How Do I Configure a Kubernetes Networking.gke.io Managedcertificate on GKE?
Introduction
This guide provides a step-by-step approach to configuring a Kubernetes networking.gke.io/ManagedCertificate on Google Kubernetes Engine (GKE) using Pulumi. Managed certificates offer a streamlined way to handle SSL/TLS certificates for your Kubernetes applications, with Google Cloud managing the certificates and ensuring they are automatically renewed before expiration. By the end of this guide, you will learn how to set up a GKE cluster, deploy an application, and configure a managed certificate to secure your application with HTTPS.
Key Points
- Create a GKE cluster.
- Deploy a Kubernetes application.
- Configure a
ManagedCertificateresource. - Associate the managed certificate with an Ingress resource.
Pulumi Program
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as k8s from "@pulumi/kubernetes";
// Create a GKE cluster
const cluster = new gcp.container.Cluster("gke-cluster", {
initialNodeCount: 1,
minMasterVersion: "1.19",
nodeVersion: "1.19",
nodeConfig: {
machineType: "e2-medium",
},
});
// Export the kubeconfig required to connect to the cluster
export const kubeconfig = pulumi.interpolate`
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: ${cluster.masterAuth.clusterCaCertificate}
server: https://${cluster.endpoint}
name: gke-cluster
contexts:
- context:
cluster: gke-cluster
user: gke-cluster
name: gke-cluster
current-context: gke-cluster
kind: Config
preferences: {}
users:
- name: gke-cluster
user:
auth-provider:
config:
cmd-args: config config-helper --format=json
cmd-path: gcloud
expiry-key: '{.credential.token_expiry}'
token-key: '{.credential.access_token}'
name: gcp
`;
// Create a Kubernetes provider instance using the kubeconfig
const k8sProvider = new k8s.Provider("k8s-provider", {
kubeconfig: kubeconfig,
});
// Deploy a simple NGINX application
const appLabels = { app: "nginx" };
const deployment = new k8s.apps.v1.Deployment("nginx-deployment", {
spec: {
selector: { matchLabels: appLabels },
replicas: 1,
template: {
metadata: { labels: appLabels },
spec: {
containers: [{
name: "nginx",
image: "nginx",
ports: [{ containerPort: 80 }],
}],
},
},
},
}, { provider: k8sProvider });
// Create a Kubernetes service for the NGINX deployment
const service = new k8s.core.v1.Service("nginx-service", {
spec: {
type: "LoadBalancer",
selector: appLabels,
ports: [{ port: 80, targetPort: 80 }],
},
}, { provider: k8sProvider });
// Create a ManagedCertificate resource
const managedCertificate = new k8s.apiextensions.CustomResource("managed-cert", {
apiVersion: "networking.gke.io/v1",
kind: "ManagedCertificate",
metadata: {
name: "managed-cert",
},
spec: {
domains: ["example.com"], // Replace with your domain
},
}, { provider: k8sProvider });
// Create an Ingress resource to use the managed certificate
const ingress = new k8s.networking.v1.Ingress("nginx-ingress", {
metadata: {
annotations: {
"networking.gke.io/managed-certificates": "managed-cert",
},
},
spec: {
rules: [{
host: "example.com", // Replace with your domain
http: {
paths: [{
path: "/",
pathType: "Prefix",
backend: {
service: {
name: service.metadata.name,
port: { number: 80 },
},
},
}],
},
}],
},
}, { provider: k8sProvider });
Summary
In this guide, we successfully set up a GKE cluster and deployed an NGINX application. We configured a ManagedCertificate resource for the domain example.com and linked it to an Ingress resource. This configuration allows Google Cloud to manage SSL/TLS certificates, enabling your application to be served over HTTPS seamlessly. The managed certificate ensures your application’s security and reliability without manual certificate management.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.