How to get ssl on a kubernetes application?

前端 未结 2 1639
悲哀的现实
悲哀的现实 2021-02-13 13:36

I have a simple meteor app deployed on kubernetes. I associated an external IP address with the server, so that it\'s accessible from within the cluster. Now, I am up to exposin

2条回答
  •  鱼传尺愫
    2021-02-13 14:04

    In my opinion kube-lego is the best solution for GKE. See why:

    • Uses Let's Encrypt as a CA
    • Fully automated enrollment and renewals
    • Minimal configuration in a single ConfigMap object
    • Works with nginx-ingress-controller (see example)
    • Works with GKE's HTTP Load Balancer (see example)
    • Multiple domains fully supported, including virtual hosting multiple https sites on one IP (with nginx-ingress-controller's SNI support)

    Example configuration (that's it!):

    kind: ConfigMap
    apiVersion: v1
    metadata:
      name: kube-lego
      namespace: kube-lego
    data:
      lego.email: "your@email"
      lego.url: "https://acme-v01.api.letsencrypt.org/directory"
    

    Example Ingress (you can create more of these):

    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
      name: site1
      annotations:
        # remove next line if not using nginx-ingress-controller
        kubernetes.io/ingress.class: "nginx"
        # next line enable kube-lego for this Ingress
        kubernetes.io/tls-acme: "true"
    spec:
      tls:
      - hosts:
        - site1.com
        - www.site1.com
        - site2.com
        - www.site2.com
        secretName: site12-tls
      rules:
        ...
    

提交回复
热议问题