Google Cloud Platform

TLS Configuration in GKE the (really) simple way

Using GCP Managed Certificates for SSL Termination for GKE

John Clarke
3 min readMar 27, 2019

--

We all know that our websites and API’s should be served using TLS/HTTPS, right? The problem is, historically that’s meant the pain of OpenSSL, CSR’s, X.509 digital certificates, and a whole heap of operations overheads. Plus, of course, the cost of all those certificates your enterprise needed added up quickly. And then, the inevitable downtime when someone missed an expired certificate. If big players like Microsoft and LinkedIn can get it wrong, what chance do the regular guys have?

The good news is, assuming you’re working with GKE as your container orchestrator there’s now a really simple option to manage the certificates providing TLS for your ingresses. And better yet, you end up with high quality certificates for free! So there really is no reason not to go all in on TLS.

Note: this is the simplest option for GKE, but if you are using another K8s environment like Azure AKS, or a private K8s cluster, you can get similar features from the Cert-Manager project. It’s a little more work to set up, but well worth it!

Requirements

--

--

John Clarke
John Clarke

Written by John Clarke

Director of Software Development; Agile and GitOps evangelist. Currently building great software with my awesome team!

Responses (3)