I have uploaded the SSL key & cert as a 'secret' and made my ingress use it. However, after creating an ingress rule for my service for I don't see any associated external IP and no LB was created in GCE:
$ kubectl run echoheaders --image=gcr.io/google_containers/echoserver:1.3 --port=8080 $ kubectl expose deployment echoheaders --target-port=8080 --type=NodePort *secrets.yaml:* apiVersion: v1 data: tls.crt: XXXXX tls.key: XXXXXX kind: Secret metadata: name: test-ssl namespace: default type: Opaque *ingress.yaml:* apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test-ingress-ssl-echo spec: tls: - secretName: test-ssl backend: serviceName: echoheaders servicePort: 8080 $ kubectl get svc|grep 8080 echoheaders 10.99.243.152 <nodes> 8080/TCP 24m $ kubectl get ing NAME HOSTS ADDRESS PORTS AGE test-ingress-ssl * 80, 443 19m $ kubectl version Client Version: version.Info{Major:"1", Minor:"4", GitVersion:"v1.4.6", GitCommit:"e569a27d02001e343cb68086bc06d47804f62af6", GitTreeState:"clean", BuildDate:"2016-11-12T05:22:15Z", GoVersion:"go1.6.3", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"4", GitVersion:"v1.4.7", GitCommit:"92b4f971662de9d8770f8dcd2ee01ec226a6f6c0", GitTreeState:"clean", BuildDate:"2016-12-10T04:43:42Z", GoVersion:"go1.6.3", Compiler:"gc", Platform:"linux/amd64"} Am I missing something? Thanks, --Paul On Tue, Dec 20, 2016 at 4:20 PM, 'Tim Hockin' via Kubernetes user discussion and Q&A <kubernetes-users@googlegroups.com> wrote: > Ingress objects represent Google Cloud Load Balancer instances, whcih > can handle SSL termination *and* act as load-balancers. > > On Tue, Dec 20, 2016 at 2:17 PM, <paul.podo...@gmail.com> wrote: > > Hi Folks, > > > > A noob question - > > > > What is the recommended way to expose an app via LB with SSL termination > on Google Container Engine? > > > > From my (very limited) understanding - the modes for Ingress are either > TLS *or* LoadBalancer ,but not both: > > http://kubernetes.io/docs/user-guide/ingress > > > > Is it possible to create a "regular" GCE LB which will take care of SSL > termination and will redirect the request to the Kube Ingress LB? > > > > Kind Regards, > > --Paul > > > > -- > > You received this message because you are subscribed to the Google > Groups "Kubernetes user discussion and Q&A" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to kubernetes-users+unsubscr...@googlegroups.com. > > To post to this group, send email to kubernetes-users@googlegroups.com. > > Visit this group at https://groups.google.com/group/kubernetes-users. > > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Kubernetes user discussion and Q&A" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/kubernetes-users/0YlVisd4Vn8/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > kubernetes-users+unsubscr...@googlegroups.com. > To post to this group, send email to kubernetes-users@googlegroups.com. > Visit this group at https://groups.google.com/group/kubernetes-users. > For more options, visit https://groups.google.com/d/optout. > -- Regards, Paul -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.