I have an ingress setup and its working as expected But my doubt is
Guessing you are GKE with running the Nginx ingress controller, and with that you have the IP address exposed publicly. You might be adding domain records to /etcs/hosts and mapping to IP of Loadbalancer from GCP.
You have to use the DNS to map the load balancer IP with your Hostname. Add A record into the DNS server and map to the domain.
example.com 192.168.xx.xx
You read more here about the HTTPS cert creation : https://kubernetes.github.io/ingress-nginx/user-guide/tls/
You ingress will look like
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-service
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
tls:
- hosts:
- example.com
secretName: letsencrypt-staging
rules:
- host: example.com
http:
paths:
- path: /api/users/?(.*)
pathType: Prefix
backend:
service:
name: auth-srv
port:
number: 3000
Read my article if planning to use the cert-manager : https://medium.com/@harsh.manvar111/kubernetes-nginx-ingress-and-cert-manager-ssl-setup-c82313703d0d (article have old API version ingress use above one for ref)
The above one provides the self-signed cert when you will open it in the browser it will throw an error, so would recommend downloading and creating the cert using Cert-manager or Free SSL site.
If you are using the cert-manager it will create the K8s secret in GKE and you have to use this secret with ingress. If downloading from site you have to manually create the K8s secret.
GCP Official ref doc : https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-multi-ssl#secrets
it has all methods mentioned including secret, user-managed, Google managed cert with ingress.
If you are using the Google Cloud Managed cert you can also leverage those and attach to Load Balancer so you will be able to use the HTTPS.
