https://pulumi.com logo
#general
Title
# general
d

dry-sugar-63293

10/11/2021, 7:48 AM
Hi guys, I am trying to use Pulumi to setup - Ingress for my GKE service - with HTTPS loadbalancer - with Google managed SSL certificate. For some reason, the Ingress creation is stuck forever at "Creating Ingress" Are there any working examples that I can refer to? if you need more info, feel free to ask and I would be happy to provide. Below is a code snippet of I have tried so far (arrived at this state after a zillion trials). What am I missing? #kubernetes #gcp
Copy code
const authDeploymentService = new k8s.core.v1.Service(authDeploymentName,
            {
                metadata: {
                    name: "auth-svc",
                    labels: authDeploymentAppLabels,
                    namespace: namespaceName,
                },
                spec: {
                    type: "LoadBalancer",
                    ports: [{ port: 80, targetPort: 8080 }],
                    selector: authDeploymentAppLabels,
                },
            },
            {
                provider: clusterProvider,
                dependsOn: [authDeployment]
            }
        );


        const authServiceManagedCert = new gcp.compute.ManagedSslCertificate("auth-cert-001", {
            name: "auth-cert-001",
            project: myGcpProject.projectId,
            description: "Managed SSL Certificate For auth service",
            managed: {
                domains: [
                    "<http://mydomain.com|mydomain.com>"
                ]
            }
        });

        const managedCertConfigMap = new k8s.core.v1.ConfigMap("managed-certificate-config", {
            data: {
                "1": pulumi.interpolate`{"Key":{"Namespace":"${namespaceName}","Name":"${authServiceManagedCert.name}"},"Value":{"ExcludedFromSLO":false,"SoftDeleted":false,"SslCertificateName":"${authServiceManagedCert.id}","SslCertificateBindingReported":true,"SslCertificateCreationReported":true}}}`
            },
            metadata: {
                name: "managed-certificate-config",
                namespace: "kube-system",
            }
        })

        const ingress = new k8s.networking.v1beta1.Ingress(authDeploymentName + "-ingress", {
            metadata: {
                namespace: namespaceName,
                annotations: {
                    "<http://ingress.gcp.kubernetes.io/pre-shared-cert|ingress.gcp.kubernetes.io/pre-shared-cert>": authServiceManagedCert.name,
                    "<http://networking.gke.io/managed-certificates|networking.gke.io/managed-certificates>": authServiceManagedCert.name
                }
            },
            spec: {
                ingressClassName: "gce",
                backend: {
                    serviceName: authDeploymentService.metadata.name,
                    servicePort: 80
                },
                tls: [
                    {
                        hosts: ["<http://mydomain.com|mydomain.com>"],
                    }
                ],
                rules: [
                    {
                        host: "<http://mydomain.com|mydomain.com>",
                        http: {
                            paths: [
                                {
                                    path: "/",
                                    backend: {
                                        serviceName: authDeploymentService.metadata.name,
                                        servicePort: authDeploymentService.spec.ports[0].port,
                                    },
                                }
                            ],
                        },
                    },
                ]
            }
        },
            {
                provider: clusterProvider,
                dependsOn: [managedCertConfigMap]
            });
Ok in case anyone stumbles across this, I found one key input thanks to this article ... I was using networking/v1beta (which is deprecated apparently) instead of networking/v1. Once I changed to v1, I started seeing different behavior such as the backend,frontends, target proxies etc getting created. I will update this group once I have complete success with this.
👍 1
6 Views