Re: [kubernetes-users] How to update ssl certificate for ingress https load balancer

[mderosa83]

Hi,
thanks for your suggestion. 
I can confirm that this procedure is working:

1) create another secret with the new ssl certificate:
> kubectl create secret tls mynewsecret --key mynewkey.key --cert mynewcert.crt


2) edit ingress.yaml file in order to change the secretName:

apiVersion: extensions/v1beta1
kind: Ingress
...
spec:
  tls:
  - secretName: mynewsecret
...


3) Apply the ingress.yaml:
> kubectl apply -f ./ingress.yaml

Automatically Kubernetes will update the https load balancer on GCE with the 
new certificate



PS: just a clarification to make this post more useful
When you're going to use the .crt file, it must be composed like:

-BEGIN CERTIFICATE-
...
...
...
-END CERTIFICATE-
-BEGIN CERTIFICATE-
...
...
...
-END CERTIFICATE-
 

where the first part is your public certificate, the second is the intermediate 


Bye 



Il giorno giovedì 15 febbraio 2018 01:18:55 UTC+1, Ian Lewis ha scritto:
> If you update the secret with the new cert, the GCP ingress controller should 
> pick that up and update the certificate on GCP. I use this to automate 
> certificate renewal using cert-manager.

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] How to update ssl certificate for ingress https load balancer

If you update the secret with the new cert, the GCP ingress controller
should pick that up and update the certificate on GCP. I use this to
automate certificate renewal using cert-manager
.

On Thu, Feb 15, 2018 at 2:06 AM  wrote:

> Hi,
> I have to update my ssl certificate for my (ingress) https load balancer.
> When I created the cluster I executed these commands:
>
> > kubectl create secret tls mysecret --key mykey.key --cert mycert.crt
> > kubectl apply -f ./ingress.yaml
>
> apiVersion: extensions/v1beta1
> kind: Ingress
> metadata:
>   name: ingress
>   annotations:
> ingress.kubernetes.io/rewrite-target: /
> ingress.kubernetes.io/ssl-redirect: "false"
> spec:
>   tls:
>   - secretName: mysecret
>   backend:
> serviceName: nginx-nodeport-service
> servicePort: 80
>
>
>
> and everything worked properly.
> But now I have to update my certificate.
> I'm reading on GCE documentation that I could execute these commands:
>
> gcloud compute ssl-certificates create  --certificate
>  --private-key 
>
>
> gcloud compute target-https-proxies list
>
>
> gcloud compute target-https-proxies update 
> --ssl-certificates 
>
>
> But this procedure sometimes works and sometimes not (when not the https
> certificate is the old one)
>
> Any suggestions?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[kubernetes-users] How to update ssl certificate for ingress https load balancer

[mderosa83]

Hi,
I have to update my ssl certificate for my (ingress) https load balancer.
When I created the cluster I executed these commands:

> kubectl create secret tls mysecret --key mykey.key --cert mycert.crt
> kubectl apply -f ./ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress
  annotations:
ingress.kubernetes.io/rewrite-target: /
ingress.kubernetes.io/ssl-redirect: "false"
spec:
  tls:
  - secretName: mysecret   
  backend:
serviceName: nginx-nodeport-service 
servicePort: 80   



and everything worked properly.
But now I have to update my certificate. 
I'm reading on GCE documentation that I could execute these commands:

gcloud compute ssl-certificates create  --certificate 
 --private-key 


gcloud compute target-https-proxies list


gcloud compute target-https-proxies update  --ssl-certificates 



But this procedure sometimes works and sometimes not (when not the https 
certificate is the old one)

Any suggestions?

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.