K
Q

How to configure a SSL certificate to be used by Kubernetes with Google Cloud?

9/18/2019

I am trying to send my app to a Google Cloud Cluster using the kubectl command behind a corporative proxy that needs a certificate ".crt" file to be used when doing HTTPS requests.

I already ran the gcloud container clusters get-credentials... command and it also asked for a certificate. I followed the given instructions by Google and I configured my certificate file without any issue and it worked.

But when I try the kubectl get pods I am getting the following message:

"Unable to connect to the server: x509: certificate signed by unknown authority"

How can I configure my certificate file to be used by the kubectl command?

I did a search about this subject but I found too difficult steps. Could I just run something like this:

kubectl --set_ca_file /path/to/my/cert

Thank you

-- WitnessTruth
gcloud
kubernetes
ssl

Similar Questions

Google GKE Workloads Suddenly show offline with Error: ErrImagePull
Cloud Composer creates many Kubernetes workloads, should they be deleted?
Problems with Oracle long-lived connection in Kubernetes cluster
One Traefik Pod in Kubernetes fails with error: 'command traefik error: field not found, node: redirect'
kubectl get componentstatus shows unhealthy

1 Answer

9/18/2019

The short answer up to what I know is no.

here[1] you can see the step by step of how to get this done in the easiest way I found so far, is not a one line way but is the closest to that.

after having your cert files you need to run this:

gcloud compute ssl-certificates create test-ingress-1 \ --certificate [FIRST_CERT_FILE] --private-key [FIRST_KEY_FILE]

then you need to create your YAML file with the configuration (in the link there are two examples)

run this command:

kubectl apply -f [NAME_OF_YOUR_FILE].yaml

[1] https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-multi-ssl

-- José Soní
Source: StackOverflow