I am using GKE for my services and few of my services use ALB in GCP.
I use below ingress to create the ALB and it works fine. but when I look at challenge it is failing with error in description and cm-acme-http-solver is also not getting resolved because of that.
I search a lot on google and I did not find people getting this error much. When we deployed service,2 months back this type of error did not pop up and it has been just last 7 days since we the challenge is failing.
There is no such log I find for challenges orders. only the error.
Do I need to add any port access that is blocking the ALB in GCP to access GKE
note:MY GKE cluster is private.
How I set up ingress:
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: 'gce'
hosts:
- host: myhost.com
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- myhost.com.com
secretName: customer-secret-tls
So because I was using the ALB and then letsencrypt as self managed certificate in GCP, while its a best practice to use GCP managed certificate for ALB.
Solution that I applied and resolved the issue is:
I created a certificate in GCP Then I annotated that in my ingress as below
ingress.gcp.kubernetes.io/pre-shared-cert
This annotation will attach the GCP managed certificate to my load balancer.