Deploy a secure web to Gcp Kubernertes using Ambassador api gateway and Google-managed SSL certificates
In this blog, I will deploy a web app to Google Kubernertes by using
- Google managed ssl certificates https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
- Ambassador Api Gateway https://www.getambassador.io/
Let’s say that we have a domain named your-domain.com.
- Create a new k8s cluster using google cloud console and create a new managed certificate in the new cluster
Go to Google Clound Console, Kubernetes Engine, Object Browser, ManagedCertificate to verify
2. Reserve an IP address for your doamin by run this command in Google Cloud Shell
gcloud compute addresses create your-ip-address -name — global
Check your new created IP address and map this address to your DNS.
3. Install ambassador, following is the detail document how to install in your k8s cluster
The Ambassador API Gateway | Ambassador
The Ambassador Edge Stack is now available and includes additional functionality beyond the current Ambassador API…
As in the document, we need to run following commands
Verify your ambassor installation in your Workloads and Service in Cloud Console
4. Install Ingress with Ambassador backend
After install Ingress, you will see that there is a issue in Ingress Backed Service as this picture, we need to config health check to correct this issue.
- Go to Ingress detail, click a Link in “Backend Services”, search for “Health Check”, click to go detail then Edit it as below
Wait for a while, your Ingress service will be “GREEN” again!
5. Deploy a web and a service to your cluster
6. Allmost done, the last step we map the service (my-service) to ingress by using Ambassador
Congrats! We just finished setup Ambassador + Google Managed SSL in Kubernertes, have fun!