K
Q

How to setup a domain in GKE ingress nginx

5/19/2021

I have a cluster in GKE and it is working, everything seems to be working. If I forward the ports I am able to see that the containers are working.

I am not able to setup a domain I own from namecheap.

These are the steps I followed

  1. In Namecheap I setup a custom dns for the domain
ns-cloud-c1.googledomains.com.
ns-cloud-c2.googledomains.com.
ns-cloud-c3.googledomains.com.
ns-cloud-c3.googledomains.com.

I used the letter c because the cluster is in a c zone (I am not sure if this is right)

  1. Because I am trying to setup as secure website I installed nginx ingress controller
kubectl create clusterrolebinding cluster-admin-binding \
  --clusterrole cluster-admin \
  --user $(gcloud config get-value account)

and

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.46.0/deploy/static/provider/cloud/deploy.yaml
  1. I applied the issuer.yml
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
 name: letsencrypt-prod
 namespace: cert-manager
spec:
 acme:
   # The ACME server URL
   server: https://acme-v02.api.letsencrypt.org/directory
   # Email address used for ACME registration
   email: example@email.com
   # Name of a secret used to store the ACME account private key
   privateKeySecretRef:
     name: letsencrypt-prod
   # Enable the HTTP-01 challenge provider
   solvers:
   - http01:
       ingress:
         class:  nginx
  1. I applied ingress
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  namespace: staging
  name: ingress
  annotations:
  	cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  tls:
  	- hosts:
	  - www.stagingmyappsrl.com
	  - api.stagingmyappsrl.com
	  secretName: stagingmyappsrl-tls
  rules:
  - host: wwwstaging.myappsrl.com
    http:
      paths:
      - backend:
          serviceName: myappcatalogo-svc
          servicePort: 80

  - host: apistaging.stagingmyappsrl.com
    http:
      paths:
      - backend:
          serviceName: myappnodeapi-svc
          servicePort: 80

It seems that everything is created and working if I check in GKE website, but when I try to access I get DNS_PROBE_FINISHED_NXDOMAIN

I am not sure if I am missing an step or if I am setting up something wrong

-- agusgambina
gke-networking
google-kubernetes-engine
kubernetes
kubernetes-ingress
nginx-ingress

Similar Questions

Expose a kubernetes deployment (frontend) using ingress controller
Apache Ignite topology separated in Kubernetes
GitLab deployment from marketplace is not linked in helm
kubectl run nginx ,minikube Ubuntu apiserver 18.04 issue
AdmissionController holding back a Terminated Pod from getting completely removed

1 Answer

5/19/2021

GKE should have created a cloud load balancer for your ingress service. Depending on your config, the LB can be internal or external. You can get your LB information by looking at the services:

kubectl get svc -n ingress-nginx

Create a CNAME record in your DNS (namecheap) with the LB address and that should do it. Alternatively, if you have an IP address of the LB, create an A record in your DNS.

Cert-manager will create an ingress resource to resolve HTTPS01 challenges. Make sure your ingresses are reachable over the Internet for the HTTPS01 challenges to work. Alternatively, you could explore other solvers.

-- Faheem
Source: StackOverflow