Configuring HTTPS Certificates for Nginx Ingresses
HTTPS certificates can be configured for ingress to provide security services.
- Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
- Ingress supports two TLS key types: kubernetes.io/tls and IngressTLS. IngressTLS is used as an example. For details, see Creating a Secret. For details about examples of the kubernetes.io/tls secret and its description, see TLS Secret.
Run the following command to create a YAML file named ingress-test-secret.yaml (the file name can be customized):
vi ingress-test-secret.yaml
The YAML file is configured as follows:apiVersion: v1 data: tls.crt: LS0******tLS0tCg== tls.key: LS0tL******0tLS0K kind: Secret metadata: annotations: description: test for ingressTLS secrets name: ingress-test-secret namespace: default type: IngressTLS
In the preceding information, tls.crt and tls.key are only examples. Replace them with the actual files. The values of tls.crt and tls.key are Base64-encoded.
- Create a secret.
kubectl create -f ingress-test-secret.yaml
If information similar to the following is displayed, the secret is being created:
secret/ingress-test-secret created
View the created secret.
kubectl get secrets
If information similar to the following is displayed, the secret has been created:
NAME TYPE DATA AGE ingress-test-secret IngressTLS 2 13s
- Create a YAML file named ingress-test.yaml. The file name can be customized.
vi ingress-test.yaml
For clusters of v1.23 or later:apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: ingress-test namespace: default spec: tls: - hosts: - foo.bar.com secretName: ingress-test-secret # Replace it with your TLS key certificate. rules: - host: foo.bar.com http: paths: - path: / backend: service: name: <your_service_name> # Replace it with the name of your target Service. port: number: <your_service_port> # Replace it with the port number of your target Service. property: ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH pathType: ImplementationSpecific ingressClassName: nginx
For clusters of v1.21 or earlier:apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: ingress-test annotations: kubernetes.io/ingress.class: nginx spec: tls: - hosts: - foo.bar.com secretName: ingress-test-secret # Replace it with your TLS key certificate. rules: - host: foo.bar.com http: paths: - path: '/' backend: serviceName: <your_service_name> # Replace it with the name of your target Service. servicePort: <your_service_port> # Replace 8080 with the port number of your target Service. ingressClassName: nginx
- Create an ingress.
kubectl create -f ingress-test.yaml
If information similar to the following is displayed, the ingress has been created.
ingress/ingress-test created
View the created ingress.
kubectl get ingress
If information similar to the following is displayed, the ingress has been created and the workload is accessible.
NAME HOSTS ADDRESS PORTS AGE ingress-test * 121.**.**.** 80 10s
- Enter https://121.**.**.**:443 in the address box of the browser to access the workload (for example, Nginx workload).
121.**.**.** indicates the IP address of the unified load balancer.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot