Automated SSL Certificate provisioning is a service of nine Managed GKE that allows you to automate the lifecycle of Let’s Encrypt certificates for ingress.

Details

For customers who need to have https ingress our cert-manager service provides an open source solution for provisioning and managing TLS certificates in Kubernetes clusters.

Availability

cert-manager is available as standard with nine Managed GKE.

Usage

To use cert-manager on your ingress object you simply need to add an annotation for the cluster issuer and a TLS block to indicate that a certificate should be created and stored in a secret:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    # add an annotation indicating the issuer to use.
    cert-manager.io/cluster-issuer: <nameOfClusterIssuer>
  name: myIngress
  namespace: myIngress
spec:
  # this is optional since the nginx class is the default
  ingressClassName: nginx
  rules:
  - host: myingress.com
    http:
      paths:
      - path: /
        backend:
          service:
            name: myservice
            port:
              number: 80
  tls: # < placing a host in the TLS config will indicate a cert should be created
  - hosts:
    - myingress.com
    secretName: myingress-cert # < cert-manager will store the created certificate in this secret.

for the cert-manager.io/cluster-issuer value you may choose between letsencrypt-prod and letsencrypt-staging. For information about the difference between these please see the letsencrypt documentation.

Documentation and Links

• cert-manager Source
• cert-manager Documentation
• cert-manager Ingress Shim
• Let’s Encrypt Documentation