CODEWITHSUNDEEP
google-cloud-platformgoogle-kubernetes-engine
KnowHoper
KnowHoper

Reputation: 4622

GKE Ingress - Managed Cert multiple services

I need to provision some https routes to a GKE instance for a number of services. There are obviously many ways to do this, I'd prefer to stay GCP native where possible.

Using GKE native resources can I achieve something like this:

apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
  name: tools-managed-cert-toola
  namespace: toola
spec:
  domains:
    - tools.acme-uat.com
---
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
  name: tools-managed-cert-toolb
  namespace: toolb
spec:
  domains:
    - tools.acme-uat.com

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: toola-ingress
  namespace: toola
  annotations:
    kubernetes.io/ingress.global-static-ip-name: "acme-tools-ip"
    networking.gke.io/managed-certificates: plumbing-managed-cert-toola
    kubernetes.io/ingress.class: "gce"
spec:
  rules:
  - host: "tools.acme-uat.com"
    http:
      paths:
      - pathType: Prefix
        path: "/toola"
        backend:
          service:
            name: toola-server
            port:
              number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: toolb-ingress
  namespace: toolb
  annotations:
    kubernetes.io/ingress.global-static-ip-name: "acme-tools-ip"
    networking.gke.io/managed-certificates: plumbing-managed-cert-toolb
    kubernetes.io/ingress.class: "gce"
spec:
  rules:
  - host: "tools.acme-uat.com"
    http:
      paths:
      - pathType: Prefix
        path: "/toolb"
        backend:
          service:
            name: toolb-server
            port:
              number: 80

This feels like the wrong direction though. Is it more conventional to switch the services on the GKE instance to NodePort and provision an upstream HTTPS LoadBalancer to manage the routing and TLS termination? This would obviously require scripting, so a GKE native approach is preferred if there is a way?

Any advice would be appreciated.

Cheers

Upvotes: 1

Views: 508

Answers (1)

Sergiusz
Sergiusz

Reputation: 1245

As mentioned by @boredabdel, you can't cross namespaces like that. This has also been discussed here.
And you can find some workarounds in this question.

Upvotes: 1

Related Questions