I'm trying to configure an HTTPS/Layer 7 Load Balancer with GKE. I'm following SSL certificates overview and GKE Ingress for HTTP(S) Load Balancing .
My config. has worked for some time. I wanted to test Google's managed service.
This is how I've set it up so far:
k8s/staging/staging-ssl.yml
:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-staging-lb-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: "my-staging-global"
ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
kubernetes.io/ingress.allow-http: "false"
spec:
rules:
- host: staging.my-app.no
http:
paths:
- path: /*
backend:
serviceName: my-svc
servicePort: 3001
gcloud compute addresses list
#=>
NAME REGION ADDRESS STATUS
my-staging-global 35.244.160.NNN RESERVED
host staging.my-app.no
#=>
35.244.160.NNN
but it is stuck on FAILED_NOT_VISIBLE
:
gcloud beta compute ssl-certificates describe staging-google-managed-ssl
#=>
creationTimestamp: '2018-12-20T04:59:39.450-08:00'
id: 'NNNN'
kind: compute#sslCertificate
managed:
domainStatus:
staging.my-app.no: FAILED_NOT_VISIBLE
domains:
- staging.my-app.no
status: PROVISIONING
name: staging-google-managed-ssl
selfLink: https://www.googleapis.com/compute/beta/projects/my-project/global/sslCertificates/staging-google-managed-ssl
type: MANAGED
Any idea on how I can fix or debug this further?
I found a section in the doc I linked to at the beginning of the post Associating SSL certificate resources with a target proxy:
Use the following gcloud command to associate SSL certificate resources with a target proxy, whether the SSL certificates are self-managed or Google-managed.
gcloud compute target-https-proxies create [NAME] \
--url-map=[URL_MAP] \
--ssl-certificates=[SSL_CERTIFICATE1][,[SSL_CERTIFICATE2], [SSL_CERTIFICATE3],...]
Is that necessary when I have this line in k8s/staging/staging-ssl.yml
?
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
. . .
ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
. . .
I'm trying to configure an https load balancer on GKE. I'm following: https://cloud.google.com/load-balancing/docs/ssl-certificates and https://cloud.google.com/kubernetes-engine/docs/concepts/ingress
My config has worked for some time using a certificate from Let's Encrypt. But it's too much hassle to renew the certificates all the time so I wanted to test Google's managed service.
This is how I've set it up so far, but stucks on FAILED_NOT_VISIBLE
. Any idea on how I can fix or debug this further?
k8s/staging/staging-ssl.yml
7 apiVersion: extensions/v1beta1
8 kind: Ingress
9 metadata:
10 name: my-staging-lb-ingress
11 annotations:
12 kubernetes.io/ingress.global-static-ip-name: "my-staging-global"
13 ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
14 kubernetes.io/ingress.allow-http: "false"
15 spec:
16 rules:
17 - host: staging.my-app.no
18 http:
19 paths:
20 - path: /*
21 backend:
22 serviceName: my-svc
23 servicePort: 3001
Reserved IP
$ gcloud compute addresses list
NAME REGION ADDRESS STATUS
my-staging-global 35.244.160.NNN RESERVED
$ host staging.my-app.no
35.244.160.NNN
$ gcloud beta compute ssl-certificates describe staging-google-managed-ssl
creationTimestamp: '2018-12-20T04:59:39.450-08:00'
id: 'NNNN'
kind: compute#sslCertificate
managed:
domainStatus:
staging.my-app.no: FAILED_NOT_VISIBLE
domains:
- staging.my-app.no
status: PROVISIONING
name: staging-google-managed-ssl
selfLink: https://www.googleapis.com/compute/beta/projects/my-project/global/sslCertificates/staging-google-managed-ssl
type: MANAGED
I found a section in the doc I linked to at the beginning of the post Associating SSL certificate resources with a target proxy:
Use the following gcloud command to associate SSL certificate resources with a target proxy, whether the SSL certificates are self-managed or Google-managed.
gcloud compute target-https-proxies create [NAME] \
--url-map=[URL_MAP] \
--ssl-certificates=[SSL_CERTIFICATE1][,[SSL_CERTIFICATE2],[SSL_CERTIFICATE3],...]
Is that necessary when I have this line in my Ingress config?
13 ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
I'm trying to configure an https load balancer on GKE. I'm following: https://cloud.google.com/load-balancing/docs/ssl-certificates and https://cloud.google.com/kubernetes-engine/docs/concepts/ingress
My config has worked for some time using a certificate from Let's Encrypt. But it's too much hassle to renew the certificates all the time so I wanted to test Google's managed service.
This is how I've set it up so far, but stucks on FAILED_NOT_VISIBLE
. Any idea on how I can fix or debug this further?
k8s/staging/staging-ssl.yml
7 apiVersion: extensions/v1beta1
8 kind: Ingress
9 metadata:
10 name: my-staging-lb-ingress
11 annotations:
12 kubernetes.io/ingress.global-static-ip-name: "my-staging-global"
13 ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
14 kubernetes.io/ingress.allow-http: "false"
15 spec:
16 rules:
17 - host: staging.my-app.no
18 http:
19 paths:
20 - path: /*
21 backend:
22 serviceName: my-svc
23 servicePort: 3001
Reserved IP
$ gcloud compute addresses list
NAME REGION ADDRESS STATUS
my-staging-global 35.244.160.NNN RESERVED
$ host staging.my-app.no
35.244.160.NNN
$ gcloud beta compute ssl-certificates describe staging-google-managed-ssl
creationTimestamp: '2018-12-20T04:59:39.450-08:00'
id: 'NNNN'
kind: compute#sslCertificate
managed:
domainStatus:
staging.my-app.no: FAILED_NOT_VISIBLE
domains:
- staging.my-app.no
status: PROVISIONING
name: staging-google-managed-ssl
selfLink: https://www.googleapis.com/compute/beta/projects/my-project/global/sslCertificates/staging-google-managed-ssl
type: MANAGED
I found a section in the doc I linked to at the beginning of the post Associating SSL certificate resources with a target proxy:
Use the following gcloud command to associate SSL certificate resources with a target proxy, whether the SSL certificates are self-managed or Google-managed.
gcloud compute target-https-proxies create [NAME] \
--url-map=[URL_MAP] \
--ssl-certificates=[SSL_CERTIFICATE1][,[SSL_CERTIFICATE2],[SSL_CERTIFICATE3],...]
Is that necessary when I have this line in my Ingress config?
13 ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
I'm trying to configure an https load balancer on GKE. I'm following: https://cloud.google.com/load-balancing/docs/ssl-certificates and https://cloud.google.com/kubernetes-engine/docs/concepts/ingress
My config has worked for some time using a certificate from Let's Encrypt. But it's too much hassle to renew the certificates all the time so I wanted to test Google's managed service.
This is how I've set it up so far, but stucks on FAILED_NOT_VISIBLE
. Any idea on how I can fix or debug this further?
k8s/staging/staging-ssl.yml
7 apiVersion: extensions/v1beta1
8 kind: Ingress
9 metadata:
10 name: my-staging-lb-ingress
11 annotations:
12 kubernetes.io/ingress.global-static-ip-name: "my-staging-global"
13 ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
14 kubernetes.io/ingress.allow-http: "false"
15 spec:
16 rules:
17 - host: staging.my-app.no
18 http:
19 paths:
20 - path: /*
21 backend:
22 serviceName: my-svc
23 servicePort: 3001
Reserved IP
$ gcloud compute addresses list
NAME REGION ADDRESS STATUS
my-staging-global 35.244.160.NNN RESERVED
$ host staging.my-app.no
35.244.160.NNN
$ gcloud beta compute ssl-certificates describe staging-google-managed-ssl
creationTimestamp: '2018-12-20T04:59:39.450-08:00'
id: 'NNNN'
kind: compute#sslCertificate
managed:
domainStatus:
staging.my-app.no: FAILED_NOT_VISIBLE
domains:
- staging.my-app.no
status: PROVISIONING
name: staging-google-managed-ssl
selfLink: https://www.googleapis.com/compute/beta/projects/my-project/global/sslCertificates/staging-google-managed-ssl
type: MANAGED
I found a section in the doc I linked to at the beginning of the post Associating SSL certificate resources with a target proxy:
Use the following gcloud command to associate SSL certificate resources with a target proxy, whether the SSL certificates are self-managed or Google-managed.
gcloud compute target-https-proxies create [NAME] \
--url-map=[URL_MAP] \
--ssl-certificates=[SSL_CERTIFICATE1][,[SSL_CERTIFICATE2],[SSL_CERTIFICATE3],...]
Is that necessary when I have this line in my Ingress config?
13 ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
I'm trying to configure an https load balancer on GKE. I'm following: https://cloud.google.com/load-balancing/docs/ssl-certificates and https://cloud.google.com/kubernetes-engine/docs/concepts/ingress
My config has worked for some time using a certificate from Let's Encrypt. But it's too much hassle to renew the certificates all the time so I wanted to test Google's managed service.
This is how I've set it up so far, but stucks on FAILED_NOT_VISIBLE
. Any idea on how I can fix or debug this further?
k8s/staging/staging-ssl.yml
7 apiVersion: extensions/v1beta1
8 kind: Ingress
9 metadata:
10 name: my-staging-lb-ingress
11 annotations:
12 kubernetes.io/ingress.global-static-ip-name: "my-staging-global"
13 ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
14 kubernetes.io/ingress.allow-http: "false"
15 spec:
16 rules:
17 - host: staging.my-app.no
18 http:
19 paths:
20 - path: /*
21 backend:
22 serviceName: my-svc
23 servicePort: 3001
Reserved IP
$ gcloud compute addresses list
NAME REGION ADDRESS STATUS
my-staging-global 35.244.160.NNN RESERVED
$ host staging.my-app.no
35.244.160.NNN
$ gcloud beta compute ssl-certificates describe staging-google-managed-ssl
creationTimestamp: '2018-12-20T04:59:39.450-08:00'
id: 'NNNN'
kind: compute#sslCertificate
managed:
domainStatus:
staging.my-app.no: FAILED_NOT_VISIBLE
domains:
- staging.my-app.no
status: PROVISIONING
name: staging-google-managed-ssl
selfLink: https://www.googleapis.com/compute/beta/projects/my-project/global/sslCertificates/staging-google-managed-ssl
type: MANAGED
I found a section in the doc I linked to at the beginning of the post Associating SSL certificate resources with a target proxy:
Use the following gcloud command to associate SSL certificate resources with a target proxy, whether the SSL certificates are self-managed or Google-managed.
gcloud compute target-https-proxies create [NAME] \
--url-map=[URL_MAP] \
--ssl-certificates=[SSL_CERTIFICATE1][,[SSL_CERTIFICATE2],[SSL_CERTIFICATE3],...]
Is that necessary when I have this line in my Ingress config?
13 ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
I'm trying to configure an https load balancer on GKE. I'm following: https://cloud.google.com/load-balancing/docs/ssl-certificates and https://cloud.google.com/kubernetes-engine/docs/concepts/ingress
My config has worked for some time using a certificate from Let's Encrypt. But it's too much hassle to renew the certificates all the time so I wanted to test Google's managed service.
This is how I've set it up so far, but stucks on FAILED_NOT_VISIBLE
. Any idea on how I can fix or debug this further?
k8s/staging/staging-ssl.yml
7 apiVersion: extensions/v1beta1
8 kind: Ingress
9 metadata:
10 name: my-staging-lb-ingress
11 annotations:
12 kubernetes.io/ingress.global-static-ip-name: "my-staging-global"
13 ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
14 kubernetes.io/ingress.allow-http: "false"
15 spec:
16 rules:
17 - host: staging.my-app.no
18 http:
19 paths:
20 - path: /*
21 backend:
22 serviceName: my-svc
23 servicePort: 3001
Reserved IP
$ gcloud compute addresses list
NAME REGION ADDRESS STATUS
my-staging-global 35.244.160.NNN RESERVED
$ host staging.my-app.no
35.244.160.NNN
$ gcloud beta compute ssl-certificates describe staging-google-managed-ssl
creationTimestamp: '2018-12-20T04:59:39.450-08:00'
id: 'NNNN'
kind: compute#sslCertificate
managed:
domainStatus:
staging.my-app.no: FAILED_NOT_VISIBLE
domains:
- staging.my-app.no
status: PROVISIONING
name: staging-google-managed-ssl
selfLink: https://www.googleapis.com/compute/beta/projects/my-project/global/sslCertificates/staging-google-managed-ssl
type: MANAGED
I found a section in the doc I linked to at the beginning of the post Associating SSL certificate resources with a target proxy:
Use the following gcloud command to associate SSL certificate resources with a target proxy, whether the SSL certificates are self-managed or Google-managed.
gcloud compute target-https-proxies create [NAME] \
--url-map=[URL_MAP] \
--ssl-certificates=[SSL_CERTIFICATE1][,[SSL_CERTIFICATE2],[SSL_CERTIFICATE3],...]
Is that necessary when I have this line in my Ingress config?
13 ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
I'm trying to configure an https load balancer on GKE. I'm following: https://cloud.google.com/load-balancing/docs/ssl-certificates and https://cloud.google.com/kubernetes-engine/docs/concepts/ingress
My config has worked for some time using a certificate from Let's Encrypt. But it's too much hassle to renew the certificates all the time so I wanted to test Google's managed service.
This is how I've set it up so far, but stucks on FAILED_NOT_VISIBLE
. Any idea on how I can fix or debug this further?
k8s/staging/staging-ssl.yml
7 apiVersion: extensions/v1beta1
8 kind: Ingress
9 metadata:
10 name: my-staging-lb-ingress
11 annotations:
12 kubernetes.io/ingress.global-static-ip-name: "my-staging-global"
13 ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
14 kubernetes.io/ingress.allow-http: "false"
15 spec:
16 rules:
17 - host: staging.my-app.no
18 http:
19 paths:
20 - path: /*
21 backend:
22 serviceName: my-svc
23 servicePort: 3001
Reserved IP
$ gcloud compute addresses list
NAME REGION ADDRESS STATUS
my-staging-global 35.244.160.NNN RESERVED
$ host staging.my-app.no
35.244.160.NNN
$ gcloud beta compute ssl-certificates describe staging-google-managed-ssl
creationTimestamp: '2018-12-20T04:59:39.450-08:00'
id: 'NNNN'
kind: compute#sslCertificate
managed:
domainStatus:
staging.my-app.no: FAILED_NOT_VISIBLE
domains:
- staging.my-app.no
status: PROVISIONING
name: staging-google-managed-ssl
selfLink: https://www.googleapis.com/compute/beta/projects/my-project/global/sslCertificates/staging-google-managed-ssl
type: MANAGED
I found a section in the doc I linked to at the beginning of the post Associating SSL certificate resources with a target proxy:
Use the following gcloud command to associate SSL certificate resources with a target proxy, whether the SSL certificates are self-managed or Google-managed.
gcloud compute target-https-proxies create [NAME] \
--url-map=[URL_MAP] \
--ssl-certificates=[SSL_CERTIFICATE1][,[SSL_CERTIFICATE2],[SSL_CERTIFICATE3],...]
Is that necessary when I have this line in my Ingress config?
13 ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
I'm trying to configure an https load balancer on GKE. I'm following: https://cloud.google.com/load-balancing/docs/ssl-certificates and https://cloud.google.com/kubernetes-engine/docs/concepts/ingress
My config has worked for some time using a certificate from Let's Encrypt. But it's too much hassle to renew the certificates all the time so I wanted to test Google's managed service.
This is how I've set it up so far, but stucks on FAILED_NOT_VISIBLE
. Any idea on how I can fix or debug this further?
k8s/staging/staging-ssl.yml
7 apiVersion: extensions/v1beta1
8 kind: Ingress
9 metadata:
10 name: my-staging-lb-ingress
11 annotations:
12 kubernetes.io/ingress.global-static-ip-name: "my-staging-global"
13 ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
14 kubernetes.io/ingress.allow-http: "false"
15 spec:
16 rules:
17 - host: staging.my-app.no
18 http:
19 paths:
20 - path: /*
21 backend:
22 serviceName: my-svc
23 servicePort: 3001
Reserved IP
$ gcloud compute addresses list
NAME REGION ADDRESS STATUS
my-staging-global 35.244.160.NNN RESERVED
$ host staging.my-app.no
35.244.160.NNN
$ gcloud beta compute ssl-certificates describe staging-google-managed-ssl
creationTimestamp: '2018-12-20T04:59:39.450-08:00'
id: 'NNNN'
kind: compute#sslCertificate
managed:
domainStatus:
staging.my-app.no: FAILED_NOT_VISIBLE
domains:
- staging.my-app.no
status: PROVISIONING
name: staging-google-managed-ssl
selfLink: https://www.googleapis.com/compute/beta/projects/my-project/global/sslCertificates/staging-google-managed-ssl
type: MANAGED
I found a section in the doc I linked to at the beginning of the post Associating SSL certificate resources with a target proxy:
Use the following gcloud command to associate SSL certificate resources with a target proxy, whether the SSL certificates are self-managed or Google-managed.
gcloud compute target-https-proxies create [NAME] \
--url-map=[URL_MAP] \
--ssl-certificates=[SSL_CERTIFICATE1][,[SSL_CERTIFICATE2],[SSL_CERTIFICATE3],...]
Is that necessary when I have this line in my Ingress config?
13 ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
I'm trying to configure an https load balancer on GKE. I'm following: https://cloud.google.com/load-balancing/docs/ssl-certificates and https://cloud.google.com/kubernetes-engine/docs/concepts/ingress
My config has worked for some time using a certificate from Let's Encrypt. But it's too much hassle to renew the certificates all the time so I wanted to test Google's managed service.
This is how I've set it up so far, but stucks on FAILED_NOT_VISIBLE
. Any idea on how I can fix or debug this further?
k8s/staging/staging-ssl.yml
7 apiVersion: extensions/v1beta1
8 kind: Ingress
9 metadata:
10 name: my-staging-lb-ingress
11 annotations:
12 kubernetes.io/ingress.global-static-ip-name: "my-staging-global"
13 ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
14 kubernetes.io/ingress.allow-http: "false"
15 spec:
16 rules:
17 - host: staging.my-app.no
18 http:
19 paths:
20 - path: /*
21 backend:
22 serviceName: my-svc
23 servicePort: 3001
Reserved IP
$ gcloud compute addresses list
NAME REGION ADDRESS STATUS
my-staging-global 35.244.160.NNN RESERVED
$ host staging.my-app.no
35.244.160.NNN
$ gcloud beta compute ssl-certificates describe staging-google-managed-ssl
creationTimestamp: '2018-12-20T04:59:39.450-08:00'
id: 'NNNN'
kind: compute#sslCertificate
managed:
domainStatus:
staging.my-app.no: FAILED_NOT_VISIBLE
domains:
- staging.my-app.no
status: PROVISIONING
name: staging-google-managed-ssl
selfLink: https://www.googleapis.com/compute/beta/projects/my-project/global/sslCertificates/staging-google-managed-ssl
type: MANAGED
I found a section in the doc I linked to at the beginning of the post Associating SSL certificate resources with a target proxy:
Use the following gcloud command to associate SSL certificate resources with a target proxy, whether the SSL certificates are self-managed or Google-managed.
gcloud compute target-https-proxies create [NAME] \
--url-map=[URL_MAP] \
--ssl-certificates=[SSL_CERTIFICATE1][,[SSL_CERTIFICATE2],[SSL_CERTIFICATE3],...]
Is that necessary when I have this line in my Ingress config?
13 ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
I'm trying to configure an https load balancer on GKE. I'm following: https://cloud.google.com/load-balancing/docs/ssl-certificates and https://cloud.google.com/kubernetes-engine/docs/concepts/ingress
My config has worked for some time using a certificate from Let's Encrypt. But it's too much hassle to renew the certificates all the time so I wanted to test Google's managed service.
This is how I've set it up so far, but stucks on FAILED_NOT_VISIBLE
. Any idea on how I can fix or debug this further?
k8s/staging/staging-ssl.yml
7 apiVersion: extensions/v1beta1
8 kind: Ingress
9 metadata:
10 name: my-staging-lb-ingress
11 annotations:
12 kubernetes.io/ingress.global-static-ip-name: "my-staging-global"
13 ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
14 kubernetes.io/ingress.allow-http: "false"
15 spec:
16 rules:
17 - host: staging.my-app.no
18 http:
19 paths:
20 - path: /*
21 backend:
22 serviceName: my-svc
23 servicePort: 3001
Reserved IP
$ gcloud compute addresses list
NAME REGION ADDRESS STATUS
my-staging-global 35.244.160.NNN RESERVED
$ host staging.my-app.no
35.244.160.NNN
$ gcloud beta compute ssl-certificates describe staging-google-managed-ssl
creationTimestamp: '2018-12-20T04:59:39.450-08:00'
id: 'NNNN'
kind: compute#sslCertificate
managed:
domainStatus:
staging.my-app.no: FAILED_NOT_VISIBLE
domains:
- staging.my-app.no
status: PROVISIONING
name: staging-google-managed-ssl
selfLink: https://www.googleapis.com/compute/beta/projects/my-project/global/sslCertificates/staging-google-managed-ssl
type: MANAGED
I found a section in the doc I linked to at the beginning of the post Associating SSL certificate resources with a target proxy:
Use the following gcloud command to associate SSL certificate resources with a target proxy, whether the SSL certificates are self-managed or Google-managed.
gcloud compute target-https-proxies create [NAME] \
--url-map=[URL_MAP] \
--ssl-certificates=[SSL_CERTIFICATE1][,[SSL_CERTIFICATE2],[SSL_CERTIFICATE3],...]
Is that necessary when I have this line in my Ingress config?
13 ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
I'm trying to configure an https load balancer on GKE. I'm following: https://cloud.google.com/load-balancing/docs/ssl-certificates and https://cloud.google.com/kubernetes-engine/docs/concepts/ingress
My config has worked for some time using a certificate from Let's Encrypt. But it's too much hassle to renew the certificates all the time so I wanted to test Google's managed service.
This is how I've set it up so far, but stucks on FAILED_NOT_VISIBLE
. Any idea on how I can fix or debug this further?
k8s/staging/staging-ssl.yml
7 apiVersion: extensions/v1beta1
8 kind: Ingress
9 metadata:
10 name: my-staging-lb-ingress
11 annotations:
12 kubernetes.io/ingress.global-static-ip-name: "my-staging-global"
13 ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
14 kubernetes.io/ingress.allow-http: "false"
15 spec:
16 rules:
17 - host: staging.my-app.no
18 http:
19 paths:
20 - path: /*
21 backend:
22 serviceName: my-svc
23 servicePort: 3001
Reserved IP
$ gcloud compute addresses list
NAME REGION ADDRESS STATUS
my-staging-global 35.244.160.NNN RESERVED
$ host staging.my-app.no
35.244.160.NNN
$ gcloud beta compute ssl-certificates describe staging-google-managed-ssl
creationTimestamp: '2018-12-20T04:59:39.450-08:00'
id: 'NNNN'
kind: compute#sslCertificate
managed:
domainStatus:
staging.my-app.no: FAILED_NOT_VISIBLE
domains:
- staging.my-app.no
status: PROVISIONING
name: staging-google-managed-ssl
selfLink: https://www.googleapis.com/compute/beta/projects/my-project/global/sslCertificates/staging-google-managed-ssl
type: MANAGED
I found a section in the doc I linked to at the beginning of the post Associating SSL certificate resources with a target proxy:
Use the following gcloud command to associate SSL certificate resources with a target proxy, whether the SSL certificates are self-managed or Google-managed.
gcloud compute target-https-proxies create [NAME] \
--url-map=[URL_MAP] \
--ssl-certificates=[SSL_CERTIFICATE1][,[SSL_CERTIFICATE2],[SSL_CERTIFICATE3],...]
Is that necessary when I have this line in my Ingress config?
13 ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
I had this problem for days. Even though the FQDN in Google Cloud public DNS zone correctly resolved to the IP of the HTTPS Load Balancer, certificate created failed with FAILED_NOT_VISIBLE. I eventually resolved the problem as my domain was set up in Google Domains with DNSSEC but had an incorrect DNSSEC record when pointing to the Google Cloud Public DNS zone. DNSSEC configuration can be verified using https://dnsviz.net/
As already pointed by Mitzi https://stackoverflow.com/a/66578266/7588668
This is what worked for me
It worked in 5min
I had the same problem. But my problem was in the deployment. I ran
kubectl describe ingress [INGRESS-NAME] -n [NAMESPACE]
The result shows an error in the resources.timeoutsec
for the deployment. Allowed values must be less than 300 sec. My original value was above that. I reduced readinessProbe.timeoutSeconds
to a lower number. After 30 mins the SSL cert was generated and the subdomain was verified.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.