Channels
#general
Title
d
dry-sugar-63293
10/11/2021, 7:48 AMHi guys, I am trying to use Pulumi to setup
- Ingress for my GKE service
- with HTTPS loadbalancer
- with Google managed SSL certificate.
For some reason, the Ingress creation is stuck forever at "Creating Ingress"
Are there any working examples that I can refer to?
if you need more info, feel free to ask and I would be happy to provide.
Below is a code snippet of I have tried so far (arrived at this state after a zillion trials). What am I missing?
#kubernetes #gcp
Copy code
const authDeploymentService = new k8s.core.v1.Service(authDeploymentName,
{
metadata: {
name: "auth-svc",
labels: authDeploymentAppLabels,
namespace: namespaceName,
},
spec: {
type: "LoadBalancer",
ports: [{ port: 80, targetPort: 8080 }],
selector: authDeploymentAppLabels,
},
},
{
provider: clusterProvider,
dependsOn: [authDeployment]
}
);
const authServiceManagedCert = new gcp.compute.ManagedSslCertificate("auth-cert-001", {
name: "auth-cert-001",
project: myGcpProject.projectId,
description: "Managed SSL Certificate For auth service",
managed: {
domains: [
"<http://mydomain.com|mydomain.com>"
]
}
});
const managedCertConfigMap = new k8s.core.v1.ConfigMap("managed-certificate-config", {
data: {
"1": pulumi.interpolate`{"Key":{"Namespace":"${namespaceName}","Name":"${authServiceManagedCert.name}"},"Value":{"ExcludedFromSLO":false,"SoftDeleted":false,"SslCertificateName":"${authServiceManagedCert.id}","SslCertificateBindingReported":true,"SslCertificateCreationReported":true}}}`
},
metadata: {
name: "managed-certificate-config",
namespace: "kube-system",
}
})
const ingress = new k8s.networking.v1beta1.Ingress(authDeploymentName + "-ingress", {
metadata: {
namespace: namespaceName,
annotations: {
"<http://ingress.gcp.kubernetes.io/pre-shared-cert|ingress.gcp.kubernetes.io/pre-shared-cert>": authServiceManagedCert.name,
"<http://networking.gke.io/managed-certificates|networking.gke.io/managed-certificates>": authServiceManagedCert.name
}
},
spec: {
ingressClassName: "gce",
backend: {
serviceName: authDeploymentService.metadata.name,
servicePort: 80
},
tls: [
{
hosts: ["<http://mydomain.com|mydomain.com>"],
}
],
rules: [
{
host: "<http://mydomain.com|mydomain.com>",
http: {
paths: [
{
path: "/",
backend: {
serviceName: authDeploymentService.metadata.name,
servicePort: authDeploymentService.spec.ports[0].port,
},
}
],
},
},
]
}
},
{
provider: clusterProvider,
dependsOn: [managedCertConfigMap]
});Ok in case anyone stumbles across this, I found one key input thanks to this article ... I was using networking/v1beta (which is deprecated apparently) instead of networking/v1. Once I changed to v1, I started seeing different behavior such as the backend,frontends, target proxies etc getting created. I will update this group once I have complete success with this.
👍 1
6 Views