Deploying a service with HTTPS and DNS inside Google Cloud
How to use GCE to deploy an HTTPS service ?
This post is the second post of a series called Continuous Integration on Google Cloud.
This post assumes that you have already have done the first step, meaning, you have a pod and a service declared inside your Kubernetes configuration. If that is not the case, please do the first step first
Create an SSL Starter certificate
Download Certificate, Intermediate Certificate and Private Key
Create SSL Secret
You must create a secret in order to use our SSL Certificate.
Google Cloud Platform vous permet de développer, de déployer et de modifier des applications, des sites Web et des…console.cloud.google.com
- Go to Network services -> LoadBalancer -> Select the Ingress loadbalancer -> Edit -> Frontend Configuration.
- Add an HTTPS frontend ip and port.
- Select HTTPS and create the certificate using the downloaded files.
- Insert Concat Intermediate cert and public key inside a file.
cat web_ssl_certificate_INTERMEDIATE.cer >> web_ssl_certificate.cer
kubectl delete secret web-secret
kubectl create secret tls web-secret --key web_private_key.key --cert web_ssl_certificate.cer
Create a Static IP address
We need to link our service to a static reserved IP address in order to be able to use the DNS name.
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: helloweb annotations: kubernetes.io/ingress.global-static…cloud.google.com
Creating a VM Instance from an Instance Templatecloud.google.com
Or, generate it using the command line:
gcloud compute addresses createweb-ip
According to the documentation, the recommended way to expose our service using ssl is to add an INGRES gce in front of our service.
Ok, but what is Ingress?
Typically, services and pods have IPs that are only routable by the cluster network. All traffic that ends up at an edge router is either dropped or forwarded elsewhere. Conceptually, it might look like:
[ Services ]
An Ingress is a collection of rules that allows inbound connections to reach the cluster services.
[ Ingress ]
[ Services ]
It can be configured to give services externally-reachable URLs, load balance traffic, terminate SSL, offer name based virtual hosting, and more. Users request ingress by POSTing the Ingress resource to the API server. An Ingress controller is responsible for fulfilling the Ingress, usually with a loadbalancer, though it may also configure your edge router or additional frontends to help handle the traffic in an HA manner.
Got it! But how do I declare an Ingress on Google Cloud Plateform?
The easiest way to declare Ingress on Google Cloud Plateform is to use a yaml deployment file:
- secretName: web-secret
- host: web.co
- path: /test-web/*
The important points are:
- The ingress annotations: You have a full documentation here.
- The tls spec that allows HTTPS.
- The rules that allow redirection on multiple services depending onthe URL path (We have only have one service here, but you can add new ones, for example:
- path: /test-web/*
- path: /test-web-2/*
And apply it:
kubectl apply -f ingress.yaml
You can now access to your awesome web app using https://<YOUR-DOMAIN>/test-web.