Overview
Ingress certificates created in the Tencent Kubernetes Engine (TKE) console will reference certificates hosted in the SSL Certificate Service. If an Ingress is used for a long time, the Ingress certificate may expire, which will have a major impact on online businesses. This document describes how to renew an Ingress certificate before it expires. Directions
Querying the certificate expiration time
2. In the certificate list, click Expiry date to view certificates that are about to expire.
Adding a certificate
On the Certificate management page, you can renew an existing certificate to generate a new certificate. You can Purchase certificate, Apply for free certificate, or Upload certificate to add a certificate.
Viewing Ingresses referencing old certificate
1. Log in to the SSL Certificate Service console and select Associate cloud resources next to a certificate to view the load balancer that references this certificate. 2. Click the load balancer ID to redirect to the CLB details page. If the CLB is used for the TKE Ingress, tke-clusterId
and tke-lb-ingress-uuid
will appear in the Tag section. tke-clusterId
and tke-lb-ingress-uuid
indicate the cluster ID and Ingress UID, respectively.
3. On the Basic info page of the CLB, click the editing icon in the tag line to enter the Edit tags page.
4. Use Kubectl to query the Ingress of the cluster based on the cluster ID and filter out the Ingress resource whose UID is tke-lb-ingress.uuid
. The sample reference code is as follows:
$ kubectl get ingress --all-namespaces -o=custom-columns=NAMESPACE:.metadata.namespace,INGRESS:.metadata.name,UID:.metadata.uid | grep 1a******-****-****-a329-eec697a28b35
api-prod gateway 1a******-****-****-a329-eec697a28b35
According to the query result, api-prod/gateway
in this cluster references the certificate. Therefore, this Ingress needs to be updated.
Updating an Ingress
2. On the Update forwarding configuration page, create a secret for the new certificate.
On the Create key page, select the new certificate and click Create secret.
Return to the Update forwarding configuration page, modify the TLS configuration of the Ingress, and add the created certificate secret.
Click Update forwarding configuration to renew the Ingress certificate.
Was this page helpful?