Internal Ingress Controller with 4096 bits self si...

pranay142 · 07-30-2024 04:04 AM

Hello here,

I was trying to deploy an internal ingress controller with a self-signed certificate of 4096 bits using the following document. The certificate was served using a Kubernetes secret. However, the load balancer creation failed with an error that the key size is not supported. Below is the exact error message I received.

"Error syncing to GCP: error running load balancer syncing routine: loadbalancer xfi2taqo-vault-vault-ingress-v9crmz8x does not exist: Cert creation failures - k8s2-cr-xfi2taqo-w786u8gs5gd32fo6-db0629a1447fe90a Error:googleapi: Error 400: The SSL key size is unsupported. The loadbalancer supports RSA-2048 and ECDSA P-256 certificates., sslCertificateUnsupportedKeySize"

Can anyone please suggest how to proceed as my organization does not support 2048-bit certificate.

Manish_B

Hello @pranay142,

Thank you for contacting Google Cloud Community.

I understand that you would like to know if there is any way to increase the limitation of the SSL key length from 2048 to 4096 bits.

Unfortunately, at the moment, as it mentions in the documentation, this limit cannot be increased. However, there is an open Feature Request for this, which you can find here. Keep in mind that there is no commitment or ETA from Google when this will be implemented, but you can give more visibility to it using the ‘+1’ button in the top right corner of the page, which will also ensure that you will receive any update that will be posted there.

Regarding your question about how to meet the security requirements, I would like to ask you to contact your Technical Account Management Team, as in these types of inquiries they can provide a better and more customized solution. You can contact them by simply following this link.

I hope the above information is helpful 🙂

Thanks & Regards,
Manish Bavireddy.

saeedhmohd

Have you done it anyway

Internal Ingress Controller with 4096 bits self signed certificate