I got a task from my client related to adding SSL certificate on site. the site already had a Let's encrypt SSL Certificate installed on it that is now expired ( i got this info by clicking on browser "Not Secure" red notification that appears left to your entered url, and then going in Certificate option in Popup ). screenshot of popup
My client site is hosted on google cloud. The site has 4 vm instances in 1 instance group. It also has a TCP load balancer with 1 target pool with targetpool - targetinstance as Backend type and have 4 above vm instances showing in Backend. the frontend configuration of load balancer contains TCP as Protocol, Premium as Network Tier and 80-443 value in port option. screenshot of frontend configuration
Each of the 4 VM instance is showing two values in "in use by" column, one is of the instance group name and the second one is of tcp load balancer name. In the instance group its showing in use by as "production" clicking on which taking to production cluster.
I then open the cluster shell from connect option and run this command.
kubectl get secrets/tls-retail -o yaml
here i found that this secret is related to SSL and the value in tls.crt field (when base64 decoded and checked from certificate decoder) shows same expiry date as show in browser popup
i then changed the tls.crt value in the same secret file and saved it using below code but it didn't get any affect.
EDITOR=nano kubectl edit secrets tls-retail
from this stackoverflow link ( How to restart a GCP Ingress Item To Use Updated Secret ) I found that it take 10-20 minutes to take affect but even after 1 to 2 hours there isn't any affect. Can you guide me why this change isn't taking any affect. or if someone can guide me how to use a google managed ssl certificate in my above case as i am new to Google Console and GKE.
Thanks