Add TLS cert to Bare Metal Kubernetes Ingress

TLS cert to Kubernetes Ingress

If you want to add a certificates to your kubernetes applications hosted in your bare metal kubernetes cluster, you can do it by adding certificates to your ingress. This is for Bare Metal. For AWS and GCE there are other approaches.

Kubernetes handle certificates and username/passwords via kubernetes secrets.

01. Create a TLS secret

You need to have the private key and the public cert. It could be self signed one or CA signed one.

kubectl create secret tls my-tls-cert --key /path/to/tls.key --cert /path/to/tls.crt

02. Add to Ingress

Generic Ingress would be like below. You have to add the secret there.

Please note the I have added the above created tls secred under secretName in the ingress.

You can have multiple secrets where you have one cert for each hostname/subdomain.

Or can have a one single secret where you include a wildcard cert and add that to all your hosts

spec:
  tls:
  - hosts:
    - subdomain1.mydomain.com
    - subdomain2.mydomain.com
    secretName: wildcard-tls-secret
rules:
- host: subdomain1.mydomain.com
  http:
    paths:
    - path: /
      backend:
        serviceName: my-sample1-service
        servicePort: 8080
- host: subdomain1.mydomain.com
  http:
    paths:
    - path: /
      backend:
        serviceName: my-sample2-service
        servicePort: 8080

Thats all folks. Happy coding. Cheers!!!