What are the steps to implement HTTPS with Google Cloud Containers?

Question

Can’t find any resources that simply say here’s where your cert goes and here’s how to enable it. I have the cert there when I run gcloud compute ssl-certificates list. I have a cluster with kubernetes running and exposing http traffic via this service:

{
  "kind": "Service",
  "apiVersion": "v1",
  "metadata": {
    "name": "foo-frontend-service"
  },
  "spec": {
    "selector": {
      "app": "foo-frontend-rc"
    },
    "ports": [
      {
        "protocol": "TCP",
        "port": 80,
        "targetPort": 3009
      }
    ]
  }
}

1. Need to know how to put the cert in the right place to be utilized
2. Need to know how to reconfigure my service
3. Need to know what my new SSL endpoint will be. Is it the same?

Answer 1

K8s doesn't have special TLS support for the ordinary services. You need to use one of the following methods:

1. using Ingress: see http://kubernetes.io/docs/user-guide/ingress/#tls. You need to choose a Ingress controller which implements the Ingress functionalities, you can use GLBC if you are on GCE, or you can use the nginx one. Both of them supports TLS. Please note that the Ingress is still beta feature with limitations.

2. The service-loadbalancer in the contrib repo also supports tls: https://github.com/kubernetes/contrib/tree/master/service-loadbalancer#ssl-termination