I want to enable https connections for my application in Google Cloud. I followed several tutorials, yet nothing seems to work.
I've deployed application on GKE using Ingress. Here is ingress.yml
:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: myapp-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: myapp-ip
spec:
backend:
serviceName: myapp-service
servicePort: 80
Accessing it with ip address works just fine, site is accessible from the internet.
I've purchased the domain with Google domains and configured DNS Zones by adding A record pointing to my external IP address and CNAME record. Now app is perfectly accessible with this domain.
Then I created SSL certificate and Kubernate secret by running commands:
openssl genrsa -out myapp-ingress-1.key 2048
openssl req -new -key myapp-ingress-1.key -out myapp-ingress-1.csr -subj "/CN=myapp.co.uk"
openssl x509 -req -days 365 -in myapp-ingress-1.csr -signkey myapp-ingress-1.key -out myapp-ingress-1.crt
kubectl create secret tls myapp-tls-secret-1 --cert myapp-ingress-1.crt --key myapp-ingress-1.key
And updated ingress.yml
:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: myapp-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: myapp-ip
spec:
tls:
- secretName: myapp-tls-secret-1
rules:
- host: myapp.co.uk
http:
paths:
- backend:
serviceName: myapp-service
servicePort: 80
I tried several ingress.yml files following different examples on internet, but none of them worked.
Can anyone advice me?
You are missing a line in your yaml file that specifies what host you are securing. Since you are not using external-dns
you will have to create records on your domain provider side manually to connect the IP address to your domain (you seem to have already done this). Looks like both your ingress and your tls secret are in the default
namespace, so you can use the following ingress.yaml
:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: myapp-ingress
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.global-static-ip-name: myapp-ip
spec:
tls:
- hosts:
- "myapp.co.uk"
secretName: myapp-tls-secret-1
rules:
- host: "myapp.co.uk"
http:
paths:
- path: /
backend:
serviceName: myapp-service
servicePort: 80