為Kubernetes Cluster 加上 SSL（使用GCP)

安裝Helm

James Shieh

5 min readNov 10, 2019

JamesShieh0510/k8s-cluster-builder

You can't perform that action at this time. You signed in with another tab or window. You signed out in another tab or…

github.com

安裝Ingress與Let’s Encrypt

修改 install-ingress-with-lets-encrypt.sh(Line 2~7):改成你的email、cluster所在的region與你申請好的Domain Name：

# Email for Let's Encrypt
email=jamesshieh0510@gmail.com
# Region for Creating Static IP
region=asia-east1
# Domain Name for Cluster
hostname=jamesshieh.app

JamesShieh0510/k8s-cluster-builder

You can't perform that action at this time. You signed in with another tab or window. You signed out in another tab or…

github.com

此Script會建立一個付費的Static IP作為LoadBlancerIP，可以從GCP的管理面板中查到IP，本例為35.234.34.244：

同時建立一個Kubernetes Dashboard的Ingress，預設Endpoint為dashboard.<YOUR DOMAIN NAME>

測試

利用剛剛建立好的Kubernetes Dashboard Ingress來做測試，我們在Cluster上建立Kubernetes Dashboard：

. ./install-kubernetes-dashboard.sh

JamesShieh0510/k8s-cluster-builder

You can't perform that action at this time. You signed in with another tab or window. You signed out in another tab or…

github.com

接著在GCP的DNS管理面板中建立一個指向LoadBlancerIP的A紀錄，其值為dashboard.<YOUR DOMAIN NAME>，即可用https加密連線訪問kubernetes dashboard：

結論

要替kubernetes加上SSL，首先會需要安裝cert-manager，cert-manger負責管理證書並且可以自動化的更新證書，不過目前還沒釋出穩定版，因此還不適合應用在正式環境上。
Ingress需要一個Static IP當作EndPoint，並且與域名做綁定，才能進一步撰寫路由規則，將請求導向對應的service。
藉由Helm安裝Ingress Controller與cert-manager可以大幅簡化整個部署與安裝的流程。
Issuer負責管理證書，是Kubernetes用來做授權、證書驗證等工作的關鍵資源。

補充

利用GCP建立Kubernetes Cluster：https://medium.com/@jamesshieh0510/%E5%88%A9%E7%94%A8gcp%E5%BB%BA%E7%AB%8Bkubernetes-cluster-83c89ec10ee7
申請域名可參考：https://medium.com/@jamesshieh0510/%E5%85%8D%E8%B2%BB%E7%B6%B2%E5%9F%9F%E7%94%B3%E8%AB%8B-%E4%BD%BF%E7%94%A8nctu-me-e2d9a4350ca4
網域指向教學可參考：https://medium.com/@jamesshieh0510/godaddy%E7%B6%B2%E5%9F%9F%E6%8C%87%E5%90%91gcp%E8%99%9B%E6%93%AC%E6%A9%9F%E6%95%99%E5%AD%B8-32a8d01155f5
Ingress介紹：https://www.youtube.com/watch?v=VicH6KojwCI
cert-manager：https://docs.cert-manager.io/en/latest/index.html

為Kubernetes Cluster 加上 SSL（使用GCP)

安裝Helm

JamesShieh0510/k8s-cluster-builder

You can't perform that action at this time. You signed in with another tab or window. You signed out in another tab or…

安裝Ingress與Let’s Encrypt

JamesShieh0510/k8s-cluster-builder

You can't perform that action at this time. You signed in with another tab or window. You signed out in another tab or…

測試

JamesShieh0510/k8s-cluster-builder

You can't perform that action at this time. You signed in with another tab or window. You signed out in another tab or…

結論

補充

Written by James Shieh

No responses yet