K
Q

How to set up TLS connection for GKE Ingress

3/24/2019

I want to enable https connections for my application in Google Cloud. I followed several tutorials, yet nothing seems to work.

I've deployed application on GKE using Ingress. Here is ingress.yml:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: myapp-ingress
  annotations:
    kubernetes.io/ingress.global-static-ip-name: myapp-ip
spec:
  backend:
    serviceName: myapp-service
    servicePort: 80

Accessing it with ip address works just fine, site is accessible from the internet.

I've purchased the domain with Google domains and configured DNS Zones by adding A record pointing to my external IP address and CNAME record. Now app is perfectly accessible with this domain.

enter image description here

Then I created SSL certificate and Kubernate secret by running commands:

openssl genrsa -out myapp-ingress-1.key 2048
openssl req -new -key myapp-ingress-1.key -out myapp-ingress-1.csr -subj "/CN=myapp.co.uk"
openssl x509 -req -days 365 -in myapp-ingress-1.csr -signkey myapp-ingress-1.key -out myapp-ingress-1.crt
kubectl create secret tls myapp-tls-secret-1 --cert myapp-ingress-1.crt --key myapp-ingress-1.key

And updated ingress.yml:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: myapp-ingress
  annotations:
    kubernetes.io/ingress.global-static-ip-name: myapp-ip
spec:
  tls:
  - secretName: myapp-tls-secret-1
  rules:
  - host: myapp.co.uk
    http:
      paths:
      - backend:
          serviceName: myapp-service
          servicePort: 80

I tried several ingress.yml files following different examples on internet, but none of them worked.

Can anyone advice me?

-- Rico W
https
kubernetes
kubernetes-ingress

Similar Questions

Ingress subdomain shows -- after creating an ibm-cloud kubernetes cluster
How to inspect space issues on nodes in kubernate cluster
Kubernets DNS - Let service contact itself via DNS
Access Kubernetes clusters using python client
Host name does not match the certificate subject in deployment
How to configure Azure Application Gateway Ingress Controller (AGIC) yaml
Deploying Akka: heartbeat interval is growing too large when deploying application with resource limits
Scale up mysql with hpa creates an empty database on Kubernetes

1 Answer

3/24/2019

You are missing a line in your yaml file that specifies what host you are securing. Since you are not using external-dns you will have to create records on your domain provider side manually to connect the IP address to your domain (you seem to have already done this). Looks like both your ingress and your tls secret are in the default namespace, so you can use the following ingress.yaml:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: myapp-ingress
  annotations:
    kubernetes.io/tls-acme: "true"
    kubernetes.io/ingress.global-static-ip-name: myapp-ip
spec:
  tls:
  - hosts:
    - "myapp.co.uk"
    secretName: myapp-tls-secret-1
  rules:
  - host: "myapp.co.uk"
    http:
      paths:
      - path: /
        backend:
          serviceName: myapp-service
          servicePort: 80
-- cookiedough
Source: StackOverflow