dashboard
chart: kubernetes-dashboard-0.6.1
heritage: Tiller
release: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
resourceVersion: "4072579"
selfLink: /apis/extensions/v1beta1/namespaces/kube-system/ingresses/kubernetes-dashboard
uid: aa54f4f0-2924-11e8-aedc-0a717f21e61e
spec:
rules:
- host: dashboard.atkubernetes-lab.com
http:
paths:
- backend:
serviceName: kubernetes-dashboard
servicePort: 443
path: /
tls:
- hosts:
- dashboard.atkubernetes-lab.com
secretName: dashboard-tls
Observed result
I am able to access the dashboard via API and token, but just the via the ingress resource it’s not and ending up in error as I mentioned above.
Expected result
I am expecting to have the dashboard rendering properly when access via dashboard.atkubernetes-lab.com.
Comments
It could be a config issue on my side, but any insights would be of great help. I am using kubernetes-dashboard on few of my other clusters, which are installed using helm. But they are not on the latest version, in the sense its using the image before 443 port was enforced.
Thanks
We are using external etcd cluster for k8s cluster. We connected master to this etcd server but receive
"tls: first record does not look like a TLS handshake"
How to fix this issues? (for eksctl side all is working correctly on etcd servers with same certificates)
ETCDCTL_API=3 /usr/local/bin/etcdctl member list --endpoints=https://127.0.0.1:2379 --cacert=/etc/etcd/ca.crt --cert=/etc/etcd/etcd-server.crt --key=/etc/etcd/etcd-server.key
b1fa8ebad0f4fa6, started, etcd-kube-cluster-1, https://10.105.113.*:2380, https://10.105.113.*:2379, false
984a08591dda4911, started, etcd-kube-cluster-3, https://10.105.114.*:2380, https://10.105.114.*:2379, false
b55b37a2544c7daa, started, etcd-kube-cluster-2, https://10.105.113.*:2380, https://10.105.113.*:2379, false
Kube-api server manifest updated with same certificates
Loading
Loading
