Home > database >  Pulumi GKE Ingress with SSL
Pulumi GKE Ingress with SSL

Time:10-19

I am trying to use #Pulumi to setup

  • #Ingress for my #GKE service
  • with HTTPS loadbalancer
  • with Google managed SSL certificate. For some reason, the Ingress creation is stuck forever at "Creating Ingress".

I am using GCE Ingress Controller. Are there any working examples that I can refer to? if you need more info, feel free to ask and I would be happy to provide. Below is a code snippet of I have tried so far (arrived at this state after a zillion trials). What am I missing?

#kubernetes #gcp

const authDeploymentService = new k8s.core.v1.Service(authDeploymentName,
            {
                metadata: {
                    name: "auth-svc",
                    labels: authDeploymentAppLabels,
                    namespace: namespaceName,
                },
                spec: {
                    type: "LoadBalancer",
                    ports: [{ port: 80, targetPort: 8080 }],
                    selector: authDeploymentAppLabels,
                },
            },
            {
                provider: clusterProvider,
                dependsOn: [authDeployment]
            }
        );


        const authServiceManagedCert = new gcp.compute.ManagedSslCertificate("auth-cert-001", {
            name: "auth-cert-001",
            project: myGcpProject.projectId,
            description: "Managed SSL Certificate For auth service",
            managed: {
                domains: [
                    "mydomain.com"
                ]
            }
        });

        const managedCertConfigMap = new k8s.core.v1.ConfigMap("managed-certificate-config", {
            data: {
                "1": pulumi.interpolate`{"Key":{"Namespace":"${namespaceName}","Name":"${authServiceManagedCert.name}"},"Value":{"ExcludedFromSLO":false,"SoftDeleted":false,"SslCertificateName":"${authServiceManagedCert.id}","SslCertificateBindingReported":true,"SslCertificateCreationReported":true}}}`
            },
            metadata: {
                name: "managed-certificate-config",
                namespace: "kube-system",
            }
        })

        const ingress = new k8s.networking.v1beta1.Ingress(authDeploymentName   "-ingress", {
            metadata: {
                namespace: namespaceName,
                annotations: {
                    "ingress.gcp.kubernetes.io/pre-shared-cert": authServiceManagedCert.name,
                    "networking.gke.io/managed-certificates": authServiceManagedCert.name
                }
            },
            spec: {
                ingressClassName: "gce",
                backend: {
                    serviceName: authDeploymentService.metadata.name,
                    servicePort: 80
                },
                tls: [
                    {
                        hosts: ["mydomain.com"],
                    }
                ],
                rules: [
                    {
                        host: "mydomain.com",
                        http: {
                            paths: [
                                {
                                    path: "/",
                                    backend: {
                                        serviceName: authDeploymentService.metadata.name,
                                        servicePort: authDeploymentService.spec.ports[0].port,
                                    },
                                }
                            ],
                        },
                    },
                ]
            }
        },
            {
                provider: clusterProvider,
                dependsOn: [managedCertConfigMap]
            });

CodePudding user response:

Ok in case anyone else stumbles across this, I found one key input thanks to this article ... I was using networking/v1beta (which is deprecated apparently) instead of networking/v1. Once I changed to v1, I started seeing different behavior such as the backend,frontends, target proxies etc getting created automatically.

I only wish Pulumi updates its documentation to reflect this so people like me don't struggle.

  • Related