Skip to content

Instantly share code, notes, and snippets.

@goplogic

goplogic/gcp_tls.md

Forked from pydevops/gke-ingress-manged-tls.md
Created December 17, 2019 14:33
Show Gist options
  • Save goplogic/cd558d58ac53c2e77615f7b7e8f7f18b to your computer and use it in GitHub Desktop.
Save goplogic/cd558d58ac53c2e77615f7b7e8f7f18b to your computer and use it in GitHub Desktop.
Download ZIP
Create a GCP managed TLS certificate for the GKE ingress
Raw
gcp_tls.md

Solution #1

  • GKE with Google-managed SSL certificates
    • Create a ManagedCertificate object.
    • Associate the ManagedCertificate object to an Ingress by adding an annotation networking.gke.io/managed-certificates to the Ingress. This annotation is a comma-separated list of ManagedCertificate resources, cert1,cert2,cert3 for example.

Solution #2

Assumption

Assumes you are using the default L7 GLBC ingress controller. default for GKE cluster.

create a certficate

gcloud beta compute ssl-certificates create ci-example --domains ci.example.com

list a certifcate

gcloud beta compute ssl-certificates list

checking certificate provisoning status

gcloud beta compute ssl-certificates describe ci-example

Please note with a correct configuration the total time for provisioning certificates is likely to take from 30 to 60 minutes.

configure the GKE ingress

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ci
  namespace: ci
  annotations:
    ingress.gcp.kubernetes.io/pre-shared-cert: 'ci-example'
spec:
  backend:
    serviceName: jenkins-ui
    servicePort: 8080

ingress.gcp.kubernetes.io/pre-shared-cert is used by ingress-gce

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment