I have uploaded the SSL key & cert as a 'secret' and made my ingress use it.
However, after creating an ingress rule for my service for I don't see any
associated external IP and no LB was created in GCE:


$ kubectl run echoheaders
--image=gcr.io/google_containers/echoserver:1.3 --port=8080

$ kubectl expose deployment echoheaders --target-port=8080
--type=NodePort

*secrets.yaml:*

apiVersion: v1
data:
  tls.crt: XXXXX
  tls.key: XXXXXX
kind: Secret
metadata:
  name: test-ssl
  namespace: default
type: Opaque

*ingress.yaml:*

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress-ssl-echo
spec:
  tls:
    - secretName: test-ssl
  backend:
    serviceName: echoheaders
    servicePort: 8080

$ kubectl get svc|grep 8080
echoheaders        10.99.243.152   <nodes>           8080/TCP   24m

$ kubectl get ing
NAME                    HOSTS     ADDRESS   PORTS     AGE
test-ingress-ssl        *                   80, 443   19m

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"4", GitVersion:"v1.4.6",
GitCommit:"e569a27d02001e343cb68086bc06d47804f62af6", GitTreeState:"clean",
BuildDate:"2016-11-12T05:22:15Z", GoVersion:"go1.6.3", Compiler:"gc",
Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"4", GitVersion:"v1.4.7",
GitCommit:"92b4f971662de9d8770f8dcd2ee01ec226a6f6c0", GitTreeState:"clean",
BuildDate:"2016-12-10T04:43:42Z", GoVersion:"go1.6.3", Compiler:"gc",
Platform:"linux/amd64"}

Am I missing something?

Thanks,
--Paul

On Tue, Dec 20, 2016 at 4:20 PM, 'Tim Hockin' via Kubernetes user
discussion and Q&A <kubernetes-users@googlegroups.com> wrote:

> Ingress objects represent Google Cloud Load Balancer instances, whcih
> can handle SSL termination *and* act as load-balancers.
>
> On Tue, Dec 20, 2016 at 2:17 PM,  <paul.podo...@gmail.com> wrote:
> > Hi Folks,
> >
> > A noob question -
> >
> > What is the recommended way to expose an app via LB with SSL termination
> on Google Container Engine?
> >
> > From my (very limited) understanding - the modes for Ingress are either
> TLS *or* LoadBalancer ,but not both:
> > http://kubernetes.io/docs/user-guide/ingress
> >
> > Is it possible to create a "regular" GCE LB which will take care of SSL
> termination and will redirect the request to the Kube Ingress LB?
> >
> > Kind Regards,
> > --Paul
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Kubernetes user discussion and Q&A" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to kubernetes-users+unsubscr...@googlegroups.com.
> > To post to this group, send email to kubernetes-users@googlegroups.com.
> > Visit this group at https://groups.google.com/group/kubernetes-users.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/kubernetes-users/0YlVisd4Vn8/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Regards,
Paul

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
  • [kubernetes-users... paul . podolny
    • Re: [kuberne... 'Tim Hockin' via Kubernetes user discussion and Q&A
      • Re: [kub... Paul Podolny
        • Re: ... 'Tim Hockin' via Kubernetes user discussion and Q&A
          • ... Paul Podolny
            • ... 'Prashanth B' via Kubernetes user discussion and Q&A

Reply via email to