Back to home

Automatic SSL Certificates

Automated SSL Certificate provisioning is a service of nine Managed GKE that allows you to automate the lifecycle of Let’s Encrypt certificates for ingress.


For customers who need to have https ingress our cert-manager service provides an open source solution for provisioning and managing TLS certificates in Kubernetes clusters.


cert-manager is available as standard with nine Managed GKE.


To use cert-manager on your ingress object you simply need to add an annotation for the cluster issuer and a TLS block to indicate that a certificate should be created and stored in a secret:

apiVersion: extensions/v1beta1
kind: Ingress
    # add an annotation indicating the issuer to use. <nameOfClusterIssuer>
  name: myIngress
  namespace: myIngress
  - host:
      - backend:
          serviceName: myservice
          servicePort: 80
        path: /
  tls: # < placing a host in the TLS config will indicate a cert should be created
  - hosts:
    secretName: myingress-cert # < cert-manager will store the created certificate in this secret.

for the value you may choose between letsencrypt-prod and letsencrypt-staging. For information about the difference between these please see the letsencrypt documentation.

Cert-Manager Migration

We have recently migrated to the latest cert-manager version. The new version responds to a new annotation key to validate your certificates:

old key:
new key:

To check for Ingress resources with the old annotation key you can use this kubectl command:

kubectl get namespace -l nine-namespace-type=customer --no-headers -o custom-columns="" |\
  xargs -L 1 kubectl get ingress -o go-template='{{range .items}}{{if .metadata.annotations}}{{if not (index .metadata.annotations "")}}{{if(index .metadata.annotations "")}}{{printf "%s/%s\n" .metadata.namespace}}{{end}}{{end}}{{end}}{{end}}' -n

Didn't find what you were looking for?

Contact our support:

+41 44 637 40 40 Support Portal