I have a GKE cluster which run a java spring boot docker image on port 80. I have exposed it as a load balancer with multiple port mapping like 80 -> 80 and 443 -> 80.
I can see both the http and https URL's under service but I can only access my service on http port but cant access on https. I am getting "This site can’t provide a secure connection."
I know I need to put a certificate on this load balancer to expose on https and I have a google managed cert.
My problem is I am not getting how do I install this certificate on load balancer so that I can access my application on https as well.
SInce you are using GKE ingress with a google managed certificate, you don't need to manually configure it in the loadbalancer, it can be done by the ingress.
In the oficial documentation you can verify all the steps to make it work.
There are 2 pre-requisites:
You can create a certificate using the following yaml:
apiVersion: networking.gke.io/v1beta2
kind: ManagedCertificate
metadata:
name: certificate-name
spec:
domains:
- domain-name1
And create a service as NodePort to your application, for example:
apiVersion: v1
kind: Service
metadata:
name: service-name
spec:
selector:
key: value
type: NodePort
ports:
- protocol: TCP
port: 80
targetPort: 8080
And finally you can create the ingress using the example below:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-name
annotations:
kubernetes.io/ingress.global-static-ip-name: address-name
networking.gke.io/managed-certificates: certificate-name
spec:
backend:
serviceName: service-name
servicePort: service-port
If you want to migrate self-certificate to google managed certificate you can follow this steps