On this page

Show all

Configuring an HTTPS Certificate for an Nginx Ingress

Updated on 2024-11-11 GMT+08:00

HTTPS certificates can be configured for ingresses to provide security services.

  1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
  2. Ingress supports two TLS secret types: kubernetes.io/tls and IngressTLS. IngressTLS is used as an example. For details, see Creating a Secret. For details about examples of the kubernetes.io/tls secret and its description, see TLS secrets.

    Create a YAML file named ingress-test-secret.yaml. The file name can be customized.

    vi ingress-test-secret.yaml
    The YAML file is configured as follows:
    apiVersion: v1
    data:
      tls.crt: LS0******tLS0tCg==
      tls.key: LS0tL******0tLS0K
    kind: Secret
    metadata:
      annotations:
        description: test for ingressTLS secrets
      name: ingress-test-secret
      namespace: default
    type: IngressTLS
    NOTE:

    In the preceding information, tls.crt and tls.key are only examples. Replace them with the actual files. The values of tls.crt and tls.key are Base64-encoded.

  3. Create a secret.

    kubectl create -f ingress-test-secret.yaml

    If information similar to the following is displayed, the secret has been created:

    secret/ingress-test-secret created

    Check the created secret.

    kubectl get secrets

    If information similar to the following is displayed, the secret has been created:

    NAME                         TYPE                                  DATA      AGE
    ingress-test-secret          IngressTLS                            2         13s

  4. Create a YAML file named ingress-test.yaml. The file name can be customized.

    vi ingress-test.yaml
    For clusters of v1.23 or later:
    apiVersion: networking.k8s.io/v1
    kind: Ingress 
    metadata: 
      name: ingress-test
      namespace: default
    spec:
      tls: 
      - hosts: 
        - foo.bar.com
        secretName: ingress-test-secret  # Replace it with your TLS key certificate.
      rules:
        - host: foo.bar.com
          http:
            paths:
              - path: /
                backend:
                  service:
                    name: <your_service_name>  # Replace it with the name of your target Service.
                    port:
                      number: <your_service_port>  # Replace it with the port number of your target Service.
                property:
                  ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                pathType: ImplementationSpecific
      ingressClassName: nginx
    For clusters of v1.21 or earlier:
    apiVersion: networking.k8s.io/v1beta1
    kind: Ingress 
    metadata: 
      name: ingress-test
      annotations: 
        kubernetes.io/ingress.class: nginx
    spec:
      tls: 
      - hosts: 
        - foo.bar.com
        secretName: ingress-test-secret   # Replace it with your TLS key certificate.
      rules: 
      - host: foo.bar.com
        http: 
          paths: 
          - path: '/'
            backend: 
              serviceName: <your_service_name>  # Replace it with the name of your target Service.
              servicePort: <your_service_port>  # Replace it with the port number of your target Service.
      ingressClassName: nginx

  5. Create an ingress.

    kubectl create -f ingress-test.yaml

    If information similar to the following is displayed, the ingress has been created:

    ingress/ingress-test created

  6. Check the created ingress.

    kubectl get ingress

    If information similar to the following is displayed, the ingress has been created:

    NAME          CLASS   HOSTS     ADDRESS          PORTS   AGE
    ingress-test  nginx   *         121.**.**.**     80      10s

  7. Enter https://121.**.**.**:443 in the address box of the browser to access the workload (for example, Nginx workload).

    121.**.**.** indicates the IP address of the unified load balancer.

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback