Closed blasterbug closed 4 years ago
the problem here is that your cert and the ingress (because it's an nginx ingress) are in a different namespace. I'm not sure yet how to fix this.
For past few days I have been trying to resolve this issue. My config looks very similar. I found that supposedly dnssec should be enabled on domain as this can impact creation of managedCertificate. I enabled that and now I am getting FailedNotVisible after approx 20 minutes (before it was changing to that status almost instantly)
On my setup both - the ingress and the certificate are in the same namespace.
This looks like a standard setup so I am not sure what else can be wrong here.
I will give it another day. Perhaps something wrong with domain configuration still?
According to the prerequisite https://github.com/GoogleCloudPlatform/gke-managed-certs/blob/master/README.md#prerequisites, this is only supported by the Ingress GKE ingress controller: https://github.com/kubernetes/ingress-gce.
@adamgajzlerowicz I found that Dohbedoh is correct. If you want to use an nginx ingress, for instance to force https, then you cannot used Google Managed Certs. Try using cert manager
instead.
@rchurch4 Only yesterday I managed to get it working. I configured cert manager by following this tutorial link
To confirm @Dohbedoh links - I exchanged some emails with google cloud support and they also confirmed, quote: "Nginx ingress controller type is not compatible with Google Managed certificates, Although, non-nginx-ingress controller is compatible."
For gcp managed certificates I first followed this doc. Feels like it really should mention it's ingress compatibility issue.
Thanks guys!
What worked for me on 1.15.x
(which was failing but worked on rapid channel 1.16.x
) is to enable compute-rw
scope on node pool and use https://dnssec-analyzer.verisignlabs.com to resolve DNSSEC issues with the domain. Deleted cert and ingress and retried and after about 10-15 minutes it all worked.
Hope that helps!
Running on Kubernetes
1.14.8-gke.12
, withnginx-ingress-1.26.2
, managed certificates failed. DNS are resolved, DNSSEC is working. If I use the default gce-ingress, it actually works.cert.yaml
ingress.yaml