💎 🔥 💎 🔥 💎 Important Update (April 9,2019)
GKE now has beta support for natively provisioning Let's Encrypt TLS certificates.
This means you should stop using this tutorial and use the feature provided by GKE instead.
💎 🔥 💎 🔥 💎
Let’s Encrypt on GKE
GKE (Google Kubernetes Engine) does not offer an out-of-the-box HTTPS solution or TLS/SSL certificates for your websites today:
- Let’s Encrypt is a non-profit Certificate Authority that provides free TLS/SSL certificates that can be used to secure websites with HTTPS.
- cert-manager is a third-party Kubernetes controller that automates getting TLS/SSL certificates from Let’s Encrypt and refreshing them.
⚠️ ⚠️ cert-manager is pre-stable software and is not officially supported by Google. Use it at your own risk!⚠️ ⚠️
Requirements:
- A registered domain name
- A GKE cluster
- Estimated time: 30 minutes.
Steps
- Install Helm
- Install cert-manager
- Set up Let's Encrypt
- Deploy a web app on a domain name
- Get a certificate for your domain name
- Cleanup
What's not covered in this tutorial
- Redirecting HTTP traffic to HTTPS (not possible with GKE Ingress yet)
- Securing traffic between Cloud Load Balancer and your app with TLS
Alternative HTTPS proxies
If you're looking for a far simpler third-party solution and you're OK with HTTPS requests from your visitors terminated/proxied by a third-party, these services work with GKE apps:
- Cloudflare (has a free tier)
- Backplane
This is not an official Google product or documentation.