I recently tried to put SSL on a service by deploying an Ingress and a Ingress
controller, but ultimately I do not think that is what I want.
I think I just want to have a Google Cloud HTTPS Load Balancer and just declare
a service like this:
---
apiVersion: v1
kind: Service
metadata:
name: api
labels:
app: api
spec:
type: LoadBalancer
loadBalancerIP: <Static IP in Google Cloud>
ports:
- port: 443
targetPort: 8090
protocol: TCP
name: https
selector:
app: api
Here are the steps I went through to try to achieve this:
1. Upload my SSL cert
gcloud compute ssl-certificates create star --certificate my.crt --private-key
my.key
2. Create a static IP address
3. Create a Load Balancer
I created an HTTPS load balancer with a backend pointing to my cluster on port
8090. I created a frontend using my static IP address, port 443, using my cert.
4. Assign my Service's loadBalancerIP to that of my static IP.
When I run `kubectl get services` I'm shown:
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
api 10.21.25.24 <pending> 443:32606/TCP 43m
When I load https://mysite.com (pointing to my static IP), I get this in the
browser:
Error: Server Error
The server encountered a temporary error and could not complete your request.
Please try again in 30 seconds.
when I run `gcloud compute forwarding-rules list` I get this:
NAME REGION IP_ADDRESS IP_PROTOCOL TARGET
api-fe <static IP> TCP api-lb-target-proxy
Any ideas as to what I am doing wrong? I cannot tell if my error is my
Kubernetes architecture or in the way I provisioned by Google Cloud
LoadBalancer.
--
You received this message because you are subscribed to the Google Groups
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
