Tutorial for installing cert-manager on GKE get HTTPS certificates from Let’s Encrypt
Switch branches/tags
Nothing to show
Clone or download
Latest commit 3cf1ddd Dec 14, 2018


GKE loves Let’s Encrypt!

Let’s Encrypt on GKE

GKE (Google Kubernetes Engine) does not offer an out-of-the-box HTTPS solution or TLS/SSL certificates for your websites today:

  • Let’s Encrypt is a non-profit Certificate Authority that provides free TLS/SSL certificates that can be used to secure websites with HTTPS.
  • cert-manager is a third-party Kubernetes controller that automates getting TLS/SSL certificates from Let’s Encrypt and refreshing them.

⚠️⚠️ cert-manager is pre-stable software and is not officially supported by Google. Use it at your own risk! ⚠️⚠️


  • A registered domain name
  • A GKE cluster
  • Estimated time: 30 minutes.


  1. Install Helm
  2. Install cert-manager
  3. Set up Let's Encrypt
  4. Deploy a web app on a domain name
  5. Get a certificate for your domain name
  6. Cleanup

What's not covered in this tutorial

  • Redirecting HTTP traffic to HTTPS (not possible with GKE Ingress yet)
  • Securing traffic between Cloud Load Balancer and your app with TLS

Alternative HTTPS proxies

If you're looking for a far simpler third-party solution and you're OK with HTTPS requests from your visitors terminated/proxied by a third-party, these services work with GKE apps:

This is not an official Google product or documentation.