How Do I Obtain a TLS Key Certificate?
Scenario
If your ingress needs to use HTTPS, you must configure a secret of the IngressTLS or kubernetes.io/tls type when creating an ingress.
Create an IngressTLS key certificate, as shown in Figure 1.
The certificate file to be uploaded must match the private key file. Otherwise, the certificate file becomes invalid.
Solution
Generally, you need to obtain a valid certificate from the certificate provider. If you want to use it in the test environment, you can create a certificate and private key by the performing the following steps.
Self-created certificates apply only to test scenarios. Such certificates are invalid and will affect browser access. Manually upload a valid one to ensure secure connections.
- Generate a tls.key.
openssl genrsa -out tls.key 2048
The command will generate a private tls.key in the directory where the command is executed.
- Generate a certificate using the private tls.key.
openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/O=Devops/CN=example.com -days 3650
The generated key must be in the following format:
----BEGIN RSA PRIVATE KEY----- ........................................................... -----END RSA PRIVATE KEY-----
The generated certificate must be in the following format:
-----BEGIN CERTIFICATE----- ................................................................ -----END CERTIFICATE-----
- Import the certificate.
When creating a TLS secret, import the certificate and private key file to the corresponding location.
Verification
Using a browser to access the ingress is successful. However, the certificate and secret are not issued by CA and the address bar shows the connection to nginx is not secure.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
