This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

How to setup HTTPS for my GKE application?

Posted on 12-08-2023 01:51 AM
zircoid
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

i went through all the steps in a tutorial provided by google cloud to setup a Kubernetes application.

My application has Fast Api for backend with React frontend.

My domain is in SquareSpace and i connected it using nameservers and handled the www subdomain and A type DNS connection in google cloud.

everything works perfectly but the problem is that browsers and anti virus software give me a warning about lack of security when i try to connect to my site.

I assume its because i don't have HTTPS set up.

How do i integrate https with what i have now without a hassle?

here is how i set up my application, i followed a tutorial provided by GCP called :

deploy containerised web applications (Google Cloud console

first i cloned my project with cloud shell:

git clone -b responsive https://github.com/myproj.git

created an artifact in my preferred region:

gcloud artifacts repositories \
    create ${REPO_NAME} \
    --repository-format=docker \
    --location=${REGION} \
    --description="Docker \
    repository"

used docker-compose to create my frontend and backend:

docker-compose build backend reactapp

here is both images along with their docker-compose file:

#replacing the real port with frontend_port

FROM node:21-alpine3.17

WORKDIR /reactapp

RUN mkdir build

RUN npm install -g serve

COPY ./build ./build

EXPOSE ${FRONT_END_PORT}

CMD ["serve","-s","build","-l",${FRONT_END_PORT}]

backend:

#replacing the real port with backend_port

FROM pytorch/pytorch:2.1.0-cuda12.1-cudnn8-runtime

WORKDIR /dogApp

COPY ./requirements.txt .

RUN pip install -r requirements.txt

COPY . .

EXPOSE ${BACK_END_PORT}

CMD ["python", "-m", "uvicorn", "server:app", "--proxy-headers","--host" ,"0.0.0.0"]

docker-compose :

version: '3.3'
services:
  dogserver:
    build: ./CapstoneApp
    container_name: dogServer_C1
    image: ${REGION}-docker.pkg.dev/${PROJECT_ID}/${REPO_NAME}/${DOG_IMAGE_NAME}:${IMAGE_VERSION}
    ports:
      - ${BACK_END_PORT}: ${BACK_END_PORT}
  reactapp:
    build: ./CapstoneApp/reactapp
    container_name: reactApp_C1
    image: ${REGION}-docker.pkg.dev/${PROJECT_ID}/${REPO_NAME}/${REACT_IMAGE_NAME}:${IMAGE_VERSION}
    ports:
       - ${FRONT_END_PORT}: ${FRONT_END_PORT}

after this, i use docker push :

gcloud services enable \
    artifactregistry.googleapis.com

gcloud auth configure-docker \
    ${REGION}-docker.pkg.dev

docker push \
    ${REGION}-docker.pkg.dev/${PROJECT_ID}/${REPO_NAME}/${DOG_IMAGE_NAME}:v1

docker push \
    ${REGION}-docker.pkg.dev/${PROJECT_ID}/${REPO_NAME}/${REACT_IMAGE_NAME}:v1

 

create a cluster and deploy:

gcloud container clusters create ${CLUSTER_NAME} --num-nodes=1

kubectl create deployment ${REACT_IMAGE_NAME} --image=${REGION}-docker.pkg.dev/${PROJECT_ID}/${REACT_IMAGE_NAME}/${REACT_IMAGE_NAME}:v1

kubectl create deployment ${DOG_IMAGE_NAME} --image=${REGION}-docker.pkg.dev/${PROJECT_ID}/${DOG_IMAGE_NAME}/${DOG_IMAGE_NAME}:v1

Lastly, i expose a backend port and a front end port:

kubectl expose deployment \
    ${DOG_IMAGE_NAME} \
    --name=dog-app-service \
    --type=LoadBalancer --port 80 \
    --target-port ${BACK_END_PORT} \
	--load-balancer-ip ${BACK_END_IP}
    
	
kubectl expose deployment \
    ${REACT_IMAGE_NAME} \
    --name=react-app-service \
    --type=LoadBalancer --port 80 \
    --target-port ${FRONT_END_PORT} \
	--load-balancer-ip ${FRONT_END_IP}  \
	--protocol=TCP

 

 So given this set up, how do i integrate HTTPS into my application?

i tried looking into SSL managed by google but i couldn't understand how to set it up with my application.

 

I hope you guys can help me. I really appreciate it. Thank you.

0 1 3,464
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
Marvin_Lucero
Staff
Reply posted on --/--/---- --:-- AM

Hi @zircoid ,

Based from the setup that you shared, it seems you are missing an Ingress resource. You need to create an Ingress resource to manage external access to your services. This is where you will configure SSL termination. You may refer to the YAML below:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: ${STATIC_IP_NAME}
networking.gke.io/managed-certificates: ${SSL_CERT_NAME}
spec:
rules:
- host: yourdomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: react-app-service
port:
number: 80
- path: /api
pathType: Prefix
backend:
service:
name: dog-app-service
port:
number: 80

 Then after this, create a Google-managed certificate SSL certificate.

gcloud beta compute ssl-certificates create ${SSL_CERT_NAME} \ --domains=yourdomain.com

Reserve a static external IP address that you will use for your load balancer. After that, update your DNS records to point to the reserved static IP address.

gcloud compute addresses create ${STATIC_IP_NAME} \ --global

Make sure that you apply the changes to your Kubernetes cluster and wait for the load balancer to be provisioned.

kubectl apply -f your-ingress-file.yaml


 

0 Likes
Top Labels in this Space