Score:1

How to use ManagedCertificate in namespaced Ingress

es flag

I tried to use Google Managed Certificate (not through k8s) in Ingress.

If Ingress is in default namespace, everything works fine using ingress.gcp.kubernetes.io/pre-shared-cert: my-cert-name annotation.

However, if Ingress is in a namespace, it looks for a certificate named my-namespace/my-cert-name. But it's impossible to create a certificate with / in its name.

Using GKE k8s ManagedCertificate everything works fine. How to make it work with a non-k8s ManagedCertificate?

UPDATE: we use Terraform to manage SSL certificates, using google_compute_managed_ssl_certificate resource. We used GKE with Ingress, and tried to use that certificate with it. If Ingress is in default namespace -- everything works fine. If Ingress is in some other namespace -- it's impossible to use that certificate, because Ingress looks for certificate named namespacename/certname instead of certname.

Sergiusz avatar
lv flag
Have you followed instructions listed [here](https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs#gcloud)?
es flag
@Sergiusz it describes GKE (k8s) managed certificate. I'm asking about non-k8s google-managed certificate (we don't use Ingress). Like here: https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs
Sergiusz avatar
lv flag
Can you clarify your question? Do you use ingress or not?
es flag
@Sergiusz Sure, sorry. I meant we don't use k8s to manage SSL certificates. We were trying to use namespaced Ingress with them. It seems like if we use Ingress, we can only use K8S-managed certificates, not Google-managed.
Sergiusz avatar
lv flag
Can you edit your question with more in-depth description of your setup? Which services are you using and what kind of solution you want to implement.
es flag
Sure, done, see UPDATE
Score:2
lv flag

This has been suggested, but is currently not supported, you can see the progress here.
It is possible to sync secrets across namespaces using cert-manager but this only works for wildcard certificates.
You would have to move the ingress into the default namespace or use a different certificate provider.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.