According to Creating a Google-managed SSL certificate resource, I need to Associate a Google-managed SSL certificate with a target proxy:
gcloud beta compute [target-https-proxies | target-ssl-proxies] update [NAME] \
--ssl-certificates [SSL-CERTIFICATE-NAME]
Do I need to associate the SSL certificate by the command above, or is that also achieved by the following .yml config?
7 apiVersion: extensions/v1beta1
8 kind: Ingress
9 metadata:
10 name: my-staging-ingress
11 annotations:
12 kubernetes.io/ingress.global-static-ip-name: "my-staging-global"
13 ingress.gcp.kubernetes.io/pre-shared-cert: "staging-google-managed-ssl"
14 kubernetes.io/ingress.allow-http: "false"
If the config above doesn't cut it, should I create it as described here? It looks like this guide assumes one has access to the certificates, which I don't as it's managed by Google.
You can have GKE create an ingress controller that's backed by a Google HTTPS load balancer. When you do that, you specify configuration for the ingress in a config file and GKE builds all the load balancer components. The SSL certificate (and private key) are combined into a configuration object called a SSL Certificate.That's linked to the target HTTPS proxy.The first thing to do would be to create a Google managed certificate object.This part has nothing to do with Kubernetes.The command is:
$gcloud beta compute ssl-certificates create [SSL_CERTIFICATE_NAME] \
--domains [DOMAIN] See the attached link for more details
All you have to do for this part is to create the certificate object. You do not assign it to any target proxy. Now, for the second part: Once you have the GCP certificate object created, you can reference it when you create a Kubernetes ingress.In Kubernetes terms, this is called "using a pre-shared certificate." A pre-shared certificate is simply one that's backed by an existing GCP SSL Certificate object (whether or not that SSL Certificate is a Google managed certificate or one that you created by uploading your own key and certificate). See the attached link for more details.