pydevops · August 10, 2023 09:20 · May 16, 2023 · Nov 14, 2021 · Nov 14, 2021 · Nov 14, 2021
diff --git a/gke-ingress-manged-tls.md b/gke-ingress-manged-tls.md
@@ -1,3 +1,6 @@
+# GKE ingress in a nutshell
+* https://medium.com/google-cloud/ingress-in-google-kubernetes-products-f22ded21f4ed
+
 # Solution #1 (ManagedCertificate CRD in GKE)
 * [GKE with Google-managed SSL certificates](https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs)
   * Use ManagedCertificate CRD to create a object. 

diff --git a/gke-ingress-manged-tls.md b/gke-ingress-manged-tls.md
@@ -41,6 +41,14 @@ spec:
 
 `ingress.gcp.kubernetes.io/pre-shared-cert` is used by `ingress-gce`
 
+# Solution # 3 (k8s secrets)
+
+* https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-multi-ssl#specifying_certificates_for_your_ingress
+
+```bash
+kubectl create secret tls ci-example \
+    --cert ci-example.pem --key ci-example-key.pem
+```
 
 # SNI with multiple certficates
 * https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-multi-ssl#google-managed-certs_1
diff --git a/gke-ingress-manged-tls.md b/gke-ingress-manged-tls.md
@@ -40,3 +40,7 @@ spec:
 ```
 
 `ingress.gcp.kubernetes.io/pre-shared-cert` is used by `ingress-gce`
+
+
+# SNI with multiple certficates
+* https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-multi-ssl#google-managed-certs_1
diff --git a/gke-ingress-manged-tls.md b/gke-ingress-manged-tls.md
@@ -1,9 +1,9 @@
-# Solution #1 (Use ManagedCertificate CRD)
+# Solution #1 (ManagedCertificate CRD in GKE)
 * [GKE with Google-managed SSL certificates](https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs)
   * Use ManagedCertificate CRD to create a object. 
   * Associate the ManagedCertificate object to an Ingress by adding an annotation networking.gke.io/managed-certificates to the Ingress. This annotation is a comma-separated list of ManagedCertificate resources, cert1,cert2,cert3 for example.
 
-# Solution #2 (Import a tls cert)
+# Solution #2 (Google Cloud SSL Certificate)
 ## Assumption
 Assumes you are using the default L7 GLBC ingress controller. default for GKE cluster.
 * [ingress-gce](https://github.com/kubernetes/ingress-gce)
@@ -22,7 +22,7 @@ gcloud compute ssl-certificates describe ci-example
 ```
 Please note with a correct configuration the total time for provisioning certificates is likely to take from 30 to 60 minutes.
 
-## configure the GKE ingress
+## configure the GKE ingress with a preshared cert
 * https://cloud.google.com/kubernetes-engine/docs/how-to/load-balance-ingress#summary_of_external_ingress_annotations
 
 ```

diff --git a/gke-ingress-manged-tls.md b/gke-ingress-manged-tls.md
@@ -5,7 +5,7 @@
 
 # Solution #2 (Import a tls cert)
 ## Assumption
-Assumes you are using the default L7 GCLB ingress controller. default for GKE cluster.
+Assumes you are using the default L7 GLBC ingress controller. default for GKE cluster.
 * [ingress-gce](https://github.com/kubernetes/ingress-gce)
 
 ## create a certficate 

diff --git a/gcp-tls.md → gke-ingress-manged-tls.md b/gcp-tls.md → gke-ingress-manged-tls.md
diff --git a/gcp-tls.md b/gcp-tls.md
@@ -1,9 +1,9 @@
-# Solution #1
+# Solution #1 (Use ManagedCertificate CRD)
 * [GKE with Google-managed SSL certificates](https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs)
   * Use ManagedCertificate CRD to create a object. 
   * Associate the ManagedCertificate object to an Ingress by adding an annotation networking.gke.io/managed-certificates to the Ingress. This annotation is a comma-separated list of ManagedCertificate resources, cert1,cert2,cert3 for example.
 
-# Solution #2
+# Solution #2 (Import a tls cert)
 ## Assumption
 Assumes you are using the default L7 GCLB ingress controller. default for GKE cluster.
 * [ingress-gce](https://github.com/kubernetes/ingress-gce)

diff --git a/gcp-tls.md b/gcp-tls.md
@@ -1,30 +1,32 @@
 # Solution #1
 * [GKE with Google-managed SSL certificates](https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs)
-  * Create a ManagedCertificate object.
+  * Use ManagedCertificate CRD to create a object. 
   * Associate the ManagedCertificate object to an Ingress by adding an annotation networking.gke.io/managed-certificates to the Ingress. This annotation is a comma-separated list of ManagedCertificate resources, cert1,cert2,cert3 for example.
 
 # Solution #2
 ## Assumption
-Assumes you are using the default L7 GLBC ingress controller. default for GKE cluster.
+Assumes you are using the default L7 GCLB ingress controller. default for GKE cluster.
 * [ingress-gce](https://github.com/kubernetes/ingress-gce)
 
 ## create a certficate 
 ```
-gcloud beta compute ssl-certificates create ci-example --domains ci.example.com
+gcloud compute ssl-certificates create ci-example --domains ci.example.com
 ```
 ## list a certifcate
 ```
-gcloud beta compute ssl-certificates list
+gcloud compute ssl-certificates list
 ```
 ## checking certificate provisoning status
 ```
-gcloud beta compute ssl-certificates describe ci-example
+gcloud compute ssl-certificates describe ci-example
 ```
 Please note with a correct configuration the total time for provisioning certificates is likely to take from 30 to 60 minutes.
 
 ## configure the GKE ingress
+* https://cloud.google.com/kubernetes-engine/docs/how-to/load-balance-ingress#summary_of_external_ingress_annotations
+
 ```
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: ci

diff --git a/gcp_tls.md → gcp-tls.md b/gcp_tls.md → gcp-tls.md
diff --git a/gcp_tls.md b/gcp_tls.md
@@ -1,9 +1,12 @@
-## References
+# Solution #1
 * [GKE with Google-managed SSL certificates](https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs)
-* [ingress-gce](https://github.com/kubernetes/ingress-gce)
+  * Create a ManagedCertificate object.
+  * Associate the ManagedCertificate object to an Ingress by adding an annotation networking.gke.io/managed-certificates to the Ingress. This annotation is a comma-separated list of ManagedCertificate resources, cert1,cert2,cert3 for example.
 
+# Solution #2
 ## Assumption
 Assumes you are using the default L7 GLBC ingress controller. default for GKE cluster.
+* [ingress-gce](https://github.com/kubernetes/ingress-gce)
 
 ## create a certficate 
 ```

diff --git a/gcp_tls.md b/gcp_tls.md
@@ -1,5 +1,5 @@
 ## References
-* [GKE with Google-managed SSL certificates]https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
+* [GKE with Google-managed SSL certificates](https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs)
 * [ingress-gce](https://github.com/kubernetes/ingress-gce)
 
 ## Assumption

diff --git a/gcp_tls.md b/gcp_tls.md
@@ -1,5 +1,5 @@
 ## References
-* [Creating and Using SSL Certificates](https://cloud.google.com/load-balancing/docs/ssl-certificates)
+* [GKE with Google-managed SSL certificates]https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
 * [ingress-gce](https://github.com/kubernetes/ingress-gce)
 
 ## Assumption

diff --git a/gcp_tls.md b/gcp_tls.md
@@ -19,7 +19,7 @@ gcloud beta compute ssl-certificates describe ci-example
 ```
 Please note with a correct configuration the total time for provisioning certificates is likely to take from 30 to 60 minutes.
 
-## modify the ingress
+## configure the GKE ingress
 ```
 apiVersion: extensions/v1beta1
 kind: Ingress

diff --git a/gcp_tls.md b/gcp_tls.md
@@ -0,0 +1,37 @@
+## References
+* [Creating and Using SSL Certificates](https://cloud.google.com/load-balancing/docs/ssl-certificates)
+* [ingress-gce](https://github.com/kubernetes/ingress-gce)
+
+## Assumption
+Assumes you are using the default L7 GLBC ingress controller. default for GKE cluster.
+
+## create a certficate 
+```
+gcloud beta compute ssl-certificates create ci-example --domains ci.example.com
+```
+## list a certifcate
+```
+gcloud beta compute ssl-certificates list
+```
+## checking certificate provisoning status
+```
+gcloud beta compute ssl-certificates describe ci-example
+```
+Please note with a correct configuration the total time for provisioning certificates is likely to take from 30 to 60 minutes.
+
+## modify the ingress
+```
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: ci
+  namespace: ci
+  annotations:
+    ingress.gcp.kubernetes.io/pre-shared-cert: 'ci-example'
+spec:
+  backend:
+    serviceName: jenkins-ui
+    servicePort: 8080
+```
+
+`ingress.gcp.kubernetes.io/pre-shared-cert` is used by `ingress-gce`
No results found