Add TLS cert to Bare Metal Kubernetes Ingress
If you want to add a certificates to your kubernetes applications hosted in your bare metal kubernetes cluster, you can do it by adding certificates to your ingress. This is for Bare Metal. For AWS and GCE there are other approaches.
Kubernetes handle certificates and username/passwords via kubernetes secrets.
01. Create a TLS secret
You need to have the private key and the public cert. It could be self signed one or CA signed one.
kubectl create secret tls my-tls-cert --key /path/to/tls.key --cert /path/to/tls.crt
02. Add to Ingress
Generic Ingress would be like below. You have to add the secret there.
Please note the I have added the above created tls secred under secretName in the ingress.
You can have multiple secrets where you have one cert for each hostname/subdomain.
Or can have a one single secret where you include a wildcard cert and add that to all your hosts
spec:
tls:
- hosts:
- subdomain1.mydomain.com
- subdomain2.mydomain.com
secretName: wildcard-tls-secret
rules:
- host: subdomain1.mydomain.com
http:
paths:
- path: /
backend:
serviceName: my-sample1-service
servicePort: 8080
- host: subdomain1.mydomain.com
http:
paths:
- path: /
backend:
serviceName: my-sample2-service
servicePort: 8080
Thats all folks. Happy coding. Cheers!!!