Configuring an HTTPS Certificate for an Nginx Ingress
HTTPS certificates can be configured for ingresses to provide security services.
- Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
- Ingress supports two TLS secret types: kubernetes.io/tls and IngressTLS. IngressTLS is used as an example. For details, see Creating a Secret. For details about examples of the kubernetes.io/tls secret and its description, see TLS secrets.
Create a YAML file named ingress-test-secret.yaml. The file name can be customized.
vi ingress-test-secret.yamlThe YAML file is configured as follows:
apiVersion: v1data:tls.crt: LS0******tLS0tCg==tls.key: LS0tL******0tLS0Kkind: Secretmetadata:annotations:description: test for ingressTLS secretsname: ingress-test-secretnamespace: defaulttype: IngressTLSNoteIn the preceding information, tls.crt and tls.key are only examples. Replace them with the actual files. The values of tls.crt and tls.key are Base64-encoded.
- Create a secret.kubectl create -f ingress-test-secret.yaml
If information similar to the following is displayed, the secret has been created:
secret/ingress-test-secret createdCheck the created secret.
kubectl get secretsIf information similar to the following is displayed, the secret has been created:
NAME TYPE DATA AGEingress-test-secret IngressTLS 2 13s - Create a YAML file named ingress-test.yaml. The file name can be customized.vi ingress-test.yaml
For clusters of v1.23 or later:
apiVersion: networking.k8s.io/v1kind: Ingressmetadata:name: ingress-testnamespace: defaultspec:tls:- hosts:- example.comsecretName: ingress-test-secret # Replace it with your TLS key certificate.rules:- host: example.comhttp:paths:- path: /backend:service:name: <your_service_name> # Replace it with the name of your target Service.port:number: <your_service_port> # Replace it with the port number of your target Service.property:ingress.beta.kubernetes.io/url-match-mode: STARTS_WITHpathType: ImplementationSpecificingressClassName: nginxFor clusters of v1.21 or earlier:
apiVersion: networking.k8s.io/v1beta1kind: Ingressmetadata:name: ingress-testannotations:kubernetes.io/ingress.class: nginxspec:tls:- hosts:- example.comsecretName: ingress-test-secret # Replace it with your TLS key certificate.rules:- host: example.comhttp:paths:- path: '/'backend:serviceName: <your_service_name> # Replace it with the name of your target Service.servicePort: <your_service_port> # Replace it with the port number of your target Service. - Create an ingress.kubectl create -f ingress-test.yaml
If information similar to the following is displayed, the ingress has been created:
ingress/ingress-test created - Check the created ingress.kubectl get ingress
If information similar to the following is displayed, the ingress has been created:
NAME CLASS HOSTS ADDRESS PORTS AGEingress-test nginx example.com 80,443 10s - Enter https://example.com in the address box of the browser to access the workload (for example, Nginx workload).
Replace example.com with your domain name.