K
Q

how to enable https tls on kubernetes GCE

2/28/2018

I successfully deployed my web app on kubernetes in Google cloud. It is serving via http. I followed all guides on how to add ssl certificate and it was added according to Google cloud console however, it only work as http , when you try to access the web app as HTTPS. the browser says "This site can’t be reached"

my ingress YAML looks like this

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: no-rules-map
spec:
  tls:
  - secretName: testsecret
  backend:
    serviceName: s1
    servicePort: 80

for Secret

apiVersion: v1
data:
  tls.crt: [crt]
  tls.key: [key]
kind: Secret
metadata:
  name: testsecret
  namespace: default
type: Opaque
-- Mujtaba Alboori
cloud
google-compute-engine
google-kubernetes-engine
kubernetes
kubernetes-security

Similar Questions

How do I resolve /kubepods/besteffort/pod<uuid> to a pod name?
How does Kubernetes GC detect disk usage?
How to pull image from dockerhub in kubernetes?
Deployment specific volumes in Kubernetes

1 Answer

3/1/2018

I used this command to upload my ssl certificate

kubectl create secret tls tls-secret --key=/tmp/tls.key --cert=/tmp/tls.crt

instead of yaml file Secret below and it works better. At least for Google Cloud

apiVersion: v1
data:
  tls.crt: [crt]
  tls.key: [key]
kind: Secret
metadata:
  name: testsecret
  namespace: default
type: Opaque

Make sure when you go to Kubernates Engine -> Configuration in Google Cloud Console that your secret type is Secret: kubernetes.io/tls and not only Secret. when you create your secret using yaml it is created as secret only and not Secret: kubernetes.io/tls.

For more information you can take a look at these following links: https://github.com/kubernetes/ingress-gce#backend-https

enter link description here

https://cloud.google.com/kubernetes-engine/docs/tutorials/http-balancer#remarks

-- Mujtaba Alboori
Source: StackOverflow