Automatic Cert Rotation for Gke

December 29, 2021 · 1 min · 81 words · Me | Suggest Changes

Why?

My config setup is the following, a free-ish version of GKE autopilot, and a load balancer is my ingress. I want the load balancer to terminate TLS.

How

Doing some web surfing I found this blog post and it’s literally

git clone https://github.com/GoogleCloudPlatform/gke-managed-certs
cd gke-managed-certs
kubectl apply -f managedcertificates-crd.yaml
kubectl apply -f managed-certificates-controller.yaml

then

kubectl annotate ingress [your-ingress-name] 
networking.gke.io/managed-certificates=mydomain-certificate

UPDATE GKE autopilot changes

As of May 2021 GKE removed 3rd party admission webhooks, now you will need to use https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs