带 SSL 的 Pulumi GKE Ingress
Pulumi GKE Ingress with SSL
我正在尝试使用#Pulumi 进行设置
- #我的#GKE 服务的入口
- 使用 HTTPS 负载均衡器
- 使用 Google 托管 SSL 证书。
由于某种原因,Ingress 创建永远停留在“Creating Ingress”。
我正在使用 GCE 入口控制器。
有没有我可以参考的工作示例?
如果您需要更多信息,请随时询问,我很乐意提供。
以下是我迄今为止尝试过的代码片段(经过无数次试验后到达此状态)。我错过了什么?
#kubernetes #gcp
const authDeploymentService = new k8s.core.v1.Service(authDeploymentName,
{
metadata: {
name: "auth-svc",
labels: authDeploymentAppLabels,
namespace: namespaceName,
},
spec: {
type: "LoadBalancer",
ports: [{ port: 80, targetPort: 8080 }],
selector: authDeploymentAppLabels,
},
},
{
provider: clusterProvider,
dependsOn: [authDeployment]
}
);
const authServiceManagedCert = new gcp.compute.ManagedSslCertificate("auth-cert-001", {
name: "auth-cert-001",
project: myGcpProject.projectId,
description: "Managed SSL Certificate For auth service",
managed: {
domains: [
"mydomain.com"
]
}
});
const managedCertConfigMap = new k8s.core.v1.ConfigMap("managed-certificate-config", {
data: {
"1": pulumi.interpolate`{"Key":{"Namespace":"${namespaceName}","Name":"${authServiceManagedCert.name}"},"Value":{"ExcludedFromSLO":false,"SoftDeleted":false,"SslCertificateName":"${authServiceManagedCert.id}","SslCertificateBindingReported":true,"SslCertificateCreationReported":true}}}`
},
metadata: {
name: "managed-certificate-config",
namespace: "kube-system",
}
})
const ingress = new k8s.networking.v1beta1.Ingress(authDeploymentName + "-ingress", {
metadata: {
namespace: namespaceName,
annotations: {
"ingress.gcp.kubernetes.io/pre-shared-cert": authServiceManagedCert.name,
"networking.gke.io/managed-certificates": authServiceManagedCert.name
}
},
spec: {
ingressClassName: "gce",
backend: {
serviceName: authDeploymentService.metadata.name,
servicePort: 80
},
tls: [
{
hosts: ["mydomain.com"],
}
],
rules: [
{
host: "mydomain.com",
http: {
paths: [
{
path: "/",
backend: {
serviceName: authDeploymentService.metadata.name,
servicePort: authDeploymentService.spec.ports[0].port,
},
}
],
},
},
]
}
},
{
provider: clusterProvider,
dependsOn: [managedCertConfigMap]
});
好吧,万一其他人偶然发现了这个问题,我找到了一个关键输入,感谢 this article ...我使用的是 networking/v1beta(显然已弃用)而不是 networking/v1 .更改为 v1 后,我开始看到不同的行为,例如自动创建后端、前端、目标代理等。
我只希望 Pulumi 更新其文档以反映这一点,这样像我这样的人就不会挣扎。
我正在尝试使用#Pulumi 进行设置
- #我的#GKE 服务的入口
- 使用 HTTPS 负载均衡器
- 使用 Google 托管 SSL 证书。 由于某种原因,Ingress 创建永远停留在“Creating Ingress”。
我正在使用 GCE 入口控制器。 有没有我可以参考的工作示例? 如果您需要更多信息,请随时询问,我很乐意提供。 以下是我迄今为止尝试过的代码片段(经过无数次试验后到达此状态)。我错过了什么?
#kubernetes #gcp
const authDeploymentService = new k8s.core.v1.Service(authDeploymentName,
{
metadata: {
name: "auth-svc",
labels: authDeploymentAppLabels,
namespace: namespaceName,
},
spec: {
type: "LoadBalancer",
ports: [{ port: 80, targetPort: 8080 }],
selector: authDeploymentAppLabels,
},
},
{
provider: clusterProvider,
dependsOn: [authDeployment]
}
);
const authServiceManagedCert = new gcp.compute.ManagedSslCertificate("auth-cert-001", {
name: "auth-cert-001",
project: myGcpProject.projectId,
description: "Managed SSL Certificate For auth service",
managed: {
domains: [
"mydomain.com"
]
}
});
const managedCertConfigMap = new k8s.core.v1.ConfigMap("managed-certificate-config", {
data: {
"1": pulumi.interpolate`{"Key":{"Namespace":"${namespaceName}","Name":"${authServiceManagedCert.name}"},"Value":{"ExcludedFromSLO":false,"SoftDeleted":false,"SslCertificateName":"${authServiceManagedCert.id}","SslCertificateBindingReported":true,"SslCertificateCreationReported":true}}}`
},
metadata: {
name: "managed-certificate-config",
namespace: "kube-system",
}
})
const ingress = new k8s.networking.v1beta1.Ingress(authDeploymentName + "-ingress", {
metadata: {
namespace: namespaceName,
annotations: {
"ingress.gcp.kubernetes.io/pre-shared-cert": authServiceManagedCert.name,
"networking.gke.io/managed-certificates": authServiceManagedCert.name
}
},
spec: {
ingressClassName: "gce",
backend: {
serviceName: authDeploymentService.metadata.name,
servicePort: 80
},
tls: [
{
hosts: ["mydomain.com"],
}
],
rules: [
{
host: "mydomain.com",
http: {
paths: [
{
path: "/",
backend: {
serviceName: authDeploymentService.metadata.name,
servicePort: authDeploymentService.spec.ports[0].port,
},
}
],
},
},
]
}
},
{
provider: clusterProvider,
dependsOn: [managedCertConfigMap]
});
好吧,万一其他人偶然发现了这个问题,我找到了一个关键输入,感谢 this article ...我使用的是 networking/v1beta(显然已弃用)而不是 networking/v1 .更改为 v1 后,我开始看到不同的行为,例如自动创建后端、前端、目标代理等。
我只希望 Pulumi 更新其文档以反映这一点,这样像我这样的人就不会挣扎。