-
Notifications
You must be signed in to change notification settings - Fork 269
Only adds one cert to load balancers on GCE #58
Comments
If you're running all 3 stages of your app in the same cluster, you might be running into a known limitation with the GCE Ingress implementation. Specifically, the GCE Ingress doesn't support SNI, so it'll only ever configure 1 SSL certificate for the LoadBalancer. You can read more about it here: https://github.com/kubernetes/ingress/tree/master/controllers/gce#tls |
Does this mean it would work if/when GCE Ingress supports SNI and nothing else would have to change? |
Just for notice, GCE Ingress supports SNI as today (2017.02.06). |
works for me! 👍 |
@orian @schurig I can't find any reference to GCE SNI support, where have you found this? |
@tsloughter I'm using Kubernetes Ingress resource and it supports multiple domains and one certificate. I cannot recall where I've found it. But I find a Ingress spec very helpful (even bit more than a webpage doc): Kubernetes Ingress on GCE is built on top of Load Balancing. It creates a load balancer, the GCE Load Balancer supports SNI. |
@orian yes, the ingress resource supports it but GCE LB does not (or at least hasn't worked for me and I can't find any docs saying it should work). The Kubernetes docs still say it is not supported: "This controller does not support SNI" from https://github.com/kubernetes/ingress/tree/master/controllers/gce |
We have 3 different stages of our app. They are all running on a different domain.
Each of them already obtained a ssl certificate and saved it as a secret.
This is a screenshot showing the secrets:
But for only one of the stages the ssl cert is actually set in the LoadBalancer. All others are only available through HTTP and not HTTP&HTTPS.
Here are all SSL certs available in the LoadBalancer settings:
Any idea why it only adds one certificate to the Google Cloud Engine Network settings?
The text was updated successfully, but these errors were encountered: