Tutorial for installing cert-manager on GKE get HTTPS certificates from Let’s Encrypt
Switch branches/tags
Nothing to show
Clone or download
Latest commit 3cf1ddd Dec 14, 2018

README.md

GKE loves Let’s Encrypt!

Let’s Encrypt on GKE

GKE (Google Kubernetes Engine) does not offer an out-of-the-box HTTPS solution or TLS/SSL certificates for your websites today:

  • Let’s Encrypt is a non-profit Certificate Authority that provides free TLS/SSL certificates that can be used to secure websites with HTTPS.
  • cert-manager is a third-party Kubernetes controller that automates getting TLS/SSL certificates from Let’s Encrypt and refreshing them.

⚠️⚠️ cert-manager is pre-stable software and is not officially supported by Google. Use it at your own risk! ⚠️⚠️

Requirements:

  • A registered domain name
  • A GKE cluster
  • Estimated time: 30 minutes.

Steps

  1. Install Helm
  2. Install cert-manager
  3. Set up Let's Encrypt
  4. Deploy a web app on a domain name
  5. Get a certificate for your domain name
  6. Cleanup

What's not covered in this tutorial

  • Redirecting HTTP traffic to HTTPS (not possible with GKE Ingress yet)
  • Securing traffic between Cloud Load Balancer and your app with TLS

Alternative HTTPS proxies

If you're looking for a far simpler third-party solution and you're OK with HTTPS requests from your visitors terminated/proxied by a third-party, these services work with GKE apps:


This is not an official Google product or documentation.