K
Q

Google managed SSL Certificates with Nginx Ingress

5/17/2019

So I'm in the process of setting up multiple GKE clusters, and I'm restricted to using a wildcard domain certificate but my domain is two levels deep, so that won't work. So now I'm trying to use google managed certificates, which works, but only seems to work with the GCE ingress, not nginx.

According to https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs which has worked assuming I'm using just a single ingress resource that provisions a L7(http) load balancer using GCE ingress. My question is, would it be possible to setup the nginx ingress controller to use these managed certificates?

From the nginx helm install, it provisions a L4(tcp) load balancer, and uses a deployment to run the pod that handles the nginx controller. But I can't seem to be able to set the L4 load balancer to use my globally reserved static IP. Whereas the L7 one works fine.

Any thoughts on how to get managed certs working with nginx ingress?

-- Eric
google-kubernetes-engine
nginx-ingress

Similar Questions

Apply annotation upon creating an object through `kubectl`
Ingress Responses only with 200
getaddrinfo: Temporary failure in name resolution kubernetes + coredns
How do I make an ingress forward to an ssl port(443) if https traffic
I have a python script running inside a container of kubernetes pod.How do i stop the script which runs along with the starting of the pod?
Experiencing 502 errors when using ALB ingress with Nifi

1 Answer

5/23/2019

Found the issue. I was reserving a global IP address for the L4 load balancer using GCE ingress, which is not allowed, since TCP load balancing is regional only, unlike HTTP load balancing, which requires a global IP reserved, instead of a regional one. So from that, it was never resolving the DNS record to the right IP. Good to know that confusing caveat with the global vs regional IPs...

-- Eric
Source: StackOverflow