Skip to content

Latest commit

 

History

History
77 lines (55 loc) · 2.31 KB

60-start-serving-https.md

File metadata and controls

77 lines (55 loc) · 2.31 KB

Start serving HTTPS traffic

Now that you have a certificate, it’s time to use it!

You need to update your Ingress to add a tls section under the spec with the secretName that stores the TLS certificate and the domain name.

If you've used the sample ingress earlier, save the updated Ingress manifest to your computer, and name it ingress-tls.yaml.

curl -O https://raw.githubusercontent.com/ahmetb/gke-letsencrypt/master/yaml/sample-ingress-tls.yaml

Change the secretName and the hosts fields with the values you used earlier:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: helloweb
  annotations:
    kubernetes.io/ingress.global-static-ip-name: helloweb-ip
  labels:
    app: hello
spec:
  backend:
    serviceName: helloweb-backend
    servicePort: 8080
  tls:
  - secretName: www-dogs-com-tls
    hosts:
    - www.dogs.com

Then apply it to the cluster to modify the existing helloweb Ingress:

kubectl apply -f ingress-tls.yaml

Now, the TLS certificate is being added to your load balancer: this can take 5-10 minutes, too.

Now visit your domain name with https://. Again, wait until it works.

Once it works, it means you now have a website serving HTTPS with Let's Encrypt certificates!

cert-manager will continue to run in the background and renew your certificates every 60 days (or so), because all Let's Encrypt certificates expire every 90 days! So, don't uninstall cert-manager if you start using this certificate to serve traffic.

Did this work for you? If so, please take time to ✩Star the repository on GitHub.


Next: Cleanup →

Google Analytics