Skip to content
This repository has been archived by the owner on Feb 6, 2021. It is now read-only.


Repository files navigation


Important Update (April 9,2019)

GKE now has beta support for natively provisioning Let's Encrypt TLS certificates.
This means you should stop using this tutorial and use the feature provided by GKE instead.

GKE loves Let’s Encrypt!

Let’s Encrypt on GKE

GKE (Google Kubernetes Engine) does not offer an out-of-the-box HTTPS solution or TLS/SSL certificates for your websites today:

  • Let’s Encrypt is a non-profit Certificate Authority that provides free TLS/SSL certificates that can be used to secure websites with HTTPS.
  • cert-manager is a third-party Kubernetes controller that automates getting TLS/SSL certificates from Let’s Encrypt and refreshing them.

⚠️⚠️ cert-manager is pre-stable software and is not officially supported by Google. Use it at your own risk! ⚠️⚠️


  • A registered domain name
  • A GKE cluster
  • Estimated time: 30 minutes.


  1. Install Helm
  2. Install cert-manager
  3. Set up Let's Encrypt
  4. Deploy a web app on a domain name
  5. Get a certificate for your domain name
  6. Cleanup

What's not covered in this tutorial

  • Redirecting HTTP traffic to HTTPS (not possible with GKE Ingress yet)
  • Securing traffic between Cloud Load Balancer and your app with TLS

Alternative HTTPS proxies

If you're looking for a far simpler third-party solution and you're OK with HTTPS requests from your visitors terminated/proxied by a third-party, these services work with GKE apps:

This is not an official Google product or documentation.


Tutorial for installing cert-manager on GKE get HTTPS certificates from Let’s Encrypt (⚠️NOW OBSOLETE⚠️)








No releases published


No packages published