Super easy new way to add HTTPS to Kubernetes apps with ManagedCertificates on GKE
Vložit
- čas přidán 4. 07. 2019
- Google has just made it even easier to secure your applications deployed on Kubernetes with HTTPS through browser trusteded certificates. At least if you are using GKE - Google’s managed Kubernetes cluster. While I previously showed a cool way of how to do something similar with cert-manager, Google has just made the process even simpler. In this video you’ll learn how to automatically provision an HTTPS certificate that will be used by your existing ingress resource without the need to manually manage secrets or configure TLS on the ingress resource.
- Věda a technologie
Mate you need to continue making videos, your explanations are the best there's nothing else like them out there.
Very soothing voice & helpful instruction that works!
Awesome explanations! Thanks for all the help :)
Hi. Great series! Have you thought about adding a video on mTLS for this system, i.e. nginx checking the identity of the client as well?
Hello! Very nice explanation thanks. I was wondering what ZSH functionality gives you the history browsing you get at 6:27 it's very cool. Thanks.
Very helpful and interesting playlist! Nicely done!
I would appreciate a video how you configured your zsh, and how you perform some of the keyboard shortcuts you use in your videos :)
Thanks! Such a video will follow soon-ish :)
Cool :) any alternative like this for EKS / ACM ? (Amazon). A video regarding mTLS would be nice also, what would you use as a private CA? Did you ever tried "autocert"? It seems that uses certmanager.
Hi, Great video. I have a question: at what point is verified that you are the owner of the domain?
Thank you in advance
Hi Etienne, I really like this series of yours , about certs on k8s, can you explain what settings you setup at Network Services->Load Balancing and Network Services->Cloud DNS, to make this type of certification work?
Hi and thanks. Zero custom config, default config in the project, default config for the cluster :) The only thing I did is create the resources seen in the video.
Hi, great video! I created a static external IP in order to follow the steps from Google's tutorial, but I can't link my existing Kubernetes service with this particular IP address. Do you know how can I do it?
Thanks you a lot
gr8 content, question : can i have multiple ingress using the same certificate ? tks
very Cool :) Nice Video, If GKE Cluster in autopilot mode is it possible to set up Nginx ingress ?
hi, so google gives you certicates for free? i d be really a goal if you show how you setup the deployment environment the ci/cd
Managed Certificates show up as signed by Google Trust now. It's a shame we can't do wildcard ones. It's easy to run out of sub-domains with micro services and tenancy. I've also had them take 30 minutes to activate... They only guarantee under 60 minutes.
In this example http wont redirect to https. Why?
🚀🚀🚀🚀👏👏👏
hi. i encountered a problem. the static ip address in GCP is not being assigned. anyone help?
Hi, Can you please share this yaml? thanks
👏👏👏👏👏👏👏
When I tried kubectl get ManagedCertificate, it returns no resource found. Any idea why this is so?
Hi, are you running on GKE? Is this the response you're seeing initially or after replicating parts of the video? If so, at what point do you see the message?
My ingress' address is empty. Idk why
I keep getting FAILED_NOT_VISIBLE for the certificate, not sure why
FAILED_NOT_VISIBLE would indicate that the ownership challenge is failing, because the CA can't find the automatically uploaded challenge document. Are you sure DNS is set up correctly? Can you reach the domain you're trying to get a certificate for manually?
@@kubucation thank you for the reply. It was indeed the DNS issue.
the certificate works perfectly fine, but i have another issue now. I use cloudfront to point to ingress domain and cloudfront has a different domain which then is also https
a.b.com (cloudfront) pointing to a-zone1.internal.com (https ingress). Is there a way to force https on ingress level. I tried a few annotation like 'force-ssl-redirect' but does not seems to work. Please if you can help
Hi bro,
Can i call you and have a remote session, i have a some issue and you might help me out with it....
I don't have capacity for individual remote sessions at the moment. Sorry to disappoint you. Even so, I'd have to charge the same I charge for regular clients, otherwise it wouldn't be fair to them. Feel free to post your question here, then both I and the community can take a look and potentially help you - and it won't cost you anything.