Skip to content

Deploying a Production-Grade Demo Platform on Google Kubernetes Engine with HTTPS, Cloud SQL and Google Cloud Certificate Manager

Modern cloud-native applications require far more than simply deploying containers. A production-ready environment must provide scalability, security, automation, observability and operational simplicity.

Recently, I deployed a complete demonstration environment for the Happid Platform on Google Cloud Platform (GCP) using Kubernetes, managed networking and Cloud SQL. This project illustrates the type of cloud engineering work I deliver for organizations modernizing their infrastructure.

Project Objectives

The goal was to build an isolated demonstration environment while keeping production untouched.

The platform includes:

  • Backend API (Symfony / API Platform)
  • Progressive Web Application (PWA)
  • Mailpit instance
  • Redis
  • Cloud SQL MySQL
  • Google Kubernetes Engine (GKE)
  • HTTPS with managed certificates
  • Automated deployment through GitLab CI/CD

The environment had to be accessible publicly while remaining secure and easy to maintain.

Architecture

The infrastructure relies entirely on managed Google Cloud services.

Core components include:

  • Google Kubernetes Engine (Autopilot)
  • Gateway API
  • Global HTTP(S) Load Balancer
  • Google Certificate Manager
  • Cloud DNS
  • Cloud SQL for MySQL
  • Secret Manager
  • Artifact Registry
  • GitLab CI/CD
  • Cloud Storage

This architecture minimizes operational overhead while benefiting from Google’s managed networking stack.

Kubernetes Deployment

Applications were deployed as Kubernetes Deployments with dedicated Services.

Components include:

  • API Platform
  • Worker
  • PWA
  • Mailpit
  • Redis

Configuration was externalized through Kubernetes Secrets and ConfigMaps, making deployments repeatable across environments.

Secure HTTPS with Google Certificate Manager

One of the most interesting parts of this deployment involved configuring managed SSL certificates.

Domains included:

  • demo.happid.pidpp.fr
  • mailpit.demo.happid.pidpp.fr

The setup required:

  • Creating managed certificates
  • Creating Certificate Maps
  • Creating Certificate Map Entries
  • Attaching certificates to the Gateway
  • DNS validation
  • Global Load Balancer configuration

Certificate provisioning remained in the AUTHORIZING state until every networking component was correctly attached.

Once the Gateway became fully operational, Google automatically validated domain ownership and activated the certificates.

Both endpoints are now served through HTTPS with automatically renewed Google-managed certificates.

Gateway API

Instead of the traditional Kubernetes Ingress, this platform uses the newer Gateway API.

Benefits include:

  • Better routing model
  • Native support for Google Cloud Load Balancer
  • HTTP and HTTPS listeners
  • Host-based routing
  • Future-proof architecture

HTTPRoutes expose the applications while allowing centralized traffic management.

Cloud SQL Integration

The backend connects to Google Cloud SQL using dedicated application credentials stored securely in Secret Manager.

The deployment also required:

  • Environment isolation
  • Secret synchronization
  • Database migration
  • Production data import into the demo environment

During testing, a database dump initially recreated the original production database name.

The import process was adapted so the production data could safely populate the demo database without changing application configuration.

Secret Management

Sensitive information is stored in Google Secret Manager.

Examples include:

  • Database credentials
  • Encryption passphrase
  • JWT secrets
  • Redis credentials
  • Mail configuration

Secrets are synchronized into Kubernetes, allowing applications to consume them without embedding credentials inside container images.

Troubleshooting Real Production Scenarios

Real cloud engineering often consists of solving infrastructure issues rather than writing YAML files.

During this deployment, several production-like problems had to be investigated.

Examples include:

Certificate provisioning stuck

Managed certificates remained in the PROVISIONING state.

Root cause analysis involved:

  • DNS validation
  • Gateway configuration
  • Certificate Maps
  • HTTPS listeners
  • Load Balancer health

Eventually the certificate transitioned successfully to ACTIVE.

Cloud Armor policy issue

The Gateway initially failed to become programmed because a referenced Cloud Armor policy no longer existed.

After recreating the missing security policy and forcing reconciliation, the Gateway completed its provisioning successfully.

Secret synchronization

An accidental deletion of the Kubernetes secret caused application startup failures.

Pods entered:

  • CreateContainerConfigError

The secret was recreated directly from Secret Manager before restarting the affected Deployments.

Database synchronization

Production data was exported, transformed and imported into the demonstration environment.

Particular attention was paid to:

  • Database naming
  • Application configuration
  • Kubernetes secrets
  • Environment variables

This ensured the demo remained isolated while containing realistic production data.

Continuous Delivery

Application updates are delivered automatically through GitLab CI/CD.

The pipeline performs:

  • Image build
  • Artifact Registry push
  • Kubernetes deployment
  • Secret management
  • Rolling updates

This enables rapid, repeatable deployments with minimal downtime.

Technologies Used

Cloud

  • Google Cloud Platform
  • Google Kubernetes Engine
  • Cloud SQL
  • Cloud DNS
  • Certificate Manager
  • Secret Manager
  • Artifact Registry
  • Cloud Storage

Containers

  • Docker
  • Kubernetes
  • Gateway API
  • HTTPRoute

CI/CD

  • GitLab CI/CD

Application

  • Symfony
  • API Platform
  • PHP
  • Redis
  • MySQL

Networking

  • Global HTTP(S) Load Balancer
  • Managed SSL
  • DNS
  • TLS

Security

  • Secret Manager
  • Google-managed certificates
  • Kubernetes Secrets

Results

The final platform provides:

  • Fully functional HTTPS endpoints
  • Automatic SSL certificate renewal
  • Secure secret management
  • Production-like database
  • Automated deployment pipeline
  • Kubernetes-native architecture
  • Isolated demonstration environment

The platform is now ready for demonstrations, functional validation and future feature development without impacting production.

Final Thoughts

Deploying modern cloud-native platforms requires expertise across infrastructure, networking, Kubernetes, databases, security and automation.

This Happid demonstration environment illustrates the complete lifecycle of a cloud engineering project from infrastructure provisioning and certificate management to production data migration and troubleshooting.

These are exactly the kinds of challenges I help organizations solve every day when building secure, scalable and reliable cloud platforms.