I have a kubernetes service which I put behind a load balancer. The load balancer is on a regional static IP. The reason I can't use a global IP is because when I assign it to my service, it refuses to accept it. Others have faced the same problem.
I'm trying to assign a SSL certificate to the TCP load balancer(regional IP) created but in the Frontend configuration, I don't see an option.
If I use a global IP, I can see the option to create/assign a certificate but my service refuses the IP as shown in the link above. How can I assign SSL certificates to a regional ip which is a loadbalancer to a kubernetes service? or if you know a way of my service accepting a loadbalancer on a global IP for a kubernetes service, please let me know.
Note: I have disabled the default gce ingress controller and I'm using my own ingress controller. So it does not create an external ip automatically.
If you use regional TCP balancer then it is simply impossible to assign certificate to load balancer because it operates on level 4 (TCP) while SSL is at level 7. That's why you don't see an option of assigning certificate.
You need to assign SSL certificates on ingress controller level like this:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: foo
namespace: default
spec:
tls:
- hosts:
- foo.bar.com
secretName: foo-secret
rules:
- host: foo.bar.com
http:
paths:
- backend:
serviceName: foo
servicePort: 80
path: /