Back to home

Automatic SSL Certificates

Automated SSL Certificate provisioning is a service of nine managed GKE that allows you to automate the lifecycle of Let’s Encrypt certificates for ingress.

Details

For customers who need to have https ingress our cert-manager service provides an open source solution for provisioning and managing TLS certificates in Kubernetes clusters.

Availability

cert-manager is available as standard with nine managed GKE.

Usage

To use cert-manager on your ingress object you simply need to add an annotation for the cluster issuer and a TLS block to indicate that a certificate should be created and stored in a secret:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    # add an annotation indicating the issuer to use.
    certmanager.k8s.io/cluster-issuer: <nameOfClusterIssuer>
  name: myIngress
  namespace: myIngress
spec:
  rules:
  - host: myingress.com
    http:
      paths:
      - backend:
          serviceName: myservice
          servicePort: 80
        path: /
  tls: # < placing a host in the TLS config will indicate a cert should be created
  - hosts:
    - myingress.com
    secretName: myingress-cert # < cert-manager will store the created certificate in this secret.

for the certmanager.k8s.io/cluster-issuer value you may choose between letsencrypt-prod and letsencrypt-staging. For information about the difference between these please see the letsencrypt documentation.

Didn't find what you were looking for?

Contact our support:

+41 44 637 40 40 support@nine.ch