Automated SSL Certificate provisioning is a service of nine managed GKE that allows you to automate the lifecycle of Let’s Encrypt certificates for ingress.
For customers who need to have https ingress our cert-manager service provides an open source solution for provisioning and managing TLS certificates in Kubernetes clusters.
cert-manager is available as standard with nine managed GKE.
To use cert-manager on your ingress object you simply need to add an annotation for the cluster issuer and a TLS block to indicate that a certificate should be created and stored in a secret:
apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: # add an annotation indicating the issuer to use. certmanager.k8s.io/cluster-issuer: <nameOfClusterIssuer> name: myIngress namespace: myIngress spec: rules: - host: myingress.com http: paths: - backend: serviceName: myservice servicePort: 80 path: / tls: # < placing a host in the TLS config will indicate a cert should be created - hosts: - myingress.com secretName: myingress-cert # < cert-manager will store the created certificate in this secret.
certmanager.k8s.io/cluster-issuer value you may choose between
letsencrypt-staging. For information about the difference between these please see the letsencrypt documentation.