Automatic SSL Certificates

Automated SSL Certificate provisioning is a service of nine Managed GKE that allows you to automate the lifecycle of Let's Encrypt certificates for ingress.

Details

For customers who need to have https ingress our cert-manager service provides an open source solution for provisioning and managing TLS certificates in Kubernetes clusters.

Availability

cert-manager is available as standard with nine Managed GKE.

Usage

To use cert-manager on your ingress object you simply need to add an annotation for the cluster issuer and a TLS block to indicate that a certificate should be created and stored in a secret:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    # add an annotation indicating the issuer to use.
    cert-manager.io/cluster-issuer: <nameOfClusterIssuer>
  name: myIngress
  namespace: myIngress
spec:
  # this is optional since the nginx class is the default
  ingressClassName: nginx
  rules:
    - host: myingress.com
      http:
        paths:
          - path: /
            backend:
              service:
                name: myservice
                port:
                  number: 80
  tls: # < placing a host in the TLS config will indicate a cert should be created
    - hosts:
        - myingress.com
      secretName: myingress-cert # < cert-manager will store the created certificate in this secret.

for the cert-manager.io/cluster-issuer value you may choose between letsencrypt-prod and letsencrypt-staging. For information about the difference between these please see the letsencrypt documentation.

Documentation and Links

• cert-manager Source
• cert-manager Documentation
• cert-manager Ingress Shim
• Let's Encrypt Documentation