Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What are the steps to implement HTTPS with Google Cloud Containers?

Tags:

https

ssl

google-cloud-platform

kubernetes

google-kubernetes-engine

Can’t find any resources that simply say here’s where your cert goes and here’s how to enable it. I have the cert there when I run gcloud compute ssl-certificates list. I have a cluster with kubernetes running and exposing http traffic via this service:

{
  "kind": "Service",
  "apiVersion": "v1",
  "metadata": {
    "name": "foo-frontend-service"
  },
  "spec": {
    "selector": {
      "app": "foo-frontend-rc"
    },
    "ports": [
      {
        "protocol": "TCP",
        "port": 80,
        "targetPort": 3009
      }
    ]
  }
}
  1. Need to know how to put the cert in the right place to be utilized
  2. Need to know how to reconfigure my service
  3. Need to know what my new SSL endpoint will be. Is it the same?
like image 613
Kirk Strobeck Avatar asked May 06 '16 16:05

Kirk Strobeck

People also ask

How do I add an SSL certificate to Google Cloud?

Go to the Certificates tab in the Google Cloud console. Click Create SSL certificate. Enter a name and an optional description for the certificate. Select Create Google-managed certificate.

1 Answers

K8s doesn't have special TLS support for the ordinary services. You need to use one of the following methods:

  1. using Ingress: see http://kubernetes.io/docs/user-guide/ingress/#tls. You need to choose a Ingress controller which implements the Ingress functionalities, you can use GLBC if you are on GCE, or you can use the nginx one. Both of them supports TLS. Please note that the Ingress is still beta feature with limitations.

  2. The service-loadbalancer in the contrib repo also supports tls: https://github.com/kubernetes/contrib/tree/master/service-loadbalancer#ssl-termination

like image 159
caesarxuchao Avatar answered Sep 24 '22 03:09

caesarxuchao
Sign in to Comment

Related questions

How to configure Python to ignore the hostname verification?
Curl is not sending client certificate
What are the steps to setup SSL to work with WCF on Azure?
Is basic auth with SSL secure enough?
NSStream SSL on used socket
How to do mutual certificate authentication with httplib2
How support multiple TrustStores in java SSL client application
2-way SSL with CherryPy
java keystore and password settings
self signed certificate in windows server
Adding a foreign server's self-signed certificate to the trusted certificates of my Tomcat
How to fix SSL - No available certificate
KeyStore error on java server: BKS not found
How to specify the key password using javax.net.ssl?
cURL as proxy, deal with HTTPS/CONNECT method
Node.js Multiple SSL Certificates
Is AWS, specifically the load balancer service affected by SSL "Heart Bleed" exploit? [closed]
How to use the SSL with multi entity on android
How come Apache HttpClient 4.4 rejects www.googleapis.com as a valid host name?
Websocket SSL connection

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!