I can't access https urls served on google cloud kubernetes

10/6/2018

All,

I followed this tutorial: https://github.com/ahmetb/gke-letsencrypt. I have an ingress setup for kubernetes in Google Cloud, I have a static IP address and the secrets are created. This is my ingress config:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: helloweb
  annotations:
    kubernetes.io/ingress.global-static-ip-name: helloweb-ip
    certmanager.k8s.io/acme-http01-edit-in-place: "true"
  labels:
    app: hello
spec:
  backend:
    serviceName: helloweb-backend
    servicePort: 8080
  tls:
  - secretName: dogs-com-tls
    hosts:
    - app-solidair-vlaanderen.com

I can access http://app-solidair-vlaanderen.com, but not the https url.

If I call describe ingress I get this output:

Name:             helloweb
Namespace:        default
Address:          35.190.68.173
Default backend:  helloweb-backend:8080 (10.32.0.17:8080)
TLS:
  dogs-com-tls terminates app-solidair-vlaanderen.com
Rules:
  Host                         Path  Backends
  ----                         ----  --------
  app-solidair-vlaanderen.com
                               /.well-known/acme-challenge/Q8kcFSZ0ZUJO58xZyVbK6s-cJIWu-EgwPcDd8NFyoXQ   cm-acme-http-solver-mhqnf:8089 (<none>)
Annotations:
  url-map:          k8s-um-default-helloweb--17a833239f9491d9
  backends:         {"k8s-be-30819--17a833239f9491d9":"Unknown","k8s-be-32482--17a833239f9491d9":"HEALTHY"}
  forwarding-rule:  k8s-fw-default-helloweb--17a833239f9491d9
  target-proxy:     k8s-tp-default-helloweb--17a833239f9491d9
Events:
  Type     Reason  Age                From                     Message
  ----     ------  ----               ----                     -------
  Normal   ADD     45m                loadbalancer-controller  default/helloweb
  Normal   CREATE  44m                loadbalancer-controller  ip: 35.190.68.173
  Warning  Sync    7m (x22 over 28m)  loadbalancer-controller  Error during sync: error while evaluating the ingress spec: could not find service "default/cm-acme-http-solver-mhqnf"

Does someone know what I'm missing?

-- Vandeperre Maarten
cert-manager
google-kubernetes-engine
kubernetes
kubernetes-ingress

1 Answer

10/7/2018

You have some mess up in your ingress definition, why the hosts is under the tls? Here is an example that is working for me:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: {{ .Values.ingressName }}-ingress
annotations:
  kubernetes.io/ingress.global-static-ip-name: {{ .Values.staticIpName }}-static-ip
  kubernetes.io/ingress.allow-http: "false"
labels:
  ...
spec:
  tls:
  - secretName: sslcerts
  rules:
  - host: {{ .Values.restApiHost }}
  http:
    paths:
    - backend:
        serviceName: rest-api-internal-service
        servicePort: 80
-- Yehuda
Source: StackOverflow