I'm running a service in GKE and have an Ingress for setting up LTS. I have tried by my self-signing certificates and I could access to my site through https protocol. It looks good. Please notice that I have a static IP for Ingress and a domain name for it already.
But now I'm going to create a real-certificates and trying to create a CSR and sending it to CA but I'm so confused after reading those posts:
Manage TLS Certificates in a Cluster
I have some questions:
All I want is to make *.crt and *.key file for setting up https on my service. (I have read some blog posts telling about Let's Encrypt but I don't want to use it).
Thank you for reading.
Let's go over each of your questions first:
What's Pod's DNS, Pod's Ip and Service's Ip?
Within the cluster, each pod has it's own internal IP address and DNS record. Same goes for the services. You can read up on DNS within Kubernetes here and you can read more about IP addresses here.
Do I have to create DNS for pod and service?
For use within the cluster, that's automatically taken care of for you. If you want to expose a pod/service and have it externally accessible via a DNS record, you'll have to create it somewhere, just like you would for any other server/service/whatever.
Can I generate the *.csr file from my local PC?
Can I create a server certificate authentication if I follow the steps...
When it comes to GKE and Ingress, handling certificates can be done in two different ways. You can just add a certificate to your project and tell the Ingress controller to use it. Here in this page you can find a fantastic description on how to do this, and here is the page to create a certificate in the Console. This page also shows you how to do it by using secrets, though I personally prefer the added visibility of using a certificate that's part of my project.