3

I tried to create a managed certificate for my ingress with this yaml:

---
apiVersion: "networking.gke.io/v1beta1"
kind: "ManagedCertificate"
metadata:
    name: "example-cert-webapi"
spec:
    domains:
        - "foobar.domain.com"

It was successfully created but when I try to describe the said managed certificate using this command:

kubectl describe managedcertificate example-cert-api

It does not show the status. I was expecting that it will be in provisioning status but it the output of the describe command does not show the status. Below is the describe output:

Name:         example-cert-webapi
Namespace:    default
Labels:       <none>
Annotations:  <none>
API Version:  networking.gke.io/v1
Kind:         ManagedCertificate
Metadata:
  Creation Timestamp:  2020-09-27T08:31:12Z
  Generation:          1
  Resource Version:    foobarResourceVersion
  Self Link:           fooBarSelfLink
  UID:                 fooBarUID
Spec:
  Domains:
    foobar.domain.com
Events:  <none>

I have replaced with foobar the entries which are think are sensitive data.

I have also a Cloud DNS setup which corresponds to the domains which I used in the certificate.

Has anyone experienced the same situation? When my ingress deployment finished, the SSL certificate did not take effect.

Thanks in advance!

Tibebes. M
  • 6,940
  • 5
  • 15
  • 36
Oneb
  • 145
  • 1
  • 12
  • What is your kubernetes version? – thammada.ts Sep 28 '20 at 15:17
  • 1
    Could you add the `Ingress` resource you are running to the question? – Dawid Kruk Sep 28 '20 at 15:36
  • 1
    I suspect this this issue occurs on clusters with master version 1.17. I tried a simple setup on 1.17.9-gke.6300 and I got the same issue as you. While on 1.16.13-gke.401 the managed certificate would get provisioned and get the ACTIVE status – thammada.ts Sep 28 '20 at 19:10
  • I am running 1.17 gke version so looks like you're right @thammada.ts – Oneb Sep 29 '20 at 13:14
  • did you try using `apiVersion: networking.gke.io/v1beta2`? as per https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs#setting_up_the_managed_certificate – ldg Sep 30 '20 at 17:34
  • 1
    according to https://issuetracker.google.com/issues/169595857 the issue specific to v1.17 has been fixed. I have tried it and can confirm it's fixed – thammada.ts Oct 01 '20 at 20:06

1 Answers1

3

We noticed the same issue since yesterday. I can confirm that downgrading to 1.16 solved the problem.
Edit: the issue is created at Google: https://issuetracker.google.com/issues/169595857

Alain B.
  • 100
  • 1
  • 5
  • By downgrading, do you mean creating new cluster with the version 1.16? Or is there a way to downgrade an existing cluster? – thammada.ts Sep 29 '20 at 16:46
  • I did create a new cluster so I can't say if it's possible to downgrade an existing cluster. – Alain B. Sep 30 '20 at 12:22
  • Take a look on official documentation regarding `GKE` downgrades: https://cloud.google.com/kubernetes-engine/docs/how-to/upgrading-a-cluster?_ga=2.12851440.-677313292.1595409969#downgrading_limitations – Dawid Kruk Oct 02 '20 at 12:57