Skip to content

2024

What I learned in 2024.

2024-07-05

GKE Gateway vs Ingress

Requirement

  1. *.rammus.comhttp://dev.eslite.com/ + GKE
    1. free cert + auto renew + IaC
  2. GCP LB -> GKE service
    1. enable CDN, WAF
  3. img.rammus.comhttp://dev.eslite.com/ -> GKE service → GCS
    1. enable CDN

Study:

  1. GKE gateway 不能用 CDN, 可以用 armor
    1. https://cloud.google.com/kubernetes-engine/docs/how-to/gatewayclass-capabilities
    2. how: https://mile.cloud/zh/resources/blog/GCP-Certificate-Manager-WildCard-Cert-with-GKE-Gateway_705
  2. GKE ingress 才能用 armor + CDN
    1. https://cloud.google.com/load-balancing/docs/https#backend-service
  3. GKE ingress + wildcard certificate
    1. 不能用 CRD: ManagedCertificate https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs#limitations ,這會做成舊版的 SSL certificate
    2. 要用 dns-auth https://cloud.google.com/certificate-manager/docs/deploy-google-managed-dns-auth#create-cert-dns-auth
  4. (optional) GKE ingress + cert-manager(Let's Encrypt),要用以下兩篇教學
    1. https://cert-manager.io/docs/tutorials/getting-started-with-cert-manager-on-google-kubernetes-engine-using-lets-encrypt-for-ingress-ssl/
    2. https://cert-manager.io/docs/tutorials/acme/dns-validation/