K
Q

Kubernetes enable service for HTTPS

9/30/2018

I have a Google Kubernetes Engine with an application that has a public service endpoint. But I would like to change the endpoint from http://... to a secure https://.

What is the easiest way of going about this?

I assume I will need to somehow get an entity to issue me some sort of certificate for my domain. If that's the case, should I use the 35.X.X.X endpoint IP or use a domain such as mydomain.com?

Thanks

-- Harry Stuart
google-cloud-platform
google-kubernetes-engine
kubernetes
kubernetes-ingress

Similar Questions

Helm dependency update when upgrading chart
Can I use a previous GCP Ubuntu OS version on GKE?
GCE ingress health checks failing on kubernetes
Virtualbox running inside Linux Mint : issue with minikube credentials
How to make Kafka Cluster on Kubernetes Cluster?
CoreDNS pods stuck in ContainerCreating - Kubernetes

1 Answer

9/30/2018

There are multiple ways of doing this. Here are some:

  1. An easy way is to create external layer 7 GCP load balancer and have it terminate your SSL, with your own certificates, then create a NodePort service to listen for your traffic (non-TLS) and forward the layer 7 load balancer to that NodePort on all your cluster machines. The downside of this solution would be that your internal cluster traffic would be non-TLS, but you may not care about that unless you are implementing compliance.

LB

  1. Another way is to just let your application in the pod handle SSL directly and set the pod to listen on port 443 and expose it on your layer 4 GCP load balancer on port 443.

  2. Another way (which is preferred on later Kubernetes versions) is to use the same 35.X.X.X external IP which essentially is a layer 4 load balancer and have a Kubernetes Ingress listen for your traffic and handle TLS.

Note that this all gets a bit trickier if you want to implement TLS end to end.

-- Rico
Source: StackOverflow