loading...

GKE : use local domain (OSX)

gaelleacas profile image Khaly DeThylis ・1 min read

I have a GKE cluster & I want to try ingress with a fake localhost dns like https://main.local

set a local dns to your ingress external IP

/etc/hosts :

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1   localhost docker.for.mac.localhost
255.255.255.255 broadcasthost
::1             localhost

xx.xxx.xxx.xx   main.local

Generate SSL cert with letsencrypt:

e.g : ssl for https://main.local

openssl req -x509 -out main.crt -keyout main.key \
  -newkey rsa:2048 -nodes -sha256 \
  -subj '/CN=main.local' -extensions EXT -config <( \
   printf "[dn]\nCN=main.local\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:main.local\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

Create Secret TLS on your K8S cluster

kubectl create secret tls tls-main --key main.key --cert main.crt

Put it in your Ingress

here I use Contour proxy

main-route.yaml :

apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
  name: main-httpproxy
  namespace: default
spec:
  virtualhost:
    fqdn: main.local
    tls:
      secretName: tls-main
  routes:
    - services:
        - name: myservice
          port: 80

Set cert trust on OSX

  • Launch Application/Utilities/Keychain Access.app & upload your main.crt

  • set trusted always

see tuto

Discussion

pic
Editor guide