According to this page, it appears Google Kubernetes can make a Google managed SSL certificate if you're using LoadBalancer. That's what I want to use.
However, I used this page to set up an Ingress for my custom domain.
So right now, I have an Ingress and I can access my cluster using my custom domain just fine, but how do I add HTTPS to it? My suspicion is that Ingress also makes a LoadBalancer, but I can't figure out how to modify it according to the first link.
On
You will need to have 2 Load balancers to achieve your goal, first one is for HTTP with redirection and the other is for HTTPS. You can check this link for the official guide on setting up HTTPS load balancers.
On
You need to associate the managed cert to your ingress manifest. Where you are setting the value for kubernetes.io/ingress.global-static-ip-name you should be able to add networking.gke.io/managed-certificates: *certificate-name*
see: https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
The example ingress (from those docs) looks like this:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-name
annotations:
kubernetes.io/ingress.global-static-ip-name: address-name
networking.gke.io/managed-certificates: certificate-name
spec:
backend:
serviceName: service-name
servicePort: service-port
Yours might look slightly different, but the important part for this feature is the annotations section.
You're right. When you create an ingress object, load balancer is created automatically, behind the scenes. It's even mentioned here:
You can even list it in your Google Cloud Console by goint to
Navigation menu->Networking->Network services->Load balancing.The easiest way to edit it is by clicking 3 dots next to it and then
Edit:But rather than editing it manually you need to modify your
Ingressresource.Suppose you have followed the steps outlined here and everything works as expected, but only via http, which is also expected as you have not configured SSL Certificate with your ingress so far and the Load Balancer it uses behind the scenes is also configured to work with http only.
If you followed the guide you mentioned and have already configured Google-managed SSL certificate, you only need to update your ingress resource configuration by adding
networking.gke.io/managed-certificates: certificate-nameannotation as @ldg suggested in his answer.If you didn't configure your SSL certificate, you can do it from kubernetes level by applying the following yaml manifest as described here:
Save it as file
example-cert.yamland then run:Once it is created you can re-apply your ingress configuration from the same yaml manifest as before with the mentioned annotation added.
If for some reason you want to get the ingress you've deployed based on your running configuration, you can run:
then you can edit the
ingress.yamlfile and re-apply it again.After adding the annotation, go again in your Google Cloud Console to
Navigation menu->Networking->Network services->Load balancingand you'll notice that the protocol of the load balancer associated with the ingress have changed fromHTTPtoHTTP(S)and if the certificate is valid, you should be able to access your website using your custom domain via HTTPS.