I have uploaded the SSL key & cert as a 'secret' and made my ingress use it.
However, after creating an ingress rule for my service for I don't see any
associated external IP and no LB was created in GCE:
$ kubectl run echoheaders
--image=gcr.io/google_containers/echoserver:1.3 --port=8080
$ kubectl expose deployment echoheaders --target-port=8080
--type=NodePort
*secrets.yaml:*
apiVersion: v1
data:
tls.crt: XXXXX
tls.key: XXXXXX
kind: Secret
metadata:
name: test-ssl
namespace: default
type: Opaque
*ingress.yaml:*
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test-ingress-ssl-echo
spec:
tls:
- secretName: test-ssl
backend:
serviceName: echoheaders
servicePort: 8080
$ kubectl get svc|grep 8080
echoheaders 10.99.243.152 <nodes> 8080/TCP 24m
$ kubectl get ing
NAME HOSTS ADDRESS PORTS AGE
test-ingress-ssl * 80, 443 19m
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"4", GitVersion:"v1.4.6",
GitCommit:"e569a27d02001e343cb68086bc06d47804f62af6", GitTreeState:"clean",
BuildDate:"2016-11-12T05:22:15Z", GoVersion:"go1.6.3", Compiler:"gc",
Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"4", GitVersion:"v1.4.7",
GitCommit:"92b4f971662de9d8770f8dcd2ee01ec226a6f6c0", GitTreeState:"clean",
BuildDate:"2016-12-10T04:43:42Z", GoVersion:"go1.6.3", Compiler:"gc",
Platform:"linux/amd64"}
Am I missing something?
Thanks,
--Paul
On Tue, Dec 20, 2016 at 4:20 PM, 'Tim Hockin' via Kubernetes user
discussion and Q&A <kubernetes-users@googlegroups.com> wrote:
> Ingress objects represent Google Cloud Load Balancer instances, whcih
> can handle SSL termination *and* act as load-balancers.
>
> On Tue, Dec 20, 2016 at 2:17 PM, <paul.podo...@gmail.com> wrote:
> > Hi Folks,
> >
> > A noob question -
> >
> > What is the recommended way to expose an app via LB with SSL termination
> on Google Container Engine?
> >
> > From my (very limited) understanding - the modes for Ingress are either
> TLS *or* LoadBalancer ,but not both:
> > http://kubernetes.io/docs/user-guide/ingress
> >
> > Is it possible to create a "regular" GCE LB which will take care of SSL
> termination and will redirect the request to the Kube Ingress LB?
> >
> > Kind Regards,
> > --Paul
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Kubernetes user discussion and Q&A" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to kubernetes-users+unsubscr...@googlegroups.com.
> > To post to this group, send email to kubernetes-users@googlegroups.com.
> > Visit this group at https://groups.google.com/group/kubernetes-users.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/kubernetes-users/0YlVisd4Vn8/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
--
Regards,
Paul
--
You received this message because you are subscribed to the Google Groups
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
