Question

I have an application on GKE that I wish to be available via HTTPS only, so I have gotten a signed certificate to secure the application using TLS.

I wish to continue using the external load balancers (the compute engine instances that google has provided me) but I just want my application to be accessible via https.

How do I apply my server.crt and server.key files to enable https.Do I apply it to the Load balancers or to the kubernetes cluster.

Answer 1

Hello @kartik,

Specifically in Google Kubernetes Engine (GKE), any ingress resources defined in your cluster will be served by a Google Cloud Load Balancer, so I don't think you have to worry about deploying your own Ingress Controller (e.g. Nginx Ingress Controller).

In terms of TLS, you can use your own certificate if you have one. The certificate must be uploaded to the cluster through a Kubernetes Secret. Once that secret is defined, you can reference that secret in your Ingress definition.

You can create the secret using the following command:

kubectl create secret tls my-app-certs --key /tmp/tls.key --cert /tmp/tls.crt

Once you have your secret, you can reference it in your ingress resource:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-app-ingress
spec:
  tls:
  - secretName: my-app-certs
  backend:
    serviceName: s1
    servicePort: 80

Once you have created your ingress resource, GKE will configure the load balancer and give you a publicly accessible IP that you can get using:

kubectl get ingress my-app-ingress