Menu
I've updated the SSL certificate for my Kubernetes Ingress services, but I don't know how to restart the instances to use the updated cert secret without manually deleting and restarting the Ingress instances. That isn't ideal because of the number of ingresses that are making use of that specific cert (all sitting on the same TLD). How do I force it to use the updated secret?
319
You shouldn't need to delete the Ingress object to use the updated TLS Secret.
GKE Ingress controller (https://github.com/kubernetes/ingress-gce) automatically picks up the updated Secret resource and updates it. (Open an issue on the repo if it doesn't).
Example:
$ kubectl describe ingress foobar
Name: foobar
Labels: <none>
Namespace: default
Address: 123.234.123.234
Ingress Class: <none>
Default backend: <default>
TLS:
my-secret terminates
(...)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 6m29s loadbalancer-controller TargetProxy "<redacted>" certs updated
Normal Sync 6m25s (x78 over 12h) loadbalancer-controller Scheduled for sync
- here the certificate from a secret 'my-secret' has been successfully reloaded 6m29s ago.
If you're not seeing the changes in ~10-20 minutes, I recommend editing the Ingress object trivially (for example, add a label or an annotation) so that the ingress controller picks up the object again and evaluates goal state vs the current state, then goes ahead to make the changes (update the TLS secret).
79
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
