I've been trying to test out Kubernetes on Google Cloud, but would need HTTPS/TLS (only) exposed on the deployed application. To start, I just followed this tutorial, which worked fine for plain HTTP over port 80: https://cloud.google.com/kubernetes-engine/docs/quickstart
To get TLS support working with Let's Encrypt, I've tried (without success):
- Ended up with "CIPHER MISMATCH" errors when serving via the Golang
application itself (then just doing a generic TCP load balancer for the node cluster) …
https://godoc.org/golang.org/x/crypto/acme/autocert - This method didn't work either: https://github.com/ahmetb/gke-letsencrypt 🤔
… Does anyone have any suggestions on how to serve just HTTPS for the original tutorial? No need for plain HTTP unless it's a freebie, but I'm really scratching my head on this one since I haven't worked with Kubernetes before and I haven't been able to get Let's Encrypt working at all here.
Best Answer
So, it turns out that you can just add TLS directly on the load balancer now, and it'll issue a Let's Encrypt certificate automatically. This is doable via Cloud Console:
No clue why this isn't more well-known.