Re: [kubernetes-users] How to update ssl certificate for ingress https load balancer

2018-02-15 Thread mderosa83
Hi,
thanks for your suggestion. 
I can confirm that this procedure is working:

1) create another secret with the new ssl certificate:
> kubectl create secret tls mynewsecret --key mynewkey.key --cert mynewcert.crt


2) edit ingress.yaml file in order to change the secretName:

apiVersion: extensions/v1beta1
kind: Ingress
...
spec:
  tls:
  - secretName: mynewsecret
...


3) Apply the ingress.yaml:
> kubectl apply -f ./ingress.yaml

Automatically Kubernetes will update the https load balancer on GCE with the 
new certificate



PS: just a clarification to make this post more useful
When you're going to use the .crt file, it must be composed like:

-BEGIN CERTIFICATE-
...
...
...
-END CERTIFICATE-
-BEGIN CERTIFICATE-
...
...
...
-END CERTIFICATE-
 

where the first part is your public certificate, the second is the intermediate 


Bye 



Il giorno giovedì 15 febbraio 2018 01:18:55 UTC+1, Ian Lewis ha scritto:
> If you update the secret with the new cert, the GCP ingress controller should 
> pick that up and update the certificate on GCP. I use this to automate 
> certificate renewal using cert-manager.

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.


Re: [kubernetes-users] How to update ssl certificate for ingress https load balancer

2018-02-14 Thread
If you update the secret with the new cert, the GCP ingress controller
should pick that up and update the certificate on GCP. I use this to
automate certificate renewal using cert-manager
.

On Thu, Feb 15, 2018 at 2:06 AM  wrote:

> Hi,
> I have to update my ssl certificate for my (ingress) https load balancer.
> When I created the cluster I executed these commands:
>
> > kubectl create secret tls mysecret --key mykey.key --cert mycert.crt
> > kubectl apply -f ./ingress.yaml
>
> apiVersion: extensions/v1beta1
> kind: Ingress
> metadata:
>   name: ingress
>   annotations:
> ingress.kubernetes.io/rewrite-target: /
> ingress.kubernetes.io/ssl-redirect: "false"
> spec:
>   tls:
>   - secretName: mysecret
>   backend:
> serviceName: nginx-nodeport-service
> servicePort: 80
>
>
>
> and everything worked properly.
> But now I have to update my certificate.
> I'm reading on GCE documentation that I could execute these commands:
>
> gcloud compute ssl-certificates create  --certificate
>  --private-key 
>
>
> gcloud compute target-https-proxies list
>
>
> gcloud compute target-https-proxies update 
> --ssl-certificates 
>
>
> But this procedure sometimes works and sometimes not (when not the https
> certificate is the old one)
>
> Any suggestions?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.


[kubernetes-users] How to update ssl certificate for ingress https load balancer

2018-02-14 Thread mderosa83
Hi,
I have to update my ssl certificate for my (ingress) https load balancer.
When I created the cluster I executed these commands:

> kubectl create secret tls mysecret --key mykey.key --cert mycert.crt
> kubectl apply -f ./ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress
  annotations:
ingress.kubernetes.io/rewrite-target: /
ingress.kubernetes.io/ssl-redirect: "false"
spec:
  tls:
  - secretName: mysecret   
  backend:
serviceName: nginx-nodeport-service 
servicePort: 80   



and everything worked properly.
But now I have to update my certificate. 
I'm reading on GCE documentation that I could execute these commands:

gcloud compute ssl-certificates create  --certificate 
 --private-key 


gcloud compute target-https-proxies list


gcloud compute target-https-proxies update  --ssl-certificates 



But this procedure sometimes works and sometimes not (when not the https 
certificate is the old one)

Any suggestions?

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.