How can I assign SSL certificates to a regional ip which is a loadbalancer to a kubernetes service

Question

I have a kubernetes service which I put behind a load balancer. The load balancer is on a regional static IP. The reason I can't use a global IP is because when I assign it to my service, it refuses to accept it. Others have faced the same problem.

I'm trying to assign a SSL certificate to the TCP load balancer(regional IP) created but in the Frontend configuration, I don't see an option.

If I use a global IP, I can see the option to create/assign a certificate but my service refuses the IP as shown in the link above. How can I assign SSL certificates to a regional ip which is a loadbalancer to a kubernetes service? or if you know a way of my service accepting a loadbalancer on a global IP for a kubernetes service, please let me know.

Note: I have disabled the default gce ingress controller and I'm using my own ingress controller. So it does not create an external ip automatically.

Answer 1

If you use regional TCP balancer then it is simply impossible to assign certificate to load balancer because it operates on level 4 (TCP) while SSL is at level 7. That's why you don't see an option of assigning certificate.

You need to assign SSL certificates on ingress controller level like this:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: foo
  namespace: default
spec:
  tls:
  - hosts:
    - foo.bar.com
    secretName: foo-secret
  rules:
  - host: foo.bar.com
    http:
      paths:
      - backend:
          serviceName: foo
          servicePort: 80
        path: /