1

By default creating a managed certificate object on GKE creates a managed certificate of type "Load Balancer Authorization". How can I create one with DNS authorization through GKE?

https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs

apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
  name: managed-cert
spec:
  domains:
    - DOMAIN_NAME1
    - DOMAIN_NAME2

I want to add wildcard domains and this only possible with DNS authorization.

How to generate Google-managed certificates for wildcard hostnames in GCP?

s_curry_s
  • 3,332
  • 9
  • 32
  • 47

2 Answers2

1

To create a google managed certificate with DNS Authorization follow this Google official doc and Terraform doc. `

Each DNS authorization stores information about the DNS record that you need to set up and covers a single domain plus its wildcard—for example, example.com and *.example.com.

  • You need to add a domain name and wild card name in the same domain name while creating the certificate.
  • By using the certificate map and certificate Mapping entry, you need to map this domain and wild card domain.
  • Create two certificate map entries one for domain and other for wild card domain. This will help the certificate to be active. You can also refer to this gitlink by fbozic for relevant info

Already a feature request is raised on this for more wild card usage and the Google Product team is working on this.

Hemanth Kumar
  • 2,728
  • 1
  • 4
  • 19
  • This answer is essentially just a collection of links. Can you [edit] it to contain details of what the asker should actually do? Keeping the links as authoritative references is fine, but the answer should be self-contained. – David Maze Apr 07 '23 at 13:30
  • @DavidMaze : Thanks for pointing out this and i have edited my answer with steps OP is seeking for. – Hemanth Kumar Apr 10 '23 at 08:14
1

You won't be able to use the current ManagedCertificate CRD to generate wildcard certificates. Wildcard certificates are only supported by Google Cloud Certificate Manager. ManagedCertificate actually creates the older Google Managed SSL Certificates which do not support wildcards.

Currently, the only supported ways to create wildcard certificates would be via CLI (gcloud), API or Terraform. There is currently no CRD for them available directly in GKE. Also, note that Certificate Manager only integrates with the Gateway API and not with Ingress.

Gari Singh
  • 11,418
  • 2
  • 18
  • 41