GKE Ingress is not working with cert-manager ssl secrets

Question

I am trying to get letsencrypt work with GKE LB, I know there are GCP Managed Certs but it will not work with internal LB as the challenge will not get passed. Letsencrypt DNS certification using cert-manager is there and ready to be used.

❯ k get secrets letsencrypt-prod -o yaml
apiVersion: v1
data:
  tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdlVZTVhXdGNZZUJpMkdadzljRFRLNzY==
kind: Secret
metadata:
  creationTimestamp: "2021-01-24T15:03:39Z"
  name: letsencrypt-prod
  namespace: elastic-system
  resourceVersion: "3636289"
  selfLink: /api/v1/namespaces/elastic-system/secrets/letsencrypt-prod
  uid: f4bec5a9-d3b5-4f4a-9ec6-01a4ce3ba47c
type: Opaque

spec:
  tls:
    - hosts:
      - staging.example.com
      - staging2.example.com
      secretName: letsencrypt-prod

GCP Reporting this error Error syncing to GCP: error running load balancer syncing routine: error getting secrets for Ingress: secret "letsencrypt-prod" does not specify cert as string data

can anybody help me with what it is missing?

Answer 1

As per this, you must provide a valid format for GCP, like this from your already provided Let's Encrypt valid certs:

kubectl create secret generic letsencrypt-prod --from-file=tls.crt="cert.pem" --from-file=tls.key="privkey.pem" --dry-run -o yaml > output
kubectl apply -f output

Also, (it seems you are already using it, but better safe than sorry), you must define this in the tls section of your Ingress as per this

Answer 2

Actually, it is missed in doc or I am missing as example uses the same name everywhere as metadata.

---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: cert-example
  namespace: example
spec:
  secretName: REAL_NAME_OF_SECRET << This need to include in ingress.
  issuerRef:
    name: letsencrypt-prod
  dnsNames:
  - 'staging.domain.com'
  - '*.staging.domain.com'

so REAL_NAME_OF_SECRET you should put in ingress or anywhere, where you want to use tls.crt or tls.key.