-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Detailed setup how-to by @wbyoung #28
Comments
Another guide by kribor@: https://github.com/kribor/gke-managed-certs-example originally posted at #10 (comment) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I managed to get this working today after reviewing this issue and various other issues on this repository. Here's what I had to do:
A few variables that you'll need to customize that will be used throughout:
Download the CRD and controller manifests and define a few patches to use with the controller via Kustomize (note that the config files are all ending up in a sub-directory called
gke
and that we leave that at the end of these commands).The above patch,
managed-certificate-controller-secrets.yml
, sets up so a volume will be mounted to access the secret file, and an environment variable has been defined that points to the file (as was shown is possible by @bmhatfield here). If you don't really know much about Kustomize, you can just edit the controller manifest manually. Here's the full manifest w/ the patch applied if this is confusing to you.The next block of commands will take care of the following:
Create the container and get the
kubectl
context all set up as normal:Now start sending things off to your cluster via
kubectl
:cluster-admin
role to the executing user as explained here.kustomize
.Ingress
w/ the SSL annotations.Now wait for your load balancer to be created & assigned an external IP address. At that point, you can update your DNS records to point to that IP & wait for the SSL cert to become active.
If you want to tear this down so you don't get billed:
kubectl delete service hello-world # allows the load balancer to be deleted gcloud container clusters delete ssl-test
Note that this does not delete the service account/role/keys that were created. Feel free to do that if you wish.
Originally posted by @wbyoung in #9 (comment)
The text was updated successfully, but these errors were encountered: