Why GCP LoadBalancer doesn't support the ECDSA certificate?
I have created kubernetes ingress with frontend config and the ECDSA P-384 TLS cert on Google Cloud Platform, after few seconds of creating process i received the followind error:
Error syncing to GCP: error running load balancer syncing routine: loadbalancer -default--ingress-****** does not exist: Cert creation failures - k8s2-cr---***** Error:googleapi: Error 400: The ECDSA curve is not supported., sslCertificateUnsupportedCurve
Why The ECDSA curve is not supported? Is there any way to enable this support?
Create tls-secret command:
kubectl create secret tls tls --key [key-path] --cert [cert-path]
Frontend-config:
apiVersion: networking.gke.io/v1beta1
kind: FrontendConfig
metadata:
name: frontend-config
spec:
redirectToHttps:
enabled: true
responseCodeName: MOVED_PERMANENTLY_DEFAULT
Ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress
namespace: default
labels:
kind: ingress
annotations:
networking.gke.io/v1beta1.FrontendConfig: frontend-config
spec:
tls:
- hosts:
- '*.mydomain.com'
secretName: tls
rules:
- host: mydomain.com
http:
paths:
- path: /*
pathType: ImplementationSpecific
backend:
service:
name: spa-ingress-service
port:
number: 80
- host: api.mydomain.com
http:
paths:
- path: /*
pathType: ImplementationSpecific
backend:
service:
name: api-ingress-service
port:
number: 80
spa services:
# SERVICE LOAD BALANCER
apiVersion: v1
kind: Service
metadata:
name: spa-service
labels:
app/name: spa
spec:
type: LoadBalancer
selector:
app/template: spa
ports:
- name: http
protocol: TCP
port: 80
targetPort: http
---
# SERVICE NODE PORT - FOR INGRESS
apiVersion: v1
kind: Service
metadata:
name: spa-ingress-service
labels:
app/name: ingress.spa
spec:
type: NodePort
selector:
app/template: spa
ports:
- name: https
protocol: TCP
port: 80
targetPort: http
api services:
# SERVICE LOAD BALANCER
apiVersion: v1
kind: Service
metadata:
name: api-service
labels:
app/name: api
spec:
type: LoadBalancer
selector:
app/template: api
ports:
- name: http
protocol: TCP
port: 80
targetPort: http
---
# SERVICE NODE PORT - FOR INGRESS
apiVersion: v1
kind: Service
metadata:
name: api-ingress-service
labels:
app/name: ingress.api
spec:
type: NodePort
selector:
app/template: api
ports:
- name: https
protocol: TCP
port: 80
targetPort: http
kubectl describe ingress response:
The gcp load balancer supports RSA-2048 or ECDSA P-256 certificates. Also DownstreamTlsContexts support multiple TLS certificates. These may be a mix of RSA and P-256 ECDSA certificates.
The following error is due to the incompatibility with the P-384 certificate currently being used rather than the P-256 certificate.
For additional information refer to the Load Balancing Overview.
- How can I close over variables in kdb/Q?
- When is the EACH operator extension necessary in K besides mod/rotate?
- Handling single-character strings - in a function or in its caller? ssr()
- Kdb+ data fomat when writing to a file
- How to convert a symbol to a string in kdb+?
- Sum of each two elements using vector functions
- A dictionary with a single value and multiple keys
- Table transformation, table as list of dicts
- Accumulator gives different result then direct function applying
- Reshape [cols;table]
- FK field over IPC
- Protected execution, 2 cases
- Enums for tables
- Converge (fixed point) syntax difference in q and k
- .Q.trp and bt handling
- NULLs in q and in k.h
- Strange view declaration behaviour
- How to build a parse-tree of projections?
- Could not evaluate manually created equial ~ parse tree
- Select distinct for all columns from keyed table
- Parallel execution: blocking receive, deferred synchronous
- Multiple variable assignment in q
- Select a table from the inside of external select
- Select when one of filter-column may not exists
- What is the meaning of `s attribute on a table?
- On parallel execution - which side reports about an error?
- Validate if a keyed table have unique keys
- Applying dictionary to dictionary
- About xkey implementation
- Parse tree built on values from vars