Re: [kubernetes-users] LB with SSL for GKE Apps

Wed, 21 Dec 2016 17:53:37 -0800 

Try setting the secret type to `kubernetes.io/tls` ?

You can see examples of real running services at
https://github.com/kubernetes/k8s.io/tree/master/reviewable.k8s.io

On Wed, Dec 21, 2016 at 11:54 AM, Paul Podolny <paul.podo...@gmail.com> wrote:
> I have uploaded the SSL key & cert as a 'secret' and made my ingress use it.
> However, after creating an ingress rule for my service for I don't see any
> associated external IP and no LB was created in GCE:
>
>
> $ kubectl run echoheaders
> --image=gcr.io/google_containers/echoserver:1.3 --port=8080
>
> $ kubectl expose deployment echoheaders --target-port=8080
> --type=NodePort
>
> secrets.yaml:
>
> apiVersion: v1
> data:
>   tls.crt: XXXXX
>   tls.key: XXXXXX
> kind: Secret
> metadata:
>   name: test-ssl
>   namespace: default
> type: Opaque
>
> ingress.yaml:
>
> apiVersion: extensions/v1beta1
> kind: Ingress
> metadata:
>   name: test-ingress-ssl-echo
> spec:
>   tls:
>     - secretName: test-ssl
>   backend:
>     serviceName: echoheaders
>     servicePort: 8080
>
> $ kubectl get svc|grep 8080
> echoheaders        10.99.243.152   <nodes>           8080/TCP   24m
>
> $ kubectl get ing
> NAME                    HOSTS     ADDRESS   PORTS     AGE
> test-ingress-ssl        *                   80, 443   19m
>
> $ kubectl version
> Client Version: version.Info{Major:"1", Minor:"4", GitVersion:"v1.4.6",
> GitCommit:"e569a27d02001e343cb68086bc06d47804f62af6", GitTreeState:"clean",
> BuildDate:"2016-11-12T05:22:15Z", GoVersion:"go1.6.3", Compiler:"gc",
> Platform:"linux/amd64"}
> Server Version: version.Info{Major:"1", Minor:"4", GitVersion:"v1.4.7",
> GitCommit:"92b4f971662de9d8770f8dcd2ee01ec226a6f6c0", GitTreeState:"clean",
> BuildDate:"2016-12-10T04:43:42Z", GoVersion:"go1.6.3", Compiler:"gc",
> Platform:"linux/amd64"}
>
> Am I missing something?
>
> Thanks,
> --Paul
>
> On Tue, Dec 20, 2016 at 4:20 PM, 'Tim Hockin' via Kubernetes user discussion
> and Q&A <kubernetes-users@googlegroups.com> wrote:
>>
>> Ingress objects represent Google Cloud Load Balancer instances, whcih
>> can handle SSL termination *and* act as load-balancers.
>>
>> On Tue, Dec 20, 2016 at 2:17 PM,  <paul.podo...@gmail.com> wrote:
>> > Hi Folks,
>> >
>> > A noob question -
>> >
>> > What is the recommended way to expose an app via LB with SSL termination
>> > on Google Container Engine?
>> >
>> > From my (very limited) understanding - the modes for Ingress are either
>> > TLS *or* LoadBalancer ,but not both:
>> > http://kubernetes.io/docs/user-guide/ingress
>> >
>> > Is it possible to create a "regular" GCE LB which will take care of SSL
>> > termination and will redirect the request to the Kube Ingress LB?
>> >
>> > Kind Regards,
>> > --Paul
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups "Kubernetes user discussion and Q&A" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an email to kubernetes-users+unsubscr...@googlegroups.com.
>> > To post to this group, send email to kubernetes-users@googlegroups.com.
>> > Visit this group at https://groups.google.com/group/kubernetes-users.
>> > For more options, visit https://groups.google.com/d/optout.
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Kubernetes user discussion and Q&A" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/kubernetes-users/0YlVisd4Vn8/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> kubernetes-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to kubernetes-users@googlegroups.com.
>> Visit this group at https://groups.google.com/group/kubernetes-users.
>> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
> --
> Regards,
> Paul
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
  • [kubernetes-users... paul . podolny
    • Re: [kuberne... 'Tim Hockin' via Kubernetes user discussion and Q&A
      • Re: [kub... Paul Podolny
        • Re: ... 'Tim Hockin' via Kubernetes user discussion and Q&A
          • ... Paul Podolny
            • ... 'Prashanth B' via Kubernetes user discussion and Q&A

Reply via email to