0

I have purchased a domain name from google domains.

I setup a project with GCLOUD Kubernetes using Ingress.

Documentation for ingress Ingress Github says to enter key here:

apiVersion: v1
kind: Secret
metadata:
  name: testsecret
  namespace: default
type: Opaque
data:
  tls.crt: base64 encoded cert
  tls.key: base64 encoded key

I found doc for how to configure and get SSL cert for app engine. app engine custom domains.

I'm guessing that app engine SSL config has nothing to do with kubernetes ingress.

Would like to know how to get and maintain ssl cert for my ingress.

N Singh
  • 438
  • 3
  • 10
grabbag
  • 163
  • 2
  • 6

1 Answers1

1

Ingress can be secured with the secret having TLS private key and the certificate. Then can provide reference to the secret in the ingress. Refer to this documentation for more information.

Here is the example for the TLS Ingress rule to use SSL in NGINX along with information on storing SSL certificate in a secret.

Example:

Create secret:

kubectl create secret tls foo-secret --key /tmp/tls.key --cert /tmp/tls.crt

Reference secret in the ingress:

      spec:
      tls:
      - hosts:
      foo.bar.com
      secretName: foo-secret

You may also wants to check these links/documentation, which can help you.

Link 1 Link 2 Link 3

N Singh
  • 438
  • 3
  • 10
  • Thank you. What about the cert themselves. Google app appears to offer auto update of certs, like wise so does "lets encrypt". Any what to automate the cert refresh when using ingress ? – grabbag Mar 02 '18 at 01:13
  • There is a [feature request](https://issuetracker.google.com/70801227) in place for automated certificate management. You can "star" [this](https://issuetracker.google.com/70801227) feature request to show your interest in this feature. – N Singh Mar 02 '18 at 01:42
  • I cant find documentation on the timestamp "last_updated" in your "Link 3". Does anyone know what this does? – grabbag Mar 02 '18 at 12:04
  • @grabbag I could not find any documentation on "last_updated" label as well. However, as per the comment describing the label 'last_update' in ingress.yaml file, it is 'Timestamp used in order to force reload of the secret'. It should work just using the 'kubectl apply -f ingress_file.yaml' as well. – N Singh Mar 06 '18 at 15:11