Add TLS cert to Bare Metal Kubernetes Ingress

TLS cert to Kubernetes Ingress

If you want to add a certificates to your kubernetes applications hosted in your bare metal kubernetes cluster, you can do it by adding certificates to your ingress. This is for Bare Metal. For AWS and GCE there are other approaches.

Kubernetes handle certificates and username/passwords via kubernetes secrets.

You need to have the private key and the public cert. It could be self signed one or CA signed one.

kubectl create secret tls my-tls-cert --key /path/to/tls.key --cert /path/to/tls.crt

Generic Ingress would be like below. You have to add the secret there.

Please note the I have added the above created tls secred under secretName in the ingress.

You can have multiple secrets where you have one cert for each hostname/subdomain.

Or can have a one single secret where you include a wildcard cert and add that to all your hosts

spec:
tls:
- hosts:
- subdomain1.mydomain.com
- subdomain2.mydomain.com
secretName: wildcard-tls-secret
rules:
- host: subdomain1.mydomain.com
http:
paths:
- path: /
backend:
serviceName: my-sample1-service
servicePort: 8080
- host: subdomain1.mydomain.com
http:
paths:
- path: /
backend:
serviceName: my-sample2-service
servicePort: 8080

Thats all folks. Happy coding. Cheers!!!

https://www.linkedin.com/in/mcvidanagama