Kubernetes Ingress SSL certificate

Question

I'm new in k8s and can't get how to use SSL with ingress. Here is my app yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations: {}
  name: app-name
  namespace: default
spec:
  replicas: 2
  selector:
    matchLabels:
      app: app-name
  template:
    metadata:
      labels:
        app: app-name
    spec:
      containers:
        - name: app-name
          image: dockerhub:app-name
          imagePullPolicy: Always
          ports:
            - containerPort: 80
      imagePullSecrets:
        - name: registrypullsecret

And ingress yaml:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: app-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    ingress.kubernetes.io/ssl-redirect: "true"

spec:
  tls:
    - hosts:
      - sub.example.com
      secretName: tls-secret
  rules:
    - host: sub.example.com
      http:
        paths:
          - backend:
              serviceName: app-name
              servicePort: 80
            path: /

And my tls-secret yaml

apiVersion: v1
kind: Secret
metadata:
  name: tls-secret
  namespace: default
data:
  tls.crt: |
    MIIFfD...

  tls.key: |
    MIIEvQ...

My app hosted on DigitalOcean but i use external DNS. I applied tls-secret by

kubectl apply -f tls-secret.yaml

And tried to open app in browser and it still not secured. Browser says that certificate is not valid "Kubernetes Ingress Controller Fake Certificate" Should I do some extra configs or i have mistake in manifests files?

score 0 · Answer 1 · answered May 09 '23 at 08:02

you need to use ingress Controller deployment, RBAC, CRD and a service inorder to work along with what you have mentioned.

Please find the below list of resources needed inorder to expose your application to internet using ingress

Secret (TLS Certs)
Service (Load Balancer)
Configmap(depends on what ingress controller you have used)
Deployment(Ingress Controller) CRD RBAC

Please refer to my answer about ingress controllers in one of other question

How can I identify which ingress controller is installed on my Kubernetes cluster?

Please find the sample load balancer service below and make sure you have installed controller deployment, RBAC and crd

apiVersion: v1
kind: Service
metadata:
  name: nginx-ingress
  namespace: nginx-ingress
spec:
externalTrafficPolicy: Local
type: LoadBalancer
ports:
- port: 80
  targetPort: 80
  protocol: TCP
  name: http
- port: 443
  targetPort: 443
  protocol: TCP
  name: https
selector:
  app: nginx-ingress

Kubernetes Ingress SSL certificate

1 Answers1

Linked