/gke-letsencrypt

Tutorial for installing cert-manager on GKE get HTTPS certificates from Let’s Encrypt

Apache License 2.0Apache-2.0

GKE loves Let’s Encrypt!

Let’s Encrypt on GKE

GKE (Google Kubernetes Engine) does not offer an out-of-the-box HTTPS solution or TLS/SSL certificates for your websites today:

  • Let’s Encrypt is a non-profit Certificate Authority that provides free TLS/SSL certificates that can be used to secure websites with HTTPS.
  • cert-manager is a third-party Kubernetes controller that automates getting TLS/SSL certificates from Let’s Encrypt and refreshing them.

⚠️⚠️ cert-manager is pre-stable software and is not officially supported by Google. Use it at your own risk! ⚠️⚠️

Requirements:

  • A registered domain name
  • A GKE cluster
  • Estimated time: 30 minutes.

Steps

  1. Install Helm
  2. Install cert-manager
  3. Set up Let's Encrypt
  4. Deploy a web app on a domain name
  5. Get a certificate for your domain
  6. Start serving HTTPS with the certificate
  7. Cleanup

What's not covered in this tutorial

  • Redirecting HTTP traffic to HTTPS (not possible with GKE Ingress yet)
  • Securing traffic between Cloud Load Balancer and your app with TLS

Alternative HTTPS proxies

If you're looking for a far simpler third-party solution and you're OK with HTTPS requests from your visitors terminated/proxied by a third-party, these services work with GKE apps:


This is not an official Google product or documentation.

Google Analytics