How to setup HTTPS load balancer in kubernetes

I have a requirement to make my application to support the request over https and block the http port.I want to use certificate provided my company so do i need the jks certs or some other type. Im not sure how to make it https in gke. I have seen couple of documentation but they are not clear.This is my current kubernetes deployment file.Please let me know how can i configure it.

apiVersion: v1

kind: Service

metadata:

  name: oms-integeration-service

spec:

  type: NodePort

  ports:

  - port: 80

    targetPort: 8081

    protocol: TCP

    name: http

  selector:

    app: integeration

---

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

  name: integeration

spec:

  replicas: 2

  template:

    metadata:

      labels:

        app: integeration

    spec:

      containers:

      - name: esp

        image: gcr.io/endpoints-release/endpoints-runtime:1

        args: [

          "--http_port=8081",

          "--backend=127.0.0.1:8080",

          "--service=oms.endpoints.gcp-dsw-oms-int-{{env}}.cloud.goog",

          "--rollout_strategy=managed",

        ]

      - name: integeration-container

        image: us.gcr.io/gcp-dsw-oms-int-{{env}}/gke/oms-integ-service:{{tag}}

        readinessProbe:

          httpGet:

            path: /healthcheck

            port: 8080

          initialDelaySeconds: 60

          periodSeconds: 10

        ports:

        - containerPort: 8080

        resources:

          requests:

            memory: 500M

        env:

        - name: LOGGING_FILE

          value: "integeration-container"

---

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

  name: integeration-ingress

  annotations:

    kubernetes.io/ingress.global-static-ip-name: "oms-int-ip"

    kubernetes.io/ingress.class: "gce"

  rules:

  - host: "oms.endpoints.gcp-dsw-oms-int-{{env}}.cloud.goog"

    http:

      paths:

      - path: /*

        backend:

          serviceName: oms-integeration-service

          servicePort: 80

asked Nov 26 '18 at 17:08

Sid

345

add a comment |

apiVersion: v1

kind: Service

metadata:

  name: oms-integeration-service

spec:

  type: NodePort

  ports:

  - port: 80

    targetPort: 8081

    protocol: TCP

    name: http

  selector:

    app: integeration

---

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

  name: integeration

spec:

  replicas: 2

  template:

    metadata:

      labels:

        app: integeration

    spec:

      containers:

      - name: esp

        image: gcr.io/endpoints-release/endpoints-runtime:1

        args: [

          "--http_port=8081",

          "--backend=127.0.0.1:8080",

          "--service=oms.endpoints.gcp-dsw-oms-int-{{env}}.cloud.goog",

          "--rollout_strategy=managed",

        ]

      - name: integeration-container

        image: us.gcr.io/gcp-dsw-oms-int-{{env}}/gke/oms-integ-service:{{tag}}

        readinessProbe:

          httpGet:

            path: /healthcheck

            port: 8080

          initialDelaySeconds: 60

          periodSeconds: 10

        ports:

        - containerPort: 8080

        resources:

          requests:

            memory: 500M

        env:

        - name: LOGGING_FILE

          value: "integeration-container"

---

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

  name: integeration-ingress

  annotations:

    kubernetes.io/ingress.global-static-ip-name: "oms-int-ip"

    kubernetes.io/ingress.class: "gce"

  rules:

  - host: "oms.endpoints.gcp-dsw-oms-int-{{env}}.cloud.goog"

    http:

      paths:

      - path: /*

        backend:

          serviceName: oms-integeration-service

          servicePort: 80

asked Nov 26 '18 at 17:08

Sid

345

add a comment |

apiVersion: v1

kind: Service

metadata:

  name: oms-integeration-service

spec:

  type: NodePort

  ports:

  - port: 80

    targetPort: 8081

    protocol: TCP

    name: http

  selector:

    app: integeration

---

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

  name: integeration

spec:

  replicas: 2

  template:

    metadata:

      labels:

        app: integeration

    spec:

      containers:

      - name: esp

        image: gcr.io/endpoints-release/endpoints-runtime:1

        args: [

          "--http_port=8081",

          "--backend=127.0.0.1:8080",

          "--service=oms.endpoints.gcp-dsw-oms-int-{{env}}.cloud.goog",

          "--rollout_strategy=managed",

        ]

      - name: integeration-container

        image: us.gcr.io/gcp-dsw-oms-int-{{env}}/gke/oms-integ-service:{{tag}}

        readinessProbe:

          httpGet:

            path: /healthcheck

            port: 8080

          initialDelaySeconds: 60

          periodSeconds: 10

        ports:

        - containerPort: 8080

        resources:

          requests:

            memory: 500M

        env:

        - name: LOGGING_FILE

          value: "integeration-container"

---

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

  name: integeration-ingress

  annotations:

    kubernetes.io/ingress.global-static-ip-name: "oms-int-ip"

    kubernetes.io/ingress.class: "gce"

  rules:

  - host: "oms.endpoints.gcp-dsw-oms-int-{{env}}.cloud.goog"

    http:

      paths:

      - path: /*

        backend:

          serviceName: oms-integeration-service

          servicePort: 80

asked Nov 26 '18 at 17:08

Sid

345

apiVersion: v1

kind: Service

metadata:

  name: oms-integeration-service

spec:

  type: NodePort

  ports:

  - port: 80

    targetPort: 8081

    protocol: TCP

    name: http

  selector:

    app: integeration

---

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

  name: integeration

spec:

  replicas: 2

  template:

    metadata:

      labels:

        app: integeration

    spec:

      containers:

      - name: esp

        image: gcr.io/endpoints-release/endpoints-runtime:1

        args: [

          "--http_port=8081",

          "--backend=127.0.0.1:8080",

          "--service=oms.endpoints.gcp-dsw-oms-int-{{env}}.cloud.goog",

          "--rollout_strategy=managed",

        ]

      - name: integeration-container

        image: us.gcr.io/gcp-dsw-oms-int-{{env}}/gke/oms-integ-service:{{tag}}

        readinessProbe:

          httpGet:

            path: /healthcheck

            port: 8080

          initialDelaySeconds: 60

          periodSeconds: 10

        ports:

        - containerPort: 8080

        resources:

          requests:

            memory: 500M

        env:

        - name: LOGGING_FILE

          value: "integeration-container"

---

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

  name: integeration-ingress

  annotations:

    kubernetes.io/ingress.global-static-ip-name: "oms-int-ip"

    kubernetes.io/ingress.class: "gce"

  rules:

  - host: "oms.endpoints.gcp-dsw-oms-int-{{env}}.cloud.goog"

    http:

      paths:

      - path: /*

        backend:

          serviceName: oms-integeration-service

          servicePort: 80

kubernetes ssl-certificate google-kubernetes-engine kubernetes-helm kubernetes-ingress

asked Nov 26 '18 at 17:08

Sid

345

asked Nov 26 '18 at 17:08

Sid

345

asked Nov 26 '18 at 17:08

Sid

345

asked Nov 26 '18 at 17:08

Sid

345

asked Nov 26 '18 at 17:08

Sid

345

add a comment |

1 Answer
1

active

oldest

votes

You have to create a secret that contains your SSL certificate and then reference that secret in your ingress spec as explained here

answered Nov 26 '18 at 17:28

Patrick W

8571210

Thank you very much it worked.

– Sid
Dec 2 '18 at 19:54

add a comment |

Your Answer

StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53485937%2fhow-to-setup-https-load-balancer-in-kubernetes%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

You have to create a secret that contains your SSL certificate and then reference that secret in your ingress spec as explained here

answered Nov 26 '18 at 17:28

Patrick W

8571210

Thank you very much it worked.

– Sid
Dec 2 '18 at 19:54

add a comment |

You have to create a secret that contains your SSL certificate and then reference that secret in your ingress spec as explained here

answered Nov 26 '18 at 17:28

Patrick W

8571210

Thank you very much it worked.

– Sid
Dec 2 '18 at 19:54

add a comment |

You have to create a secret that contains your SSL certificate and then reference that secret in your ingress spec as explained here

answered Nov 26 '18 at 17:28

Patrick W

8571210

You have to create a secret that contains your SSL certificate and then reference that secret in your ingress spec as explained here

answered Nov 26 '18 at 17:28

Patrick W

8571210

answered Nov 26 '18 at 17:28

Patrick W

8571210

answered Nov 26 '18 at 17:28

Patrick W

8571210

answered Nov 26 '18 at 17:28

Patrick W

8571210

Thank you very much it worked.

– Sid
Dec 2 '18 at 19:54

add a comment |

Thank you very much it worked.

– Sid
Dec 2 '18 at 19:54

Thank you very much it worked.

– Sid
Dec 2 '18 at 19:54

add a comment |

draft saved

draft discarded

Thanks for contributing an answer to Stack Overflow!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Btukfyl