Automated SSL Certificate provisioning is a service of nine Managed GKE that allows you to automate the lifecycle of Let’s Encrypt certificates for ingress.
For customers who need to have https ingress our cert-manager service provides an open source solution for provisioning and managing TLS certificates in Kubernetes clusters.
cert-manager is available as standard with nine Managed GKE.
To use cert-manager on your ingress object you simply need to add an annotation for the cluster issuer and a TLS block to indicate that a certificate should be created and stored in a secret:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: # add an annotation indicating the issuer to use. cert-manager.io/cluster-issuer: <nameOfClusterIssuer> name: myIngress namespace: myIngress spec: # this is optional since the nginx class is the default ingressClassName: nginx rules: - host: myingress.com http: paths: - path: / backend: service: name: myservice port: number: 80 tls: # < placing a host in the TLS config will indicate a cert should be created - hosts: - myingress.com secretName: myingress-cert # < cert-manager will store the created certificate in this secret.
cert-manager.io/cluster-issuer value you may choose between
letsencrypt-staging. For information about the difference between these please see the letsencrypt documentation.