Deploy a secure web to Gcp Kubernertes using Ambassador api gateway and Google-managed SSL certificates

In this blog, I will deploy a web app to Google Kubernertes by using

Let’s say that we have a domain named

  1. Create a new k8s cluster using google cloud console and create a new managed certificate in the new cluster

Go to Google Clound Console, Kubernetes Engine, Object Browser, ManagedCertificate to verify

2. Reserve an IP address for your doamin by run this command in Google Cloud Shell

gcloud compute addresses create your-ip-address -name — global

Check your new created IP address and map this address to your DNS.

3. Install ambassador, following is the detail document how to install in your k8s cluster

As in the document, we need to run following commands

Verify your ambassor installation in your Workloads and Service in Cloud Console

4. Install Ingress with Ambassador backend

After install Ingress, you will see that there is a issue in Ingress Backed Service as this picture, we need to config health check to correct this issue.

  • Go to Ingress detail, click a Link in “Backend Services”, search for “Health Check”, click to go detail then Edit it as below

Wait for a while, your Ingress service will be “GREEN” again!

5. Deploy a web and a service to your cluster

6. Allmost done, the last step we map the service (my-service) to ingress by using Ambassador

Congrats! We just finished setup Ambassador + Google Managed SSL in Kubernertes, have fun!

Pursue cloud native applications

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store