GKE (Google Kubernetes Engine) does not offer an out-of-the-box HTTPS solution or TLS/SSL certificates for your websites today:
- Let’s Encrypt is a non-profit Certificate Authority that provides free TLS/SSL certificates that can be used to secure websites with HTTPS.
- cert-manager is a third-party Kubernetes controller that automates getting TLS/SSL certificates from Let’s Encrypt and refreshing them.
⚠️ ⚠️ cert-manager is pre-stable software and is not officially supported by Google. Use it at your own risk!⚠️ ⚠️
Requirements:
- A registered domain name
- A GKE cluster
- Estimated time: 30 minutes.
- Install Helm
- Install cert-manager
- Set up Let's Encrypt
- Deploy a web app on a domain name
- Get a certificate for your domain
- Start serving HTTPS with the certificate
- Cleanup
- Redirecting HTTP traffic to HTTPS (not possible with GKE Ingress yet)
- Securing traffic between Cloud Load Balancer and your app with TLS
If you're looking for a far simpler third-party solution and you're OK with HTTPS requests from your visitors terminated/proxied by a third-party, these services work with GKE apps:
- Cloudflare (has a free tier)
- Backplane
This is not an official Google product or documentation.