menu
arrow_back

Deploy a Web App on GKE with HTTPS Redirect using Lets Encrypt

Deploy a Web App on GKE with HTTPS Redirect using Lets Encrypt

1 个小时 7 个积分

GSP269

Google Cloud Self-Paced Labs

Introduction

GKE does not provide a managed HTTPS offering, so it can be a bit daunting trying to take on the task of obtaining a valid TLS certificate without prior experience. You will need to find a Certificate Authority (CA) to provide a browser-trusted certificate and you need a way to manage those certificates.

With Let's Encrypt, you have access to a free, automated, and open certificate authority (CA), run for the public's benefit. Let's Encrypt provides a browser-trusted certificate for your web services. In combination with cert-manager, a Kubernetes add-on, the management and issuance of TLS certificates from Let's Encrypt will be completely automated.

Since GKE also lacks built-in HTTP to HTTPs redirect for Google Cloud Load Balancers (GCLB), an NGINX ingress will be deployed to handle HTTP to HTTPs redirect.

What you will build

In this lab, you're going to deploy a containerized web app in a GKE cluster with HTTPS using a browser-trusted TLS certificate and NGINX to route all HTTP traffic to HTTPS. Google Cloud Endpoints is used for its ability to dynamically provision DNS entries under cloud.goog DNS domain.

What you'll learn

In this lab you'll learn how to do the following:

  • Deploy a containerized web app

  • Set up an NGINX ingress for HTTP to HTTPS redirect

  • Install a cert-manager into a cluster to automate getting TLS/SSL certificates

  • Deploy/modify an ingress with TLS enabled

What you'll need

  • A recent version of Chrome is recommended
  • Basic knowledge of Linux CLI and gcloud

This lab is focused on GKE deployment and management. Non-relevant concepts and code blocks are glossed over and are provided for you to simply copy and paste.

加入 Qwiklabs 即可阅读本实验的剩余内容…以及更多精彩内容!

  • 获取对“Google Cloud Console”的临时访问权限。
  • 200 多项实验,从入门级实验到高级实验,应有尽有。
  • 内容短小精悍,便于您按照自己的节奏进行学习。
加入以开始此实验