2

https://github.com/kubernetes-retired/contrib/tree/master/ingress/controllers/nginx/examples/tls

I've tried to configure https for my ingress resource by this tutorial. I've done all the needed steps, but when I try to go to my site it send me:

enter image description here

Should I do some additional steps?

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
spec:
  rules:
  - host: www.domain.com
    http:
      paths:
      - backend:
          serviceName: front-end-service
          servicePort: 80
        path: /
  - host: www.domain.com
    http:
      paths:
      - backend:
          serviceName: back-end-service
          servicePort: 3000
        path: /api
  tls:
  - hosts:
    - www.domain.com
    secretName: my-sectet

Sectet which I've created exist . I've checked it by using this command kubectl get secrets and name the same like I use in ingress resource.

If you need additiona info , pls let me know

Travis Webb
  • 14,688
  • 7
  • 55
  • 109
Andrey Radkevich
  • 3,012
  • 5
  • 25
  • 57
  • 1
    Your link provides for self-signed certificates. These certificate types will always generate a browser error. If you want your service to be public, you must either purchase an SSL certificate or use Let's Encrypt to generate one. Look into Cert Manager or other Let's Encrypt tools for K8s https://docs.cert-manager.io/en/latest/ – John Hanley Nov 03 '19 at 16:48
  • hi, do you want to use self generated certificate or are you open to get a new one generated ? – Tushar Mahajan Nov 04 '19 at 06:08

2 Answers2

1

As mentioned in the comments, this tutorial is guiding you through setting up a self-signed certificate, which is not trusted by your browser. You would need to provide a cert your browser trusts or temporarily ignore the error locally. LetsEncrypt is an easy and free way to get a real cert, and cert-manager is a way to do that via Kubernetes.

coderanger
  • 52,400
  • 4
  • 52
  • 75
1

If you are open to use jetstack then you can refer this for installation via helm chart and thereafter following the steps in this stackoverflow post, you can get this done with a secure connection.

Jetstack will create the secret patched to ingress tls itself and just check the status of certificate once you map the secret name with ingress rule, there certificate should attain ready state.

Tushar Mahajan
  • 2,044
  • 1
  • 7
  • 18