Let’s Encrypt on GKE
GKE (Google Kubernetes Engine) does not offer an out-of-the-box HTTPS solution or TLS/SSL certificates for your websites today:
- Let’s Encrypt is a non-profit Certificate Authority that provides free TLS/SSL certificates that can be used to secure websites with HTTPS.
- cert-manager is a third-party Kubernetes controller that automates getting TLS/SSL certificates from Let’s Encrypt and refreshing them.
⚠️ ⚠️cert-manager is pre-stable software and is not officially supported by Google. Use it at your own risk! ⚠️ ⚠️
- A registered domain name
- A GKE cluster
- Estimated time: 30 minutes.
- Install Helm
- Install cert-manager
- Set up Let's Encrypt
- Deploy a web app on a domain name
- Get a certificate for your domain name
What's not covered in this tutorial
- Redirecting HTTP traffic to HTTPS (not possible with GKE Ingress yet)
- Securing traffic between Cloud Load Balancer and your app with TLS
Alternative HTTPS proxies
If you're looking for a far simpler third-party solution and you're OK with HTTPS requests from your visitors terminated/proxied by a third-party, these services work with GKE apps:
This is not an official Google product or documentation.