I tried your steps on a 1.4.7 clusters and it was WAI. What does kubectl describe ingress show you? How did you create your secret? I assume you did something like:
``` $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls.key -out /tmp/tls.crt -subj "/CN=$HOSTNAME/O=$HOSTNAME" $ kubectl create secret tls $SECRET_NAME --key /tmp/tls.key --cert /tmp/tls.crt ``` Maybe this is GCE quota? On Friday, December 23, 2016 at 9:37:50 AM UTC-8, Paul Podolny wrote: > > Thanks for the suggestion (great tutorial!). > > But even after changing the secret type and recreaTting both the ssl & the > ingress objects - I still do not see that the service is exposed externally > (and no LB is created in GCE). > > $ kubectl get svc|grep 8080 > echoheaders 10.99.243.152 <nodes> 8080/TCP 1d > > $ kubectl get ingress > NAME HOSTS ADDRESS PORTS AGE > echoheaders * 80, 443 4m > > $ cat ssl.yaml > apiVersion: v1 > kind: Secret > metadata: > name: ssl > type: kubernetes.io/tls > data: > tls.crt: <> > tls.key <> > > > $ cat ingress.yaml > apiVersion: extensions/v1beta1 > kind: Ingress > metadata: > name: echoheaders > spec: > tls: > - secretName: ssl > backend: > serviceName: echoheaders > servicePort: 8080 > > > > On Wed, Dec 21, 2016 at 5:52 PM, 'Tim Hockin' via Kubernetes user > discussion and Q&A <kubernet...@googlegroups.com <javascript:>> wrote: > >> Try setting the secret type to `kubernetes.io/tls` >> <http://kubernetes.io/tls> ? >> >> You can see examples of real running services at >> https://github.com/kubernetes/k8s.io/tree/master/reviewable.k8s.io >> >> On Wed, Dec 21, 2016 at 11:54 AM, Paul Podolny <paul.p...@gmail.com >> <javascript:>> wrote: >> > I have uploaded the SSL key & cert as a 'secret' and made my ingress >> use it. >> > However, after creating an ingress rule for my service for I don't see >> any >> > associated external IP and no LB was created in GCE: >> > >> > >> > $ kubectl run echoheaders >> > --image=gcr.io/google_containers/echoserver:1.3 --port=8080 >> > >> > $ kubectl expose deployment echoheaders --target-port=8080 >> > --type=NodePort >> > >> > secrets.yaml: >> > >> > apiVersion: v1 >> > data: >> > tls.crt: XXXXX >> > tls.key: XXXXXX >> > kind: Secret >> > metadata: >> > name: test-ssl >> > namespace: default >> > type: Opaque >> > >> > ingress.yaml: >> > >> > apiVersion: extensions/v1beta1 >> > kind: Ingress >> > metadata: >> > name: test-ingress-ssl-echo >> > spec: >> > tls: >> > - secretName: test-ssl >> > backend: >> > serviceName: echoheaders >> > servicePort: 8080 >> > >> > $ kubectl get svc|grep 8080 >> > echoheaders 10.99.243.152 <nodes> 8080/TCP 24m >> > >> > $ kubectl get ing >> > NAME HOSTS ADDRESS PORTS AGE >> > test-ingress-ssl * 80, 443 19m >> > >> > $ kubectl version >> > Client Version: version.Info{Major:"1", Minor:"4", GitVersion:"v1.4.6", >> > GitCommit:"e569a27d02001e343cb68086bc06d47804f62af6", >> GitTreeState:"clean", >> > BuildDate:"2016-11-12T05:22:15Z", GoVersion:"go1.6.3", Compiler:"gc", >> > Platform:"linux/amd64"} >> > Server Version: version.Info{Major:"1", Minor:"4", GitVersion:"v1.4.7", >> > GitCommit:"92b4f971662de9d8770f8dcd2ee01ec226a6f6c0", >> GitTreeState:"clean", >> > BuildDate:"2016-12-10T04:43:42Z", GoVersion:"go1.6.3", Compiler:"gc", >> > Platform:"linux/amd64"} >> > >> > Am I missing something? >> > >> > Thanks, >> > --Paul >> > >> > On Tue, Dec 20, 2016 at 4:20 PM, 'Tim Hockin' via Kubernetes user >> discussion >> > and Q&A <kubernet...@googlegroups.com <javascript:>> wrote: >> >> >> >> Ingress objects represent Google Cloud Load Balancer instances, whcih >> >> can handle SSL termination *and* act as load-balancers. >> >> >> >> On Tue, Dec 20, 2016 at 2:17 PM, <paul.p...@gmail.com <javascript:>> >> wrote: >> >> > Hi Folks, >> >> > >> >> > A noob question - >> >> > >> >> > What is the recommended way to expose an app via LB with SSL >> termination >> >> > on Google Container Engine? >> >> > >> >> > From my (very limited) understanding - the modes for Ingress are >> either >> >> > TLS *or* LoadBalancer ,but not both: >> >> > http://kubernetes.io/docs/user-guide/ingress >> >> > >> >> > Is it possible to create a "regular" GCE LB which will take care of >> SSL >> >> > termination and will redirect the request to the Kube Ingress LB? >> >> > >> >> > Kind Regards, >> >> > --Paul >> >> > >> >> > -- >> >> > You received this message because you are subscribed to the Google >> >> > Groups "Kubernetes user discussion and Q&A" group. >> >> > To unsubscribe from this group and stop receiving emails from it, >> send >> >> > an email to kubernetes-use...@googlegroups.com <javascript:>. >> >> > To post to this group, send email to kubernet...@googlegroups.com >> <javascript:>. >> >> > Visit this group at https://groups.google.com/group/kubernetes-users >> . >> >> > For more options, visit https://groups.google.com/d/optout. >> >> >> >> -- >> >> You received this message because you are subscribed to a topic in the >> >> Google Groups "Kubernetes user discussion and Q&A" group. >> >> To unsubscribe from this topic, visit >> >> >> https://groups.google.com/d/topic/kubernetes-users/0YlVisd4Vn8/unsubscribe >> . >> >> To unsubscribe from this group and all its topics, send an email to >> >> kubernetes-use...@googlegroups.com <javascript:>. >> >> To post to this group, send email to kubernet...@googlegroups.com >> <javascript:>. >> >> Visit this group at https://groups.google.com/group/kubernetes-users. >> >> For more options, visit https://groups.google.com/d/optout. >> > >> > >> > >> > >> > -- >> > Regards, >> > Paul >> > >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups >> > "Kubernetes user discussion and Q&A" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an >> > email to kubernetes-use...@googlegroups.com <javascript:>. >> > To post to this group, send email to kubernet...@googlegroups.com >> <javascript:>. >> > Visit this group at https://groups.google.com/group/kubernetes-users. >> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Kubernetes user discussion and Q&A" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/kubernetes-users/0YlVisd4Vn8/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> kubernetes-use...@googlegroups.com <javascript:>. >> To post to this group, send email to kubernet...@googlegroups.com >> <javascript:>. >> Visit this group at https://groups.google.com/group/kubernetes-users. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Regards, > Paul > > > -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.