From f835552f96ece04fb4d2a1ebdc47799b85aa9f6b Mon Sep 17 00:00:00 2001 From: Jimmy Jones Date: Wed, 9 Oct 2019 09:07:51 +0100 Subject: [PATCH] ExternalName warning about HTTP/TLS (#16704) Suggested wording from sftim --- content/en/docs/concepts/services-networking/service.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/content/en/docs/concepts/services-networking/service.md b/content/en/docs/concepts/services-networking/service.md index a1ea52348f..216ca1d2cf 100644 --- a/content/en/docs/concepts/services-networking/service.md +++ b/content/en/docs/concepts/services-networking/service.md @@ -910,6 +910,11 @@ forwarding. Should you later decide to move your database into your cluster, you can start its Pods, add appropriate selectors or endpoints, and change the Service's `type`. +{{< warning >}} +You may have trouble using ExternalName for some common protocols, including HTTP and HTTPS. If you use ExternalName then the hostname used by clients inside your cluster is different from the name that the ExternalName references. + +For protocols that use hostnames this difference may lead to errors or unexpected responses. HTTP requests will have a `Host:` header that the origin server does not recognize; TLS servers will not be able to provide a certificate matching the hostname that the client connected to. +{{< /warning >}} {{< note >}} This section is indebted to the [Kubernetes Tips - Part