How to use TLS/SSL certificate with Nginx ingress controller in Kubernetes
Hello Folk’s, In this tutorial I am going to explain to you how you can use TLS/SSL certificate for your applications and microservices deployed in Kubernetes.
What do you need?
Valid SSL certificate and its private key.
Kubernetes cluster with Nginx ingress controller installed.
Got stuck due to Nginx ingress controller?
You can set up the ingress controller with the following command. This install will Nginx ingress controller in your Kubernetes cluster.
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/cloud/deploy.yaml
If your private is encrypted with a passphrase then you need to decrypt this first for that you can use the following command
openssl rsa -in private-encrypted.key -out out.key -passin pass:password123
What next?
Now after done with all the above prerequisites we need to create the following resources in Kubernetes.
Secrets (which will store the certificate and private key)
ingress (which configure tls for ingress controller and rules)
How to create secrets?
kubectl create secret tls aks-ingress-tls --cert=certificate.crt --key=out.key
Create ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: tls-example-ingress
spec:
tls:
- hosts:
- yourhostname.com
secretName: aks-ingress-tls
rules:
- host: subdomain.yourhostname.com
http:
paths:
- backend:
serviceName: api-service
servicePort: 80
path: /(.*)
Note :- You need to create A record in DNS zone for your subdomain.