3

I have setup a backend and frontend service running on Kubernetes. Frontend would be www.<myDomain>.com and backend would be api.<myDomain>.com

I need to expose and secure both services. I wish to use one ingress. I want to use free certificates from let's encrypt + cert manager. I guess a certificate for <myDomain>.com should cover both www. and api..

Pretty normal use case, right? But when these normal stuff comes together, I couldn't figure out the combined yaml. I was able to get single service, the www.<myDomain>.com working with https. Things doesn't work when I tried to add the api.<myDomain>.com

I'm using GKE, but this doesn't seem to be a platform related question. Now creating ingress takes forever. This following events has been tried again and again

Error syncing to GCP: error running load balancer syncing routine: loadbalancer <some id here> does not exist: googleapi: Error 404: The resource 'projects/<project>/global/sslCertificates/<some id here>' was not found, notFound

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: web-ingress
  annotations:
    kubernetes.io/ingress.class: gce
    kubernetes.io/ingress.allow-http: "true"
    cert-manager.io/issuer: letsencrypt-staging
spec:
  tls:
    - secretName: web-ssl
      hosts:
        - <myDomain>.com
  rules:
    - host: "www.<myDomain>.com"
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: angular-service
                port:
                  number: 80
    - host: "api.<myDomain>.com"
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: spring-boot-service
                port:
                  number: 8080
XintongTheCoder
  • 142
  • 2
  • 7

3 Answers3

3

I faced the same requirement as you. from

  tls:
- secretName: web-ssl
  hosts:
    - <myDomain>.com

change to

      tls:
        - hosts:
          - www.<myDomain>.com
          secretName: web-ssl
        - hosts:
          - api.<myDomain>.com
          secretName: web-ssl

Help me to solve the issue!

Jun
  • 35
  • 2
3

@Jun's answer worked mostly for me, but the secretName values have to be different. Otherwise, you'll get this error:

Warning BadConfig 12m cert-manager-ingress-shim spec.tls[0].secretName: Invalid value: "api-ingress-cert": this secret name must only appear in a single TLS entry but is also used in spec.tls[1].secretName

After fixing the secretName values, cert-manager generated everything as expected.

cybersam
  • 63,203
  • 6
  • 53
  • 76
Zekena
  • 31
  • 3
  • i had the same problem, the issue was i used the same secretName. after changing secretName to unique value the ssl work perfectly – martiendt Jun 07 '23 at 02:56
0

I figured it out. I used different path for same domain to solve this problem. I'm not saying 2 domains won't work. There are some other configs like CORS related. But single domain different path is a happy path for me. Here is the rules part I used in my ingress.

- host: "www.<myDomain>.com"
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: angular-service
                port:
                  number: 80
          - pathType: Prefix
            path: "/api"
            backend:
              service:
                name: spring-boot-service
                port:
                  number: 8080
XintongTheCoder
  • 142
  • 2
  • 7